Application Security Testing: An Integral Part of DevOps
Since the introduction of the .NET Framework in 2002, MFC has not been an area that has seen many new features added or a lot of focus from Microsoft. Much of the slow-down in MFC can be attributed to the lack of a major new release of the Windows operating system during this period, but there was also an undercurrent that native development was dead, and this made any MFC improvements redundant. With the release of Visual Studio 2008 and the thousands of new native APIs in Windows Vista, native development is alive and well, and thankfully MFC has benefited from this native renaissance with a range of new controls and improvements to existing controls that support the new look-and-feel of Vista.
For new MFC applications created with Visual C++ 2008, all MFC controls that are added to a dialog will automatically take advantage of the new Vista controls when the MFC application is executed on Vista or above. In much the same way, taking an application that was developed with an earlier version of Visual C++ and recompiling it with Visual C++ 2008 will result in an executable that will take advantage of Vista common controls when run on Vista. When executed on Windows Server 2003 or earlier, MFC-based applications will gracefully downgrade to the older common controls. The File Save dialog that is produced by taking the Scribble sample application that shipped with Visual C++ 6, re-compiling it with Visual C++ 2008, and running the application on Windows Vista is shown in Figure 1.
Figure 1: Scribble Compiled with Visual C++ 2008 running on Vista
The same executable will look like Figure 2 when executed on Windows Server 2003.
Figure 2: Scribble Compiled with Visual C++ 2008 running on Windows Server 2003
For the sake of completeness, Figure 3 shows the same Scribble application compiled using Visual C++ 2005 running on Windows Vista.
Figure 3: Scribble Compiled with Visual C++ 2005 running on Vista
In the case of the Scribble application, the MFC document-view architecture is automatically handling the display of the file dialogs, but if a CFileDialog-derived dialog is being created explicitly in code, a new optional parameter has been added to the constructor to specify whether Vista-style dialog boxes should be used, as shown in Figure 4.
Figure 4: CFileDialog constructor parameter list
Simply re-compiling a code base using Visual C++ 2008 will go some way to giving the application a Vista look-and-feel, but it will still be necessary to manually change a number of settings to fully take advantage of Vista. One of the first manual checks is to make sure the fonts in the various UI controls have a font setting that will display well on Vista. The font setting for the Pen Width dialog in Scribble is MS San Serif, which is a bitmap font that can't be anti-aliased using Vista's ClearType technology. The use of a non-ClearType font looks slightly out of place when executed on Vista, as shown in Figure 5.
Figure 5: Scribble Pen Width Dialog with MS San Serif font
By using the Properties Window of the Pen Width Dialog, the Use System Font property can be set to true. This setting means that the dialog will use the pseudo-font MS Shell Dlg. When this pseudo-font is used, a Registry key located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\FontSubstitutes is used to translate this to a real font, which in the case of a Vista installation that uses English will be Microsoft Sans Serif. In contrast to the similarly named MS San Serif, Microsoft Sans Serif is an OpenType font format, and OpenType fonts can be anti-aliased with ClearType technology. Although the difference is subtle, as shown in Figure 6, the difference is apparent on Vista where ClearType display is the norm.
Figure 6: Scribble Pen Width Dialog on Vista with System Font set to True