Cameyo 2.0 Beta

The latest Cameyo 2.0 Beta contains a secret feature. No, it’s not the clicking-on-the-logo trick (which now displays the version number). It’s virtual services & drivers support.
It is hidden because it’s still experimental. Not sure whether it will be unhidden for the official 2.0 version yet.
To activate it with apps generated by build >= 2.0.785, type:
   VirtApp.cameyo.exe -services:direct

If you wish to skip the confirmation window, you can also do:
   VirtApp.cameyo.exe -services:direct,skipconfirm

First, it’s important to understand that even when this functionality will get “out of the oven”, Cameyo will:
1. not enable service / driver virtualization by default; it’ll have to be explicitly enabled.
2. ask the user for confirmation / authorization that they indeed want to integrate services / drivers.\

User-mode services
These services, visible in Windows’ Service Manager, are plain executable files that execute as SYSTEM. While building this feature, I initially considered running those services entirely by Cameyo, without any interaction with the Service Manager. However, I decided to abandon this route and take a more Windows-like approach. The approach taken here is to integrate a stub Cameyo virtual loader into the Service Manager, and have it launch the service virtualized. That way, the service will function in the most realistic way – both in terms of user account (i.e. SYSTEM), tokens, service options, and service commands.
Virtual services have the “.AppID.Cameyo” suffx, allowing them to be easily distinguished and removed along with the virtual app.

Drivers (!)
Those of you who have some experience with app virtualization probably understood the meaning of my exclamation point. I don’t think any app virtualization product dared dealing with drivers. And there is a good reason for that! Drivers cannot be virtualized. However, their integration into the machine can. Now, let me explain this daring new initiative:
Just like with service virtualization (see above), the idea here is to temporarily integrate drivers into Windows. This is something Cameyo never does, and it requires admin privileges / elevation. Which is why it’ll always have to be explicitly enabled.
Now, drivers that require the app’s files to be in a certain directory (i.e. C:\Program Files\AppName) or under a certain registry key, will fail (remember, we don’t virtualize driver’s operations, only their integration into the system). Drivers that just do their job without accessing the app’s files or registry (i.e. TrueCrypt), will work.
So with regards to drivers, it’s not black & white. But hey, that’s why nobody does this…
Any testings & feedback will be good.
This whole section & functionality is dedicated to Mule, who’s been asking me about service virtualization almost since I started to work on Cameyo 2.0  :)

Leave a Reply

Your email address will not be published. Required fields are marked *