C++/VB - GDI+ manifest dependency

Asked By znakeeye

13-Nov-09 09:40 AM

My application is dependent on GDI+. Since gdiplus.dll has a history
of critical exploits, I think it would be reasonable to require the
latest version. I put this in my application, and it seems to work
(the manifest points to the latest GDI+ version):

name='Microsoft.Windows.GdiPlus' version='1.0.6001.22319'
processorArchitecture='x86' publicKeyToken='6595b64144ccf1df'
language='*'\"")


Is this a good approach?

Win32 GDI Discussions

XP
(1)

PublicKeyToken
(1)

ProcessorArchitecture
(1)

Windows
(1)

Redistibutable
(1)

Downloaders
(1)

Exploits
(1)

Aa376609
(1)

Chris Becke replied to znakeeye

13-Nov-09 06:55 AM

I would be very nervous explicitly targetting the latest version of
gdi-plus.

It would seem that a rational application would target the base version
that is known to be installed on XP or 2003

http://msdn.microsoft.com/en-us/library/aa376609(VS.85).aspx

The cool thing is, because the latest versions are installed with policy
files containing version redirection, your application will end up using
the most recent version (That is compatible with the version you
originally targetted) that has been installed via service packs or
security updates.

I do not buy the argument that its good (security wise) for applications
to target the most recent version of a library  in an effort to force
end users to upgrade old libraries (even if the old libraries do contain
known exploits).

znakeeye replied to Chris Becke

13-Nov-09 09:40 AM

Thanks for your reply.

I agree with you, but I wanted to hear it from somebody else.

So basically, targeting "any" version of GDI+ makes the user
responsible for using an up-to-date Windows installation? I am just
afraid many users do not update their systems and therefore my
application would be a possible target for hackers...

Chris Becke replied to znakeeye

13-Nov-09 09:14 AM

That is true. But... well I do not think it is a good idea to require
users to source the latest version of gdiplus themselves. If you bundle
the gdiplus redistibutable installer, I'd see nothing wrong with
targetting the bundled version.

If you care about making money in software you have to be aware of
filter effects. Each discrete step that users are expected to do reduces
the number of users who pass that step. So, out of ever 'N' users who
hear about your program, some % will download it. Some % of the
downloaders (not 100%) will actually start the install.exe.

Those who finish the install (again, a % less than those that started
the install, especially if you ask for any kind of registration info)
will actually run your program.

If you introduce a "please download and install this other package"
step, you will filter out again another % of your potential final users.

Previous Discussion: A generic error occurred in GDI+

How can I run my application under win32 mode in a 64 bit XP? C++ / VB

How can I run my application under win32 mode in a 64 bit XP? C++ / VB Hi guy, I want to run my application under win32 mode in a 64 bit XP. My application works fine in 32 bit XP and vista (both 32 and 64 bit). But it does not work in 64 bit XP. (But it will work after I manually set the I suppose manifest file will help me. But it is not help after I set processorArchitecture = "X86". Looks like the result of setting processorArchitecture = "X86" is different with the result of seting Anybody knows what I can do. BTW to compile my application - -- -- -- -- -- -- -- -- -- -- -- type = "win32" name = "myOrganization.myDivision.mySampleApp" version = "6.0.0.0" processorArchitecture = "X86" publicKeyToken = "0000000000000000" / > type = "win32" name = "Microsoft.Windows.Common-Controls" version = "6.0.0.0" processorArchitecture = "X86

Multi-Byte Application with XP Theme C++ / VB

Multi-Byte Application with XP Theme C++ / VB Hi Guys, I have been searching the web for the solution to I changed the project's character set from Unicode to multi-byte I lost the XP theme. How can I create a multi-byte application with XP Theme? Thanks AliR. VC MFC Discussions Windows XP (1) Linux (1) Vista (1) MultiByteToWideChar (1) WideCharToMultiByte (1) XP (1) V6eAj.19937 (1) BzYzj.14845 (1) Hi AliR, Same here! I've just found edit the manifest file, adding explicitly the dependency to Common Controls v.6 of Windows XP. To do that, add this XML node entry into manifest file: type = "win32" name = "Microsoft.Windows.Common-Controls" version = "6.0.0.0" processorArchitecture = "X86" publicKeyToken = "6595b64144ccf1df" language = "*" / > This node must be put into the main root <assembly> node. This is

Windows Theming C++ / VB

setup: I am using VPC to develop it on a Windows 2003 machine from my XP laptop. So far so good. But when I try to run the application on XP or Vista, my listview headers still appear in the same old gray, 3D look. I assume this is related to the manifest, and that there are manifests for XP and Vista, but how do I make it look current on Windows 2003, XP, Vista, Windows 7, and beyond? (And why is not that the default?) Do I need hand? Does anyone have a good understanding of this? Thanks. Jonathan VC MFC Discussions Windows XP (1) InitCtrls.dwICC (1) Visual Studio (1) Windows 7 (1) Vista (1) InitCtrls.dwSize (1 at the bottom of it: - -- name = 'Microsoft.Windows.Common-Controls' version = '6.0.0.0' processorArchitecture = 'x86' publicKeyToken = '6595b64144ccf1df' language = '*' \ "") name = 'Microsoft.Windows.Common-Controls' version = '6.0.0.0' processorArchitecture = 'ia64' publicKeyToken = '6595b64144ccf1df' language = '*' \ "") name = 'Microsoft.Windows.Common-Controls' version = '6.0.0.0' processorArchitecture

Common controls 6 in the debug build? C++ / VB

the magic lines: type = "win32" name = "Microsoft.Windows.Common-Controls" version = "6.0.0.0" processorArchitecture = "X86" publicKeyToken = "6595b64144ccf1df" language = "*" / > into the manifest of my MFC app, turns the radio buttons, buttons, and check boxes into the modern style under XP and Vista. At least it does it for the release build, but it seems to For discussion / support see http: / / www.mozart.co.uk / mzusers / mailinglist.htm VC MFC Discussions XP (1) MOZART (1) Vista (1) HtmRe (1) LowndesRe (1) LANGUAGE (1) AjayDave (1) DLL (1

Trouble with XP visual style password symbol under Window XP MCE or Windows Server 2003? C++ / VB

Trouble with XP visual style password symbol under Window XP MCE or Windows Server 2003? C++ / VB Hello all Users found that password symbol under Window XP MCE or Windows 2003 is not shown as like in Windows XP, it show a small vertical line like a cursor, not a chubby circle like in XP themes, so password seems ugly. Other Windows XP Visual Styles controls is fine except password edit control. What is wrong? Is there new manifest or API to enable a XP visual styles password in Win MCE and Windows 2003. I use standart manifest: manifestVersion = "1 0"> version = "1.0.0.0" processorArchitecture = "*" name = "CompanyName.ProductName.YourApplication" type = "win32" / > type = "win32" name = "Microsoft.Windows.Common-Controls" version = "6