Application Security Testing: An Integral Part of DevOps
Many developers shy away from embedded development for a number of reasons—difficulty in understanding the wide array of Windows CE/ Windows Mobile configurations, uncertainty about how to get started with an embedded project, and perceived difficulties in device debugging. This article aims to address all these issues, and get C++ developers familiar with the great opportunities that exist in life outside the desktop/ server environment.
Before digging into the mobile C++ development world, it is worth briefly looking at the managed alternatives. As with the desktop world, managed development is possible in the embedded world by using a cut-down version of the .NET Framework officially titled the Microsoft .NET Compact Framework. The .NET Compact Framework has been notoriously lacking in many of the features that exist in the main .NET Framework, and an old joke circa .NET Compact Framework 1 is that the Compact Framework is a wrapper around the System.NotImplementedException (and the fact that earlier versions of the Compact Framework did not include the NotImplementedException type highlighted how 'compact' it truly was).
Although the functionality available in the .NET Framework has significantly increased with each new version, and .NET Compact Framework 3.5 has some great features from the full version—like LINQ—included, two significant issues will continue to exist with the .NET Compact Framework for the foreseeable future. The first problem is the lag between the release of a Compact Framework version and its inclusion in the ROM image that a particular embedded device ships with. Windows Mobile 6 is the latest release of the CE/Mobile family, and it includes version 2 of the Compact Framework. When version 3.5 ships shortly, any application that uses it will need to ensure that target device has the 3.5 Framework installed; this chews up valuable memory on the device that could otherwise be used by other applications. For the majority of devices in production that are running Windows Mobile 5 or older, the situation is worse, because they are likely to ship only with the feature-poor version 1 of the Compact Framework. The second issue with the Compact Framework is a small range of features for interacting with the actual device on which the application is running. As with the main Windows version of the Framework, .NET is great for writing code for applications that run on top of the operating system, but for applications that want to have significant interaction with the newer and more esoteric features of the host OS, C# and Visual Basic.NET are poor alternatives to C++.
For many years, C++ developers producing server and desktop applications for Windows only had to worry about a single processor instruction set (x86) and a single SDK (the Win32 SDK), and although the advent of two distinct 64-bit processor architectures has slightly complicated the picture, life is still relatively simple for the developer. In contrast, the embedded world is markedly more complicated, with a great variety of processors, devices, and operating system builds that could potentially be targeted by a single code-base. Sitting on top of the wide variety of device form-factors is the Windows CE operating system, which has been officially renamed "Windows Embedded CE" in the recent 6.0 release. Windows CE consists of an operating system kernel and an array of optional components that a device OEM can configure to include in a particular build. Because of the wide variety of devices that Windows CE can support, an application developer will typically target a pre-defined build of Windows CE rather than attempting to provide support for all possible device configurations.
Windows Embedded CE 6.0, which was released in November 2006, has three Microsoft-defined platforms that a device OEM can choose to license for installation onto a particular device: Windows Mobile 6 Standard (which is the latest version of the platform formally known as Windows Mobile for Smartphone), Windows Mobile 6 Professional (formally known as Windows Mobile for Pocket PC Phone Edition), and Windows Mobile 6 Classic (formally known as Windows Mobile for Pocket PC). Windows Mobile Classic is customized for PDA devices that don't have any telephony functionality, such as the HP iPAQ. Windows Mobile Standard is for Windows phone devices that have a traditional phone-form factor that consists primarily of a non-touch screen and numeric keypad, and Windows Mobile Professional is for hybrid devices that have both phone and PDA functionality.
Although it may seem like a tedious exercise in nomenclature trudging through the previous and current versions of Windows CE platforms, understanding the various CE platforms is critical from a developer's perspective because there is an SDK for each corresponding platform. Each different platform has subtly different components and features that are available, and the correct SDK must be installed to target the appropriate device. For Windows Mobile 6, two separate SDKs are available—the Windows Mobile 6 Standard SDK that targets Windows Mobile Standard and the Windows Mobile 6 Professional SDK that targets Windows Mobile 6 Classic and Windows Mobile 6 Professional. So, thankfully, the choice of which SDK to use for which Windows Mobile 6 devices comes down to a simple decision point: Does the target device have a touch-screen? Both SDKs can be downloaded from the Microsoft Download Center, and will install with either Visual Studio 2005 or 2008.
Now that the groundwork has finally been laid, it's time to have a look at the C++ developer experience for a mobile application. The first task is to ensure that the Visual C++ Smart Device Programmability option is selected when Visual Studio is installed; without this, the SDKs will not be able to install the full range of C++ options. The next step is to download and install the required SDK, which will integrate with Visual C++ and add a number of new options to various Smart Device project templates.
There are a number of different project types available for mobile development; the three main options are Win32, MFC, and ATL. The options have the same pros and cons as their desktop equivalents—Win32 provides the leanest executable with the easiest deployment requirements but comes at the expense of a more tedious developer experience. ATL is a lightweight application framework optimized for COM development and allows both DLL and EXE development for CE-based devices, and MFC provides the richest framework for application development at the expense of a heavier runtime. MFC has separate projects for executables, ActiveX controls, and DLLs.