Managing Software AND Scripts on 64-bit Windows Darwin Sanoy, Principal Consultant & windows.com Trainer, CSI-Windows.com - http://csi 1 Darwin Sanoy Principal Consultant and Trainer • CSI-Windows.com – Provides Training and Resources… – to Help Application Provisioning Specialists... windows.com – Put Applications on Windows 7, Virtualization and - Windows 8. http://csi • This session is an abridged version of our course ENG-52 Windows 7 Application Support Engineer 2 64-bit Software Spectrum Windows OS 64-bit 32-bit 64-bit Edition 64-bit Compatible Edition Compatible “Just Works” Edition 64-bit 64-bit Win7 32-bit Win7 32-bit XP 32-bit binaries binaries WOW WOW binaries binaries binaries windows.com - 64-bit Drivers 64-bit Drivers WOW64 (Windows On Windows) http://csi 64-bit Drivers Windows 7 API + UAC 64-bit Hardware (Most “Business Class” HW for last 6 years) Why Mixed 32 and 64-bit? • Target XP, Win7 32-bit and 64-bit: – Minimize number of source files. – Minimize number of compiles. windows.com – Minimize number/complexity of installers. - • Simultaneous Maintenance of Both Bitnesses http://csi • Reuse Legacy Binaries • 32-bit Middleware 64-bit Platform • Only 64-bit, Signed Drivers Allowed • 32-bit Services OK • EXEs around 20% Larger • Threads Each Use 512KB More (32 & 64-bit) windows.com • 1.5 Gbytes Bigger on Disk (1.1 is SysWOW64) - • Duplicate 32-bit Environment http://csi – 32-bit System32 – 32-bit WinSxS – .NET Framework WOW64 Defined • WOW64 = Windows(32) On Windows64 • Design which allows 64-bit Windows to supports 32-bit EXES windows.com • By tricking 32-bit processes to think they are on a 32-bit - OS. http://csi • using process Level redirections of certain file paths and reg keys • to load 32-bit OS DLLs instead of 64-bit. 64-bit Platform Nomenclature • Bitness = How Many Bits? • x86 = 32-bit • x64 = 64-bit windows.com - • Thunking = translating different bitness http://csi Naming and Folders • Legacy Locations RESERVED for 64-bit. • Filenames ending in “32” mean nothing. • \System32 = 64-bit Windows DLLs windows.com - • \SysWOW64 = 32-bit Windows DLLs http://csi • WOW6432Node = 32-bit Registry The OS Through Process Eyes Process (ABC.EXE) ABC.EXE Kernel32.DLL User32.DLL ABC.DLL Advapi32.DLL Windows XYZ.DLL ComDlg32.DLL NTDLL.DLL windows.com - Ole32.DLL http://csi Shell32.DLL Sechost.DLL A Bunch Of DLLs With Me In My Process DLL Injection & API Interception Process (ABC.EXE) ABC.EXE ReportGen.DL • Used For ->2e7f ->2e7f L IAT -> 6c9b IAT -> 6c9b – WOW64 RegCreateKey RegCreateKey – AppCompat – AppVirt (App-V) Shlwapi.DLL IAT RegCreateKey windows.com ->2e7f - ->6c9b http://csi Injected.DLL ADVAPI32.DLL Custom Function [6c9b] RegCreateKeyW (code) [2e7f] WOW64 Architecture 32-bit Process math.exe (32bit) Load Write System32\User32.dll HKLM\Software\Math WOW64 Wow64Win.dll NTDll.dll Wow64CPU.dll Wow64.dll windows.com - Redirected to Redirected to SysWOW64\User32.dll HKLM\Software\Wow6432Node\Math http://csi \Windows\SysWOW64 HKLM\Software\Wow6432Node (32-bit Windows DLLs) (32-bit Software Registry) 64-Bit \Windows\System32 HKLM\Software Windows (64-bit Windows DLLs) (64-bit Software Registry) Bitness: Processes and Binaries 32-bit Process 64-bit Process math.exe (32-bit) math.exe (64-bit) Arithmatic.dll (64-bit) Arithmatic.dll (32-bit) Load windows.com - stats.exe (32-bit) http://csi stats.exe (64-bit) IPC Default Script Execution • .CMD/.BAT = 64-bit • .VBS, .JS = 64-bit • .PS1 = 64-bit windows.com - • .REG = 64-bit http://csi • .HTA/.HTM = 32-bit Other Environments • The Bitness of the Agent EXE Will Dictate Script Engine Bitness – Desktop Management Agent – Software Distribution Agent – Group Policy (64-bit) • Most Third Party Services Will Default 32-bit For A While windows.com - • Watch: They May Miss the Impact on You of Full 64-bit Agent Binaries http://csi • 32-bit VBScript w/out Admin Will UAC Virtualize (Protected Admins / Standard Users) Script Engine Bitness Impacts • Calls to 32-bit EXEs are Ok in x64 • Scriptable Objects – 32/64 Bit are different – VBS: CreateObject – PS: New-Object windows.com • Path to System32 - – Do You Have Custom Subfolders? http://csi • Registry Redirection – Pushing HKLM\Software\<company> needs redirection to match software. Per-Bitness Configuration • PowerShell Must Be Activated Per-bitness – %windir%\System32\Powershell.exe Set-ExecutionPolicy RemoteSigned – %windir%\sysWOW64\Powershell.exe Set-ExecutionPolicy RemoteSigned windows.com • VBScript \ Jscript Re-Registering is Per-bitness - – Elevate “\system32\cmd.exe” http://csi – Regsvr32 vbscript.dll – Elevate “\sysWOW64\cmd.exe” – Regsvr32 vbscript.dll Extensions Example • SetACL (Good) – 32 and 64-bit EXE – 32 and 64-bit Scriptable COM Object windows.com • Register BOTH - • Errors http://csi – "ActiveX component can't create object 'xxx.xxx'. Code: 800A01AD Force 32-Bit • .CMD/.BAT: ...\SysWOW64\cmd.exe • .VBS: ...\SysWOW64\cscript.exe windows.com • .PS1: - …\SysWOW64\WindowsPowerShell\v1.0\power http://csi shell.exe • .REG: ...\SysWOW64\regedit.exe WMI Registry Access • Has Bitness on Registry Provider • Defaults to bitness of caller • Can force cross bitness access with two new windows.com Wbemscripting properties - – “__ ProviderArchitecture", 32 http://csi – “__RequiredArchitecture", TRUE • 32-bit Script Read 64-bit Registry Retrofit Scripts for 32-bit Bitness • Snippet of code at top of script. • Re-calls script w/ desired bitness. • If it not run in desired bitness. • windows.com Does nothing if desired bitness not available (e.g. - 64-bit on 32-bit OS) • Works for XP and Win7. http://csi • One small modification to run on XP 32, Win7 32 and Win7 64. General Logic If DesiredProcBitness <> CurrentProcBitness AND Running on 64-bit Then Recall this script with the desired engine Exit the script (so we don’t run twice) End If windows.com - <Script Working Code Here> http://csi (In full course the code is provided for VBS, .CMD/.BAT and .PS1) Windows Installer • Default MSIEXEC.EXE is 64-bit • .MSIs can be tagged “x64” • During Package Processing EVERYTHING defaults to 32-bit regardless of 64-bit MSIEXEC.EXE and even if the .MSI is windows.com tagged “x64” - • One MSI Can Supported Mixed Bitness http://csi • 64-bit MSI Processing Must be Opted Into on a Per-Item Basis • Do Not Call sysWOW64\msiexec.exe OPT In Tags: • Package Must Be Marked x64 • For files, new folder properties must be used: ProgramFiles64Folder, System64Folder (only accurate if pkg marked x64) windows.com • Must Tag Components as 64-bit - • Must tag Scripted Custom Actions as 64-bit http://csi • EXE/DLL Custom Actions execute according to their inherent bitness Properties and Attributes • ProgramFilesFolder = “C:\Program Files (x86)” • VersionNT64 (detect 64-bit) • ProgramFiles64Folder • System64Folder windows.com • CommonFiles64Folder - • msidbComponentAttributes64bit http://csi • msidbLocatorType64bit • msidbCustomActionType64BitScript Favor 32-Bit Software • DO NOT “Use 64-bit Versions Whenever Available” – Plug-in and Runtime dependencies windows.com • Especially where dependencies are not well - known ahead of time. http://csi Follow Up • Visit http://csi-windows.com/packagingevent for code samples and presentation slides. • Check out our training at windows.com http://csi-windows.com/courses - http://csi 26 .