Home

Blog index

Recent entries

C/C++ 7.0 add on for OS/2

zdir - an OS/2 Family sdir

A C runtime for Visual C++ to target OS/2

Making OS/2 family programs with Visual C++

Making nice UI on NT 3.1 and above

Buffer overflows using NT 3.1

Why make (and ymake)

Software

Antinat Socks Server

clmp

cvtvt

yedit

htmlclip

MiniCRT

scut

sdir

Serenity Audio Player

which

wincvt

yori

PE subsystem version

12 Feb 2017

Every Win32 executable has a series of headers, and one of the ones that I keep bumping into over many years is the subsystem version field. As far as I can tell, this field does two things:

  1. Set a minimum version of Windows that can run the executable. If the version is older than this, trying to run it fails, giving the user a message, without running any code in the executable.
  2. Define a version of Windows whose behavior should be emulated if multiple behaviors exist.

In recent versions of Windows, that second part has been largely superseded by manifests, which allow applications to declare that they can handle some new Windows behavior while still functioning on older versions. In older versions of Windows though, the effect of the subsystem version field can be dramatic.

Take the application below, Visual C++ 2, running on Windows NT 3.51. It was designed to run on NT 3.5, so this is roughly how it was intended to look:

Then along comes NT4, which adopts the Windows 95 UI. What does it do? Although this application was trying to provide a 3D appearance, via Ctl3d32.dll, NT4 assumes any pre-4 application really wanted a white, 2D-ish appearance. Except that many controls don't have 2D implementations, so the result is some messy hybrid of 2D, 3D, and mismatched colors. This behavior can be seen below.

But, if the exact same application has its subsystem version field changed to 4.0, NT4 believes it should be 3D, grey, and non-bold. Although this change isn't perfectly consistent, it's still a huge improvement, and goes a long way to taking an older application and providing a more modern and consistent UI. This behavior can be seen below.

Not bad for a DIY upgrade.

Although I'm sure the stated goal for this behavior change is to preserve compatibility with older applications, it also seemed funny to me that the emulated behavior isn't terribly close the behavior of the previous version. Sometimes I wonder if it's just trying to make older applications look uglier than they need to be to encourage upgrades.