MCTSi Exam 70-577

Windows Embedded Standard 2009 Preparation Kit Certification Exam Preparation Automation

Not for resale. ii Table of Contents Contents a Glance

1 Creating and Customizing the Configuration 2 Managing the Development Environment 3 Integrating Embedded Enabling Features 4Creating Components 5 Generating and Deploying an Image 6 Adding Windows Functionality Chapter 3 Integrating Embedded Enabling Features

This chapter discusses ® Windows Embedded Standard 2009 Embedded Enabling Features (EEFs), which are components that address scenarios specific to embedded devices, such as deploying run- images on read-only media, managing and updating your device remotely, and mass deployment.

Exam objectives in this chapter: ■ Implement Device Update Agent (DUA) ■ Implement a USB Boot solution ■ Implement (EWF) ■ Implement File Based Write Filter (FBWF) ■ Implement Message Box Default Reply

Before You Begin To complete the lessons in this chapter you need the following: ■ Windows Embedded Studio for Windows Embedded Standard 2009 installed. ■ Completed Chapters 1 and 2. ■ The configuration you created in Chapter 1.

73 74 Chapter 3 Integrating Embedded Enabling Features

Lesson 1: Implement DUA The DUA component enables you to remotely update the run-time image of your Windows Embedded Standard 2009 devices. It is a service that runs on your device and processes a script that performs update and maintenance operations. DUA is useful for updating Windows Embedded Standard 2009 images, and is a small component with few dependencies. With DUA, you can update applications or application data, deploy new binaries and device drivers, make registry changes, and automate cleanup and management tasks.

After this lesson, you will be able to: ■ Add and configure DUA in your image configuration. ■ Understand and be able to create a device update script. ■ Deploy a DUA run-time image. ■ Reconfigure the DUA engine on a remote device. Estimated lesson time: 30 minutes.

Adding the DUA Component to the Configuration DUA is a component that gives your run-time image the ability to remotely update itself. To enable this functionality, you need to add DUA to your configuration and configure it so that it can poll a defined location for updates.

Adding the DUA Component To add the DUA component to your configuration, locate the Device Update Agent component in Target Designer’s browser under Software>System>Management> Infrastructure, and add it to your configuration. To test and manage DUA on your device, add the Event Log component that is located under Software>System> Management>Applications in component browser, and the Registry Editor component that is located under Software>System>User Interface>Shells>Windows Shell. At this point check dependencies before you configure DUA .

Configuring the DUA Component Because DUA runs as a service on your device and polls a specified location for updates, you must configure it to poll the location containing the updates, as well as its startup and runtime parameters. DUA has a number of other configurable settings, for example, specifying account permissions for the service, poll interval and Lesson 1: Implement DUA 75

jitter ( at random time in the poll interval) for polling a Web site or media, environment variables, and the working directory.

Device Update Script DUA uses an executable compiled by the Device Update Script Compiler (Dusc.exe) from a custom script (.dus file) that you create. Before running Dusc.exe, you must register the Duscaut.dll file by running duscaut.dll at a command prompt. These files are located on your development computer under the[drive]\Program Files\Windows Embedded\bin directory. Note that on a system Dusc.exe must be run with administrator permissions. The script itself is composed using a set of 17 predefined commands, as shown in Table 3-1. In the script, you use the command number or its name and an array of arguments. After you create your update command script, run the script compiler to create the command file (.dup file) that is placed in the polling location specified in the DUA settings, along with the files that need to be applied to the image as part of the update.

Table 3-1 Device Update Script Commands Command Ordinal Description Reboot 1 Shut down and restart the system Delay 2 Suspend execution Execute 3 Execute new process—specified context CreateDirectory 4 Create a new directory RemoveDirectory 5 Remove an existing directory SetFileAttributes 6 Sets the attributes of a file CopyFile 7 existing file to a new file DeleteFile 8 Delete existing file RegCreateKey 9 Create a key in the registry RegDeleteKey 10 Delete an existing registry key RegSetValue 11 Set data and for a specified registry value RegDeleteValue 12 Remove a named value from a specified key 76 Chapter 3 Integrating Embedded Enabling Features

Table 3-1 Device Update Script Commands (Continued) Command Ordinal Description RegSaveKey 13 Saves a key and sub keys to a specified file RegRestoreKey 14 Restore registry key from a file ExecuteProcess 15 Execute new process HTTPGet 16 Read and retrieve a remote file via HTTP(S) MoveFile 17 existing file to a new location

Script Editing Use a simple text editor such as notepad.exe to create and modify DUA scripts. You can also use the DUAScriptGen tool from http://www.codeplex.com/duascriptgen. This tool provides a GUI to you create DUA scripts. It was specifically created to make scripting DUA files for security updates easier. Mike Hall and Aaron Stebner originally created the tool. It has since been published via Codeplex. DUA scripts follow the command syntax described in Table 3-1. For example, to delay 10 seconds, create a c:\UpdatesDUA directory, and restart the system, you can use the following script:

2,0,10 4,,,C:\UpdatesDUA 1,,DAREBOOTOPT_REBOOT

To carry out tasks that go beyond the available commands, you can execute additional programs and, if the programs support it, pass command-line parameters by using the DUA Execute command.

Runtime Reconfiguration It is possible to initially deploy DUA with default settings and then reconfigure it by using a DUA script. This is useful if you need to change frequency, update source, or other similar settings. For example, to change the polling location, you can use the following script:

//Delete existing poll location registry value 10,0,HKEY_LOCAL_MACHINE,,System\CurrentControlSet\Services\DUAgent\Parameters\Config\Session s\0000

//New registry key Lesson 1: Implement DUA 77

9,0,HKEY_LOCAL_MACHINE,,System\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessions \0000,0

//Specify polling location and type 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,Type,4,1

//Set remote host to CustomHost 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,HostName,1,CustomHost

//Set the host port to 80 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,HostPort,4,80

//Set the protocol to HTTP (0) 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,Protocol,4,0

Lesson Summary The DUA component enables you to configure updates for your device. The DUA component includes an executable that runs as a service on the device and parses a file that you create by writing a script that outlines the actions it takes to perform the update. After you create the command script, compile it by using the Device Update Script Compiler to produce the executable file, which you then deploy to the device.

Quick Check 1. What operations can be performed through the DUA services? 2. How do you reconfigure DUA on a running device?

Quick Check Answers 1. Update applications or application data. Deploy new binaries, device drivers, or registry changes. Automate cleanup and management tasks. Change the DUA polling time. 2. Create a script to manipulate the registry on the device and reconfigure DUA by changing its registry values. 78 Chapter 3 Integrating Embedded Enabling Features

Lesson 2: Implement a USB Boot Solution USB devices are readily available and provide a cost-effective alternative to various boot media such as compact flash, or even or DVD. The high speed capabilities of USB 2.0 opened the door to from USB storage for Windows Embedded Standard 2009 devices. Starting from USB in the case of Windows Embedded Standard 2009 means starting from USB mass storage media, popularly known as Disk on Key (DoK), but not from CD or DVD USB drives.

After this lesson, you will be able to: ■ Define the requirements for booting your device from a USB storage device. ■ Prepare the USB device. ■ Prepare your image for starting from USB. Estimated lesson time: 15 minutes.

USB Boot Requirements First, your device needs to have USB 2.0 high speed support and the BIOS must support INT 13H. Because the NT loader, NTLDR, makes calls to INT 13H to access the disk on your device, the BIOS on your device must support these calls to INT 13H by complying with BIOS Enhanced Disk Drive Services 2 specifications and USB Mass Storage Specification for bootability. Only USB 2.0 high speed storage devices are supported, so make sure your USB device has a minimum write speed of 9 MB/sec and single-level cell not-and (SLC NAND) flash memory, which provides high performance and long time reliability. The USB mass storage media must have a bootable partition and be formatted. There are several caveats with booting from USB mass storage media. Hibernation is not supported; therefore, Enhanced Write Filter Hibernate Once/Resume Many (EWF HORM) is not supported. Crash dumps and pagefiles are also not supported. Lesson 2: Implement a USB Boot Solution 79

Preparing a USB Mass Storage Media for Booting You must prepare your USB storage device (DoK) before you can write an image to it. Preparation of your DoK involves creating a primary partition with a (MBR) sector. You then this partition with the appropriate . Because NTFS performs many writes to disk, you may consider formatting with FAT32 and create your image accordingly. Windows Embedded Studio provides you with a command-line tool named ufdprep.exe to help you prepare your DoK. Note that ufdprep.exe only runs on Windows XP and Windows 2003 SP1. If your development environment is Windows Vista then you will need to use to prep the media. To verify that you have created the partition properly, copy Ntdetect.com and NTLDR to your prepared DoK, set your device’s BIOS to start from a USB mass storage disk, and start the device. It should start Windows and fail to locate the necessary components under the Windows root directory. You should get an error message starting with Windows could not start because, indicating that the BIOS found the MBR and started NTLDR, which is fine at this point.

NOTE Size of bootable partition Because DoKs are solid-state storage devices, it is very likely that you will need another EWF, the Enhanced Write Filter (EWF), which is discussed in Lesson 3. Because EWF may need a partition (to store its configuration data) immediately after the primary partition of at least 8 MB, you should create the primary partition with smaller size than the entire DoK size to accommodate for this. The practice for this lesson covers this.

Adding USB Boot Components to the Image You must add to your OS configuration the USB Boot 2.0 component that is located under the Embedded Enabling Features branch of component browser in Target Designer. All that is left for you to do is perform a dependency check, build the OS image and copy it to your USB DoK.

Lesson Summary This lesson covers the option of booting from a USB mass storage device. As USB interface ports are now part of nearly all computer boards which include BIOS support for USB, this provides Windows Embedded Standard 2009 devices with an option to start from a low-cost, high-performance, reliable storage media. 80 Chapter 3 Integrating Embedded Enabling Features

Quick Check 1. Can you use any USB DoK for booting Windows Embedded Standard 2009? 2. Can you just copy your image to a new DoK and expect it to start and run?

Quick Check Answers 1. No, only USB 2.0 DoKs can be used, because they offer the high performance needed for starting and running an OS on them. 2. No, you have to prepare the DoK by creating a primary partition on it with an MBR sector and format it for either FAT32 or NTFS. Lesson 3: Implement EWF 81

Lesson 3: Implement EWF The longevity of an SLC NAND is around 100,000 write/erase cycles per block. Multiple-level cell NAND (MLC NAND) supports approximately one tenth of the writes/erases that SLC can achieve. The makers of solid-state storage devices employ a variety of wear-leveling algorithms intended to extend the life span of NAND to three to five years. EWF is really another algorithm designed to prolong the life span of solid-state mass storage devices employed by Windows Embedded Standard 2009 devices for better reliability.

After this lesson, you will be able to: ■ Describe EWF and its architecture. ■ Implement EWF on your device. ■ Programmatically interact with EWF. Estimated lesson time: 15 minutes.

EWF Definition EWF filters delayed writes to the mass storage media, which means that fewer writes and erases are performed on the storage media, prolonging its life. EWF redirects information from the disk to overlays. If the information that was redirected to the overlay is requested later, it is obtained from the overlay and not from the actual protected media. EWF can be configured in various ways. It can be applied to multiple volumes, each of which may have multiple overlays. There are two types of overlays: physical disk overlays or RAM overlays.

Disk Overlays Disk overlays use a special partition called EWF which contains the redirected information. This partition is not visible or recognized by the . Initialization and creation of the partition is done by the First Boot Agent (FBA). FBA requires unpartitioned space to be available to create the EWF Volume. FBA will fail if an EWF volume already exists. The EWF volume stores the EWF master volume table, overlay stack, and overlay data. The EWF master volume table stores information about the EWF volume. Each overlay stack corresponds to a protected volume, and is partitioned into multiple levels that correspond to a checkpoint. When you shut down the system, the information in the EWF partition is retained. See Figure 3-1 for the various overlay options. 82 Chapter 3 Integrating Embedded Enabling Features

RAM and RAM REG Overlays The main difference between RAM overlays and RAM REG overlays is the location of the EWF volume. RAM EWF volumes are stored on disk in unpartitioned space, whereas RAM REG EWF volumes are stored in the system registry. When the system is , the information in the RAM overlay is lost.

Disk

Disk Overlay Partition 1 Partition 2 >32 MB C:\ EWF Volume+Overlay

Protected Volume EWF Partition

Disk RAM

RAM Overlay Partition 1 Partition 2 >32 KB C:\ EWF Overlay EWF Volume

Protected Volume EWF Partition

Disk RAM

RAM-REG Partition 1 Overlay C:\ Registry EWF Overlay

Protected Volume EWF config info stored in registry

Figure 3-1 EWF overlays

EWF Components There are four components that provide EWF capabilities to your image. ■ EWF Component The EWF component contains the following files and settings that are required implement EWF: ■ EWF.SYS This filter driver handles read/write I/O Request Packets (IRPs). It redirects write IRPs to the EWF overlay so that the original volume is unchanged. Read IRPs will cause EWF to search for a match in the current Lesson 3: Implement EWF 83

overlay stack. If the disk sector is found in the overlay stack, the sector is retrieved from the overlay; otherwise, it is retrieved from the original volume. EWF locates the sector to be replaced, and redirects disk read/write IRPs as appropriate. ■ EWFDLL.DLL This DLL is responsible for formatting the EWF partition at first boot of your run-time image. It is invoked from FBA. ■ EWFINIT.DLL This DLL is responsible for formatting the EWF volume at first boot of your run time image. It is invoked from FBA. ■ EWF.INF This file contains the EWF driver installation information. ■ EWF NTLDR Component When EWF is configured to use disk overlay, a modified version of NTLDR is required. The protected volume is the primary boot volume. NTLDR maps the registry into memory as part of the system boot process from the primary boot volume, and then sends a pointer to the memory to the kernel. This modified NTLDR is aware of the EWF, and prevents potential corruption of the registry. ■ EWF Manager Console Application This component includes a console application, EWFMgr.exe, that can be used to issue commands, receive event notifications, and manage the EWF overlay format. ■ EWF Application Programming Interface (EWF API) Implemented within Ewfapi.dll, along with the Ewfapi.h and Ewfapi.lib, gives you the ability to control EWF from a custom application.

Configuring EWF Modes Settings for the EWF can be split into the two following groups: ■ EWF Volume Settings EWF volume configuration includes global settings for protected volumes. These settings specify the number of protected volumes, the maximum number of overlay levels, the EWF partition size for disk overlay, enabled/disable HORM, and enable/disable background disk defragmentation. ■ Protected Volume Settings The EWF protected volume settings include specifying the overlay type, enabling/disabling EWF on start, and specifying the protected volume disk and partition number. Specifying how EWF handles its own internal allocation within the EWF partition can optimize performance to one of these parameters: speed, space, or write frequency to disk. The following options are possible: 84 Chapter 3 Integrating Embedded Enabling Features

■ Optimal Performance provides the fastest execution, but uses more space in the EWF partition. This is the default setting. ■ Use Less Overlay Space performs a comparison between the new data and what is on disk and skips allocation if the data is the same. This option is slower than the optimal performance option, but consumes less space in the EWF partition. ■ Use Less Overlay Space and Less Writes performs a comparison between the new data and what is on disk regardless of whether there is an allocation. This is the slowest of the optimization options, but uses the fewest writes. This option is useful if the persistent storage is a flash ROM device. Once you have selected one of these options using Target Designer, you will not be able to change it in your run-time image.

Configuring EWF Disk Mode EWF Disk mode uses disk overlays. Use EWF Disk mode if your device needs to either protect data on a read/write volume from being altered or corrupted, provide multiple snapshots of disk contents, commit disk write operations to the protected volume image, or revert to a particular overlay level. In this configuration you have to add the following components to your image configuration: ■ Background Disk Defragmentation Disable component. ■ Enhanced Write Filter component. ■ EWF Manager Console Application or Enhanced Write Filter API (EWF API) component, depending on whether you will manage the filter through a command prompt or programmatically. ■ EWF NTLDR. Make sure you have the CMD-Windows Command Processor component included if you plan to use EWF Manager on your image. Next, configure the settings of the Enhanced Write Filter component. Set the overlay type to DISK, then set the EWF Partition size to the size that you want the EWF partition to be, in kilobytes. Check the Start EWF Enabled check box (if desired), and in the Disk Number field, type the disk number that contains the volume that you want to protect. In the Partition Number field, type the partition number for the volume that you want to protect. See Figure 3- 2 for a description of EWF component settings. Lesson 3: Implement EWF 85

Figure 3-2 EWF component settings

Configuring EWF RAM Mode EWF RAM mode holds overlays in RAM. Use EWF RAM mode if your device needs to protect data on a read/write volume from being altered, deploy a run-time image on a stateless device, or deploy a run-time image on a device without persistent read/write storage. Configuring EWF RAM mode is very similar to DISK mode with two differences. The first difference is that you set the overlay type to RAM and then set the EWF Partition size to 0 KB. Everything else is the same. 86 Chapter 3 Integrating Embedded Enabling Features

Configuring EWF RAM REG Mode EWF RAM REG mode stores its overlays in the registry. Use EWF RAM REG mode if your device needs to protect media that contains a single partition, that cannot be partitioned, that is removable, that does not support standard RAM overlays, or to minimize the number of write operations that are made to write-sensitive devices, such as Compact Flash. When configuring RAM REG mode, add the same components as for RAM and DISK mode; however, you do not need to add EWF NTLDR. You can keep the standard NTLDR in your configuration.

EWF API There are two ways to control EWF. One is to use the Ewfmgr.exe command-line tool. Ewfmgr.exe is part of the EWF Manager Console application component. The other is to create your own custom applications using the EWF API set. You have to add the EWF API component as a dependency for any custom application. The EWF API exposes a set of functions that can be called from within a Win32 application to control EWF programmatically. The EWF API functions enable applications to query and modify EWF configuration settings for protected volumes. Among the tasks you can perform in an application using EWF API are disabling or enabling EWF for a protected volume, restoring or discarding an overlay level, creating a checkpoint by adding an overlay level, committing the data in the current overlay, persisting data through a reboot and enabling HORM. Lesson 3: Implement EWF 87

Lesson Summary This lesson covers EWF as a means to protect mass storage media from wearing out. EWF also can be used when creating an image that boots and runs from a read-only mass storage media such as a CD. EWF can work in any of three modes (types): Disk mode, RAM mode or RAM REG mode. You have to add the EWF components to your OS configuration for it to run. One important component that must be present is the Background Disk Defragmentation Disable component.

Quick Check 1. What are the advantages of EWF? 2. What are the two types of overlays? 3. If you configure EWF for RAM REG mode of operation do you need EWF NTLDR?

Quick Check Answers 1. Protecting media from excessive writes and reducing wear. 2. There are RAM overlays, and EWF Disk overlays. 3. No, because it is not required for booting. 88 Chapter 3 Integrating Embedded Enabling Features

Lesson 4: Implement FBWF Whereas EWF protects whole volumes or partitions from writes and erases, FBWF protects at the file and folder level. There are some operations at the file level that EWF can handle and FBWF cannot, such as file locking and unlocking, file ID in NTFS, reparse points, quota, hard links, file compression and encryption, and opportunistic locks. Because FBWF operates at the file level rather than the sector level, it provides several features not found in EWF, such as selective write through, selective commits and restores, file and directory management transparency, and improved overlay memory use. You can configure FBWF to enable writes to specific files or directories by creating a Write Through list when you configure the filter in Target Designer.

After this lesson, you will be able to: ■ Understand the difference between EWF and FBWF. ■ Implement FBWF. Estimated lesson time: 15 minutes.

FBWF Features Like EWF, FBWF can protect a partition from writes. Unlike EWF, FBWF enables pre- defined files to pass through the filter. An unprotected file is accessed, modified, and written back to the disk. FBWF conserves and reclaims memory in the overlay cache. For instance, FBWF frees overlay memory when files are deleted or reduced in size.

Selective Write Through Selective Write Through enables writes to a predefined set of files and directories to reach the underlying protected volume. You can specify the files and directories for Selective Write Through when you configure FBWF in Target Designer.

Selective Commits and Restores Selective Commit is immediate and persists through restarts. Selective Commit moves a file or file changes from the overlay to the protected volume. Selective Restore discards an overlay file and restores the view of the underlying volume. Both of these functions are useful for devices that are not frequently restarted or for devices that are shared across users. Lesson 4: Implement FBWF 89

File and Directory Management Transparency Applications and operating system components make file and directory management calls with no awareness of FBWF. Applications perform explicit file I/O through functions such as CreateDirectory, CreateFile, ReadFile, and WriteFile. These calls appear to interact with the file system but may actually be redirected to the overlay cache. Moving files across protection boundaries, for example, from a protected volume to an unprotected volume, or committing new or deleted files may result in errors. FBWF supports only NTFS and FAT32 file systems.

Implementing FBWF To implement the FBWF, you have to add the FBWF component that is located under the Embedded Enabling Features branch of component browser in Target Designer. See Figure 3-3 for a description of FBWF component settings.

Figure 3-3 FBWF component settings 90 Chapter 3 Integrating Embedded Enabling Features

The FBWF configuration settings page is divided into two parts: FBWF settings and protected volume settings.

FBWF Configuration After you add FBWF, you can configure additional options in Target Designer. You can select the cache type: Dynamic, Dynamic Compressed, or Pre-allocated (default). Specify the overlay cache size (64 MB by default, maximum size 1GB), and check Disable page-file support, Disable , Disable Background Disk Defragmentation, and Disable Low Disk Warning Notification. It is recommended that you disable background defragmentation because you don’t want the system defragmenting the drive and eating up cache. Enter the number of volumes to protect. Each volume is configured by clicking the Prev and Next buttons.

Protected Volume Configuration In this section, you select the protected volume if there is more than one by using the Prev and Next buttons. The first field displays the current volume number and the second allows you to specify the drive letter of the volume to be protected. In the last field, list those files and folders for selective write through, separated by new lines. Note that the full paths should not contain the drive letter or environment variables. There is no mechanism to detect possible inconsistencies between the resolved value and the drive letter. Note that folders and files that are specified in this list will not automatically be created. You will have to create them in the deployed run-time before you can work with them.

FBWF API The FBWF API exposes a set of functions you can use in an application you develop to interact with the FBWF. To enable support for the FBWF API, add the FBWF API to your application by linking with Fbwflib.lib. The FBWF API functions enable applications to specify and query system-wide settings as well as cache settings for individually protected volumes and files. Using FBWF API calls, you can disable or enable FBWF or write filtering for an entire volume, set or query cache memory usage and compression usage, exclude a file or directory from write filtering and commit or restore cache contents to or from the actual file. Lesson 4: Implement FBWF 91

Integrating FBWF with Other Components FBWF and EWF may both be enabled on the same computer; however, FBWF cannot protect a volume also protected by EWF. Likewise, EWF cannot protect a volume also protected by FBWF. If you are protecting a device with FBWF, but want to be able to apply updates and patches to your run-time image, you can use DUA in conjunction with FBWF. Because FBWF intercepts writes to the device, you can run DUA as a background service on the device and let it poll for updates. In your DUA script, add a command that uses FBWF Manager to either disable FBWF or to commit the appropriate files in the FBWF overlay. Committing files or disabling FBWF enables you to write to your run- time image. Alternatively, you can use DUA to run a program that uses the FBWF to enable and disable FBWF programmatically. Removing a FBWF-protected USB mass storage device while it contains open files results in unpredictable behavior.

Registry Filter If the target device environment includes Domain Participation or Terminal Services Client Access Licensing (TSCAL), and you are using either EWF or FBWF, you should add and configure the Registry Filter component that is located under the Embedded Enabling Features branch of component browser in Target Designer. The Registry Filter maintains the necessary registry keys from session to session. This is necessary because with a standard EWF or FBWF RAM-based overlay, any updates to the registry are stored in RAM and are flushed when the system shuts down. The Registry Filter saves the monitored registry keys and values to the protected volume. On the next restart, the changes to the registry are reapplied and continue to persist in the RAM overlay.

Lesson Summary Whereas EWF protects whole volumes, FBWF is a filter on the file system and protects files and directories. Both EWF and FBWF cannot be enabled while the system is running. The filter makes a distinction between the current session since the last system start, and the next session after the next system start. The EWF and FBWF may encounter issues when enabled in an domain-joined device in handling domain secret keys and TSCAL preservation. The registry keys for these two items could be lost during a restart, thus a failure to connect to the domain 92 Chapter 3 Integrating Embedded Enabling Features

or loss of a TSCAL could occur. The Registry Filter was developed to preserve these two registry changes across restarts without requiring all registry changes in a file to persist. You can control FBWF through the FBWF API by creating FBWF-aware applications.

Quick Check 1. When would you choose FBWF over EWF? 2. What is the purpose of the Registry Filter?

Quick Check Answers 1. When you need to have files written directly to disk, even if the volume is pro- tected – for example database files. 2. Preserve TSCALs and domain secret keys for systems protected by EWF or FBWF. Lesson 5: Implement Message Box Default Reply 93

Lesson 5: Implement Message Box Default Reply Applications and features running on the operating system often require user input. For example, a system message displayed in a message box requires the user to at least confirm and release the message box so that the system can continue the flow of operation. On a headless system, or any system that operates without a user, not interacting with such a message box could lead to the interruption of work flow and the system may not perform its tasks. Windows Embedded Standard 2009 provides you with the capability to hide or suppress these messages.

After this lesson, you will be able to: ■ Understand the system message interception. ■ Implement message box default reply. Estimated lesson time: 15 minutes.

Message Interception in Win32 Windows provides the developer a mechanism to intercept events before they reach their destination. This mechanism is known as Win32 hooks and involves developing code, which is therefore outside the scope of this lesson. Win32 provides 16 predefined hooks that you can use to create a hook callback function that filters the specific hook you want to process. You then register the hook procedure with the system using the SetWindowsHookEx Win32 API. For example, you can intercept all keyboard events by creating a hook procedure for the WH_KEYBOARD_LL hook, so you can prevent a specific key from ever reaching its destination. To intercept application messages, you can implement the MessageProc Win32 API and process a filter on dialog box events. Windows Embedded Standard 2009 provides you with a simple solution to replying to a dialog box: the Message Box Default Reply component, which allows you to specify the default option in handling messages. For example, if the message box has two buttons, OK and Cancel, and if OK is the default value, then OK will be selected. This will be equivalent to clicking OK. In addition, the contents of the message box are sent into the Windows Event Log. This is helpful because message boxes are important and should not be ignored. The Event Log can then be viewed remotely, or accessed programmatically. 94 Chapter 3 Integrating Embedded Enabling Features

Implementing Message Box Default Reply To implement message handling, add the Message Box Default Reply component, located under the Embedded Enabling Features branch of component browser in Target Designer. See Figure 3-4 for a description of Message Box Default Reply component settings. Configuration is very simple: you enable or disable message box display, set the severity of errors to be logged, and enable or disable sending the information to the Event log.

Figure 3-4 Message Box Default Reply Component settings

Lesson Summary Message interception is the purpose of the Message Box Default Reply component. It provides some standard options for handling messages that normally require user input. You can create a much more elaborate and customized message interception feature by implementing Win32 hooks programmatically to perform tasks that are outside of the capabilities provided by the Message Box Default Reply component. Lesson 5: Implement Message Box Default Reply 95

Quick Check 1. What is the purpose of the Message Box Default Reply feature?

Quick Check Answers 1. The Windows Embedded Standard 2009 OS, as well as features and third party applications, may generate message boxes that require user interven- tion. The Message Box Default Reply component allows you to specify the default option for handling messages when the system intercepts them. 96 Chapter 3 Integrating Embedded Enabling Features

Lab 3: Exploring Embedded Enabling Features In this lab you will work with the Embedded Enabling Features discussed in this chapter. Use the image created from the previous chapters as a basis for the exercises.

Practice 1: Implementing DUA In this practice, you add the DUA component to your image and configure it to run a simple script to copy a file from one location to another location on startup.  Add and configure the DUA component 1. Open your configuration in Target Designer. 2. Navigate to the Software> System> User Interface> Shells> branch in component browser. 3. Add the Windows Accessories component. 4. Navigate to the Embedded Enabling Features branch in component browser. 5. Add the Device Update Agent component. 6. Add the Administrator Account component. 7. Open the Administrator Account Settings and type password in the Password field. 8. Open the Device Update Agent Settings and configure the settings with the following: a. Service Account: Local. b. Run On Start: Checked. c. Require HTTP Support: Unchecked. d. Poll Interval: 180 seconds (Poll every 3 minutes). e. Poll Jitter: Unchecked. f. Working Directory: c:\dua. g. Expand Working Directory using the environment on the embedded device: checked. h. Poll Time/Day: leave all checked. i. Select the Command Path Type: Local. j. Complete Path to the Command File including Filename and Extension: c:\duacmd.dup. Lab 3: Exploring Embedded Enabling Features 97

k. Expand Working Directory using the environment on the embedded device: checked. 9. Check dependencies and build your configuration.  Install the Script Compiler 1. On the development system, create a directory under c:\WES_DATA called DUA. 2. Copy the Dusc.exe and Dusacaut.dll found in C:\Program Files\Windows Embedded\Bin to the c:\ WES_DATA \DUA directory. 3. Open a command prompt window and change directory to the c:\ WES_DATA \DUA directory. 4. Use the Regsvr utility to install the script compiler’s DLL. See Figure 3-5.

C:\>regsvr32 duscaut.dll.

Figure 3-5 Registering DUSCAUT.DLL 98 Chapter 3 Integrating Embedded Enabling Features

 Create a script to execute the Calculator application 1. In the development computer, open Notepad. 2. Enter the following to start the Calculator accessories application.

//Launch Microsoft Calculator 15,0,0,0,c:\windows\system32\calc.exe,0,,1,4294967295,,1,,,,1,,,,,,,1,0,WinSta0\Default

a. Using EXECUTEPROCESS (15) to run the application. a. [ErrorMode] set to 0, halts the script if this command fails. Helps with script troubleshooting. b. [REBOOTOK] set to 0, will not enable the system to restart when running this command. c. [ExpandMode] set to 0, ExpandMode is turned off, will not expand the string that follows. d. [ApplicationName] Is set to the whole path of the application including the EXE extension. e. [WaitForCompletion] Set to 1. DUA will wait for the command to be completed before continuing on with the script. f. [] Set to an infinite amount of time, but in a practical situation it would be smaller. Since WaitForCompletion is set, if the application were to hang, the timeout will allow the DUA agent to continue on with the script and not hang with the application. g. SecRev must be set to 1 for both parameters. h. [StartupMode] is set to 1. Use the StartupMode constants table to define how the application will be started. In this case the following: 0,WinSta0\Default follows the StartupMode setting. These are the first two entries listed in Table 3-1. Basically this is telling DUA to start the application in the local user environment. Normally this is how you would start an application. If 0,WinSta0\Default was missing it would start the application in Administrative or system environment depending how the system was setup. 3. Save the file as duacmd.dus to the c:\ WES_DATA \DUA folder. 4. At a command prompt, compile the script file, and have the output file be duacmd.dup.

C:\>dusc duacmd.dus duacmd.dup Lab 3: Exploring Embedded Enabling Features 99

5. Copy the duacmd.dup command file to the root of the target’s C: drive. 6. If you are using a dual-boot system, you will have to reboot the system and select the Windows Embedded Standard 2009 image. Because the Poll interval is set for three minutes during every hour of every day of the week, the application should run within three minutes after starting. When DUA runs the DUP file, Calc will appear and the duacmd.dup will be removed. 7. At the command prompt, run c:\ to confirm that the DUP file is gone. 8. Close the Calc application.

Practice 2: Creating a USB DoK Boot Disk In this practice, you will create a bootable USB DoK and start your run-time image from it.  Prepare your USB DoK (on a Windows XP or SP1 development computer) 1. Insert the USB flash disk into an available USB 2.0 port. Note the drive letter assigned to the flash disk. 2. Open a command prompt. 3. Change directories to the {drive]\Program Files\Windows Embedded\utilities. 4. Run the ufdprep.exe utility for the USB flash disk:

C:\>ufdprep where is the drive letter for the USB flash disk.

5. Close the command prompt when finished.  Create your run-time image and copy it to the DoK 1. Open your configuration in Target Designer. 2. Go to the Embedded Enabling Features branch in component browser. 3. Add the USB Boot 2.0 component. 4. Go to the Software>System>System Services> Base branch in component browser. 5. Add the USB NT Hardware Detect component. 6. Check dependencies and build your configuration. 7. Open . 100 Chapter 3 Integrating Embedded Enabling Features

8. Copy the Windows Embedded Standard 2009 image from C:\Windows Embedded Images to the USB flash disk. 9. When the transfer is completed, eject the USB 2.0 flash drive so you can safely remove the drive from the development computer.

Practice 3: Adding EWF to Your Image In this practice you will add and configure the EWF to work in DISK mode.  Add and configure EWF component 1. Open your configuration in Target Designer. 2. Go to the Embedded Enabling Features branch in component browser. 3. Add the EWF component. 4. Add the EWF NTLDR component. 5. Disable NTLDR in configuration editor. 6. Add the EWF Manager Console Application. 7. Select the EWF component settings. 8. Configure EWF as follows: a. Maximum Number of Protected Volumes: 1. b. Maximum Number of Overlay Levels: 1. c. Start EWF Enabled – Checked. d. Enable Lazy Write – Unchecked. e. Disk Number : 0. f. Partition Number : 1. g. Overlay Type: DISK. h. Optimization Options: Optimal Performance. 9. In order to monitor the write filter, add the component, which can be located in the component browser, under the Software> System> User Interface> Shells> Windows Shell branch. 10. Check dependencies and build your configuration. Lab 3: Exploring Embedded Enabling Features 101

 To test the EWF 1. After the FBA has completed, start Windows Embedded Standard 2009. 2. View information on the EWF by opening a command window and entering the following: ewfmgr C:. 3. Make a change to the system by copying a file or creating a new directory. For example, create a directory on the C drive called TESTDIR. 4. Restart the system. The folder should still be there because it was in the Disk Overlay. 5. Disable EWF by entering the following at a command prompt: ewfmgr c: -disable 6. Restart the system. The folder should be lost because it only existed in the overlay and was not committed to the disk. 7. Re-enable EWF by entering the following at a command prompt: ewfmgr c: -enable 8. Restart the system. 9. Create the test folder again on C drive. 10. Use EWFMR to commit changes to the protected partition by entering the following at a command prompt: ewfmgr c: -commit 11. Restart the system. 12. Disable EWF by entering the following at a command prompt: ewfmgr c: -disable 13. Restart the system and note that the changes are still there after the system restarts. 102 Chapter 3 Integrating Embedded Enabling Features

Practice 4: Adding FBWF to Your Image In this practice you will add and configure the FBWF.  Add and configure the FBWF component 1. Open your configuration in Target Designer. 2. If you are reusing the same configuration as Practice 3, remove the EWF and EWF NTLDR components. 3. Go to the Embedded Enabling Features branch in component browser. 4. Add the File Based Write Filter component. 5. Enable NTLDR in configuration editor. 6. Under the Extra Files in the configuration editor, add a new folder called Data. This folder is used for your write-through test. 7. Select the File Based Write Filter component settings.

Figure 3-6 FBWF settings for practice

8. To configure FBWF, leave all defaults and just enter C: in the Volume field and add \Data to the Write Through list. See Figure 3-6 for details. Lab 3: Exploring Embedded Enabling Features 103

9. Check dependencies and build your configuration  Testing FBWF 1. On the target system, open a command prompt. 2. Type the following to see the status of FBWF:

fbwfmgr

FBWF configuration for the current session: filter state: enabled. overlay cache data compression state: disabled. overlay cache threshold: 64 MB. overlay cache pre-allocation: enabled. protected volume list: \Device\HarddiskVolume1 Write-Through list of each protected volume: \Device\HarddiskVolume1:

FBWF configuration for the next session: filter state: enabled. overlay cache data compression state: disabled. overlay cache threshold: 64 MB. overlay cache pre-allocation: enabled. protected volume list: \Device\HarddiskVolume1 Write-Through list of each protected volume: \Device\HarddiskVolume1: \Data 3. Create a new folder called test1 under c:\data and another folder called test2 under c:\. 4. Restart the system. Test1 folder should be there, test2 should not. 5. Open a command prompt. 6. Enter the following at the command line to disable FBWF:

fbwfmgr /disable

7. Restart the system. 8. Create a new folder called test2 under c:\. 9. Restart the system. Test2 should be there. 10. Open a command prompt. 11. Enter the following at the command line to enable FBWF:

fbwfmgr /enable

12. Restart the system. 104 Chapter 3 Integrating Embedded Enabling Features

13. Open File Explorer. 14. Right-click the c:\test2 directory and select Delete from the context menu. Click OK when asked to send to the recycle bin. Test2 should disappear. 15. Right click the c:\data\test1 directory and select Delete from the context menu. Click OK when asked to send to the recycle bin. This time you will get an error, as shown in Figure 3-7.

Figure 3-7 Delete file error

NOTE You cannot move a file from a write-through area to a protected area You could use the keyboard and perform a SHIFT+, which will bypass the recycle bin and delete the directory.

16. Try dragging a font file like Tahoma from c:\windows\fonts to the c:\data directory. Another error occurs as shown in Figure 3-8. You could copy and paste the file if needed.

Figure 3-8 Move File Error

17. Drag and drop the test1 folder in c:\data to the c:\. 18. Restart the system. The folder should still be there. 19. Create a Wordpad file under c:\test1 called mydoc. 20. Restart the system. The file will not be there upon restart. C:\test1 is not part of the exclusion list so any file written to the location will be lost. 21. To add c:\test1 to the Write-Through. Open a command prompt. 22. Enter the following to add c:\test1 to the write-through list:

fbwfmgr /addexclusion c: \test1 Lab 3: Exploring Embedded Enabling Features 105

NOTE White Space There is a space between c: and \test1

23. Restart the system. 24. Create a WordPad file named Mydoc2 in the c:\test1 directory. 25. Restart the system. This time the file should still be there. 106 Chapter 3 Review

Chapter Review One difference between Windows XP and Windows Embedded Standard 2009, apart from the latter being a componentized version of the former, are the Embedded Enabling Features (EEFs) in Windows Embedded Standard 2009. These EEFs provide extra capabilities to the operating system to function in typical embedded scenarios, such as headless devices, solid state hard disk-based devices, and so on. Such devices need some or all of the following EEFs: ■ DUA. ■ USB Boot 2.0. ■ EWF. ■ FBWF. ■ Headless VGA driver. ■ Message Box Default Reply.

Key Terms Do you know what these key terms mean? You can check your answers by looking up the terms in the glossary at the end of the book. ■ DUA. ■ EWF. ■ FBWF. ■ Message interception and Win32 hooks. ■ Headless device. ■ SLC NAND Flash.

Suggested Practices To help you successfully master the exam objectives presented in this chapter, complete the following tasks.

Creating a Compact Flash-Based Device Compact Flash (CF) is a popular boot media solution for Windows Embedded Standard 2009. Most off-the-shelf CF cards are identified as removable, thus Windows Embedded Standard 2009 can only access one partition on the drive, Chapter 3 Review 107

unless the card is marked as fixed or non-removable. CF cards also can use EWF to protect the life of the card. To complete this task, you need a CF card large enough to hold the Windows Embedded Standard 2009 image. Your target will need a CF-to- IDE (Integrated Drive Electronics) adapter to hold the CF card. The CF card will be the only hard drive in the system. When FBA completes, EWF should be enabled and WF should be configured for RAM REG.  Prepare CF Media and Deploy Image 1. You must perform this exercise on the development system and not on a virtual machine in Virtual PC. 2. On the development system, format a floppy disk as a DOS bootable disk. 3. Copy .exe and Format.com to the floppy. 4. Copy Bootprep.exe found in the [drive]\Program Files\Windows Embedded\ Utilities directory to the floppy. 5. Put the CF card in the target system. 6. Start the target system to the DOS boot floppy. 7. FDISK the CF card so the card is one whole partition. 8. While in FDISK, make sure that the partition is set to Active. 9. Restart the system. 10. Format the CF card using format.com. 11. Run Ta.exe to create a device .pmq file and copy it to your development workstation. 12. Create a hardware component named CFTEST for your target computer. 13. Import it to the component database. 14. Reformat the CF card using format.com. 15. Type the following at a command prompt to create the : bootprep c:\ 16. Shut down the target system and remove the CF card. 17. Put the CF card in the USB to CF adapter of the development system. 18. Copy the image to the CF card. 19. Put the card in the CF-to-IDE adapter of the target and start the target system. 108 Chapter 3 Review

20. Once the Task Manager Shell appears, click on New Task button and type cmd in the edit box. 21. Type the following at a command prompt on the C: drive. You should see that EWF is enabled and the configuration is RAM REG: ewfmgr.

NOTE CF to IDE Adapter You can also use a CF to IDE adapter to prepare the CF media. If you do, skip steps 1-10 and use diskpart on the development computer to format the CF card, and then run Tap.exe to create the .pmq file.

 Create the configuration 1. Open Target Designer and create a new Windows Embedded Standard 2009 configuration called WESCF. 2. Add the following components to the new configuration: a. EWF Manager Console Application. b. EWF. c. EWF NTLDR. d. Minlogon. e. Task Manager Shell. f. FAT. g. FAT Format. h. CMD – Windows Command Processor. i. At least one Language Support component. 3. Use the CFTEST component you created for your test computer. 4. In the Enhance Write Filter component’s settings, set the EWF overlay to RAM REG. 5. In the configuration’s settings, under Target Device Settings, change the Boot Partition size to the size of your CF card. 6. Check and resolve dependencies. 7. Build and test the configuration.