Microsoft Hardware Newsletter
May 26, 2011
This newsletter contains archived content. No warranty is made as to technical accuracy of content or currency of URLs.
Recently Published on WHDC
Enhanced Wheel Support in Windows
Starting with Windows Vista, the Windows operating system offers enhanced support for next-generation wheel mouse devices. This paper provides guidelines for independent hardware vendors who are developing such input devices and for application developers who want to take advantage of wheel support in Windows. This revision updates the paper for Windows 7 and clarifies some definitions and descriptions in the original version.
Infrared Remote Control and Receiver Approval Process
This article contains information about the Windows Media Center approval process for infrared remote controls and receivers. This article is intended to provide guidance to independent hardware vendors (IHVs) who want to create new compatible remote controls and receivers for use with Windows Media Center in Windows 7.
Windows and GPT FAQ
This article provides answers to frequently asked questions about the GUID Partition Table (GPT). It has been updated for Windows 7.
Windows On/Off Transition Performance Analysis
This paper explains the Windows on/off transitions in detail, highlights performance vulnerabilities within each transition, and shows how to identify and analyze these issues by using the Windows Performance Toolkit (WPT). The guidance in this paper can help significantly reduce on/off transition times.
This paper is intended to help original equipment manufacturers (OEMs), independent software vendors (ISVs), independent hardware vendors (IHVs), and systems analysts improve system response times.
This update makes minor changes to two illustrations and fixes a few editorial issues.
What's New in Blogs for Hardware and Driver Developers
"Analyzing a Stuxnet Infection with the Sysinternals Tools, Parts 2 and 3" by Mark Russinovich in "Mark's Blog"
Part 2: In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer, Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet, two device drivers named Mrxcls.sys and Mrxnet.sys, and it turned out that disabling those drivers and rebooting is all that's necessary to disable Stuxnet (barring a reinfection). With Process Explorer and VMMap we saw that Stuxnet injected code into various system processes and created processes running system executables to serve as additional hosts for its payload. By the end of the post I had gotten as far as I could with a snapshot-based view of the infection, however. In this post I continue the investigation by analyzing the Process Monitor log I captured during the infection to gain deeper insight into Stuxnet's impact on an infected system and how it operates (incidentally, if you like these blog posts, cybersecurity, and books by Tom Clancy and Michael Crichton, be sure to check out my new cyberthriller, Zero Day).
Part 3: In the first post of this series, I used Autoruns, Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that appeared to be running system executables, and installed and loaded two device drivers. In the second phase, I turned to the Process Monitor trace I had captured during the infection and learned that Stuxnet had launched several additional processes during the infection. The trace also uncovered the fact that Stuxnet had dropped four files with the .PNF extension into the C:\Windows\Inf directory. In this concluding post, I use the Sysinternals tools to try to determine the purpose of the PNF files and to look at how Stuxnet used a zero-day vulnerability on Windows 7 (since fixed) to elevate itself to run with administrator rights.
"Several inbox USB drivers may not get updated on upgrade from Win7 RTM to Win7 SP1" in the Microsoft Windows USB Core Team Blog
When upgrading from Windows 7 RTM to SP1 on a clean Windows 7 RTM build, binaries such as usbport.sys, usbehci.sys and winusb.sys may not get updated. Machines that have INF files from OEMs to install USB drivers with a custom description will not get affected. This issue doesn't exist if you use a slipstream version of SP1. A new update will be released very soon to address this issue.
"Demystifying USB Selective Suspend" by Vivek Gupta in the Microsoft Windows USB Core Team Blog
Hi, I am Vivek Gupta, a software developer on the USB team. In this blog, I am going to talk about why USB selective suspend mechanism is needed and important, and how to implement it correctly in devices and drivers. I will start by discussing the concept of run-time power management in devices, discuss the USB specific mechanism of selective suspend and finally cover how this mechanism is implemented in USB 3.0.
"Microsoft Virtualization for VMWare Professionals" by Volker Will in "VolkerW's WebLog"
Following the recent success of a well-attended online training, my team has started enhancing the content and publishing it to the Microsoft Virtual Academy. The first course, Microsoft Virtualization for VMware Professionals - The Platform, is now available for online learning.
Windows Logo Program News
For more information on WLK 1.6, see the Windows Logo Kit site on MSDN.
WLK 1.6 can be downloaded from Microsoft Connect.
WLK 1.6 QFE 001 Fixes WSD Scan Verify Test
Windows Logo Kit 1.6 QFE 001 fixes the WSD Scan Verify test. This test is required for the following test categories:
This test validates the updated IMAGING-0052 requirement. QFE 001 includes the following fixes to this test:
This QFE001 is available on Microsoft Connect.
USB-IF Requirement Going into Effect June 1, 2011
The Logo requirement CONNECT-0093 (USB IF Tests are passing or device is USB IF certified) and the tests that validate this requirement will become mandatory effective June 1, 2011. All submissions made after this date will be required to pass this requirement.
Devices that have previously received a logo can request exemption from meeting this requirement per POLICY-0018 (Logo Maintenance Policy). However, these devices cannot be used in a system submission made after June 1, 2011.
Two New Test Categories Introduced for Filter Drivers
With WLK 1.6, two new test categories have been introduced for file system-based filter drivers:
These test categories are applicable only for INF-based drivers, which were previously tested through the "Unclassified" test category. The firewall filter drivers used in the security software applications must continue to be tested through the "Network > Security Software" test category.
Filter drivers submitted on or after June 1, 2011 must be tested through the appropriate test category by using WLK 1.6. Systems submitted after June 1, 2011 must contain filter drivers tested through the appropriate test category by using WLK 1.6.
For more information, see the full list of available test categoriesfor the Windows Logo Program.
Subscribe to the Windows Logo Program Newsletter: http://msdn.microsoft.com/windows/hardware/gg462957
Windows Driver Developer Kits, Tools, and