Microsoft Hardware Newsletter May 26, 2011 This newsletter contains archived content. No warranty is made as to technical accuracy of content or currency of URLs. Recently Published on WHDC Enhanced Wheel Support in Windows Starting with Windows Vista, the Windows operating system offers enhanced support for next-generation wheel mouse devices. This paper provides guidelines for independent hardware vendors who are developing such input devices and for application developers who want to take advantage of wheel support in Windows. This revision updates the paper for Windows 7 and clarifies some definitions and descriptions in the original version. Read more: https://msdn.microsoft.com/en-us/windows/hardware/gg487477 Infrared Remote Control and Receiver Approval Process This article contains information about the Windows Media Center approval process for infrared remote controls and receivers. This article is intended to provide guidance to independent hardware vendors (IHVs) who want to create new compatible remote controls and receivers for use with Windows Media Center in Windows 7. Read more: https://msdn.microsoft.com/en-us/windows/hardware/gg703229 Windows and GPT FAQ This article provides answers to frequently asked questions about the GUID Partition Table (GPT). It has been updated for Windows 7. Read more: https://msdn.microsoft.com/en-us/windows/hardware/gg463525 Windows On/Off Transition Performance Analysis This paper explains the Windows on/off transitions in detail, highlights performance vulnerabilities within each transition, and shows how to identify and analyze these issues by using the Windows Performance Toolkit (WPT). The guidance in this paper can help significantly reduce on/off transition times. This paper is intended to help original equipment manufacturers (OEMs), independent software vendors (ISVs), independent hardware vendors (IHVs), and systems analysts improve system response times. This update makes minor changes to two illustrations and fixes a few editorial issues. Read more: https://msdn.microsoft.com/en-us/windows/hardware/gg463386 What's New in Blogs for Hardware and Driver Developers "Analyzing a Stuxnet Infection with the Sysinternals Tools, Parts 2 and 3" by Mark Russinovich in "Mark's Blog" Part 2: In Part 1 I began my investigation of an example infection of the infamous Stuxnet worm with the Sysinternals tools. I used Process Explorer, Autoruns and VMMap for a post-infection survey of the system. Autoruns quickly revealed the heart of Stuxnet, two device drivers named Mrxcls.sys and Mrxnet.sys, and it turned out that disabling those drivers and rebooting is all that's necessary to disable Stuxnet (barring a reinfection). With Process Explorer and VMMap we saw that Stuxnet injected code into various system processes and created processes running system executables to serve as additional hosts for its payload. By the end of the post I had gotten as far as I could with a snapshot-based view of the infection, however. In this post I continue the investigation by analyzing the Process Monitor log I captured during the infection to gain deeper insight into Stuxnet's impact on an infected system and how it operates (incidentally, if you like these blog posts, cybersecurity, and books by Tom Clancy and Michael Crichton, be sure to check out my new cyberthriller, Zero Day). Read more: https://blogs.technet.com/b/markrussinovich/archive/2011/04/20/3422035.aspx Part 3: In the first post of this series, I used Autoruns, Process Explorer and VMMap to statically analyze a Stuxnet infection on Windows XP. That phase of the investigation revealed that Stuxnet infected multiple processes, launched infected processes that appeared to be running system executables, and installed and loaded two device drivers. In the second phase, I turned to the Process Monitor trace I had captured during the infection and learned that Stuxnet had launched several additional processes during the infection. The trace also uncovered the fact that Stuxnet had dropped four files with the .PNF extension into the C:\Windows\Inf directory. In this concluding post, I use the Sysinternals tools to try to determine the purpose of the PNF files and to look at how Stuxnet used a zero-day vulnerability on Windows 7 (since fixed) to elevate itself to run with administrator rights. Read more: https://blogs.technet.com/b/markrussinovich/archive/2011/04/20/3422212.aspx "Several inbox USB drivers may not get updated on upgrade from Win7 RTM to Win7 SP1" in the Microsoft Windows USB Core Team Blog When upgrading from Windows 7 RTM to SP1 on a clean Windows 7 RTM build, binaries such as usbport.sys, usbehci.sys and winusb.sys may not get updated. Machines that have INF files from OEMs to install USB drivers with a custom description will not get affected. This issue doesn't exist if you use a slipstream version of SP1. A new update will be released very soon to address this issue. Read more: https://blogs.msdn.com/b/usbcoreblog/archive/2011/04/01/several-inbox-usb-drivers-may-not-get-updated-on-upgrade-from-win7-rtm-to-win7-sp1.aspx "Demystifying USB Selective Suspend" by Vivek Gupta in the Microsoft Windows USB Core Team Blog Hi, I am Vivek Gupta, a software developer on the USB team. In this blog, I am going to talk about why USB selective suspend mechanism is needed and important, and how to implement it correctly in devices and drivers. I will start by discussing the concept of run-time power management in devices, discuss the USB specific mechanism of selective suspend and finally cover how this mechanism is implemented in USB 3.0. Read more: https://blogs.msdn.com/b/usbcoreblog/archive/2011/05/11/demystifying-usb-selective-suspend.aspx "Microsoft Virtualization for VMWare Professionals" by Volker Will in "VolkerW's WebLog" Following the recent success of a well-attended online training, my team has started enhancing the content and publishing it to the Microsoft Virtual Academy. The first course, Microsoft Virtualization for VMware Professionals - The Platform, is now available for online learning. Read more: https://blogs.msdn.com/b/volkerw/archive/2011/05/13/microsoft-virtualization-for-vmware-professionals.aspx Windows Logo Program News WLK 1.6 Will Be Required for all Submissions Effective June 1, 2011 The Windows Logo Program would like to remind our partners that starting June 1, 2011, submissions to the Windows Quality Online Services (Winqual) website must use Windows Logo Kit (WLK) 1.6. WLK 1.5 will be retired on May 31, 2011, and partners will no longer be able to use that kit starting June 1, 2011. For more information on WLK 1.6, see the Windows Logo Kit site on MSDN. WLK 1.6 can be downloaded from Microsoft Connect. WLK 1.6 QFE 001 Fixes WSD Scan Verify Test Windows Logo Kit 1.6 QFE 001 fixes the WSD Scan Verify test. This test is required for the following test categories: Consumer Scanner - Rally enabled (Network) Enterprise Scanner - Rally enabled (Network) This test validates the updated IMAGING-0052 requirement. QFE 001 includes the following fixes to this test: ScanAvailableEvent is not required by devices that do not have a physical scan button on the device. The test now generates a prompt that asks the user if the device has a physical scan button and tests accordingly. Devices are not required to support NetBIOS. The test now sends an IP address instead of a NetBIOS name. The test no longer throws an exception during the "RetrieveImage without Event Subscription" test. The test has been updated to send an HTTP response when the test receives web service events from the device. This QFE001 is available on Microsoft Connect. USB-IF Requirement Going into Effect June 1, 2011 The Logo requirement CONNECT-0093 (USB IF Tests are passing or device is USB IF certified) and the tests that validate this requirement will become mandatory effective June 1, 2011. All submissions made after this date will be required to pass this requirement. Devices that have previously received a logo can request exemption from meeting this requirement per POLICY-0018 (Logo Maintenance Policy). However, these devices cannot be used in a system submission made after June 1, 2011. Two New Test Categories Introduced for Filter Drivers With WLK 1.6, two new test categories have been introduced for file system-based filter drivers: Kernel Filters Kernel Anti-Virus Filters These test categories are applicable only for INF-based drivers, which were previously tested through the "Unclassified" test category. The firewall filter drivers used in the security software applications must continue to be tested through the "Network > Security Software" test category. Filter drivers submitted on or after June 1, 2011 must be tested through the appropriate test category by using WLK 1.6. Systems submitted after June 1, 2011 must contain filter drivers tested through the appropriate test category by using WLK 1.6. For more information, see the full list of available test categoriesfor the Windows Logo Program. Subscribe to the Windows Logo Program Newsletter: https://msdn.microsoft.com/windows/hardware/gg462957

Windows Driver Developer Kits, Tools, and Programs Windows Driver Kit (WDK) Windows Logo Kit (WLK) WDK Documentation Windows Symbols (October 2009) Windows Logo Program Newsletter Archive Developing Drivers with the Windows Driver Foundation Buy the Book  WDF Resources on WHDC  Events — In Person and Online Computex Taipei May 31–June 4, 2011 Taipei, Taiwan All Things Digital: D9 May 31–June 2, 2011 Rancho Palos Verdes, California, USA Microsoft Worldwide Partner Conference (WPC) July 10–14, 2011 Los Angeles, California, USA Windows Summit 2010 Videos on demand for those who engineer Windows-based devices, systems, and software. Microsoft PDC 2010 Online Watch sessions from last year’s Professional Developers Conference on demand. Microsoft Tech•Ed Online Watch sessions from around the world on-demand.