I have a low level (for example, it is actually low-level, these are basically all IOCTL calls and several enumeration API calls) that periodically occur in Windows Vista / 7 on client computers. Unfortunately, I could not get any crash dumps, but one helpful user mentioned that running the program in XP compatibility mode solved the problem.
An application always starts with full administrator rights (it starts from another program that requires administrator authorization), so this is not a UAC problem. I do not use legacy APIs and I do not rely on any registry hacks, etc. I simply issue calls to list the drives, and then use the IOCTL commands to get more detailed information about all connected devices.
What happens in XP compatibility mode? What does Windows inject into my application or otherwise isolate it, which prevents it from crashing in Vista / 7? I initially suspected that the heap was damaged (although I pulled out my hair trying to reproduce or track the problem) before he was informed that it works fine in XP compatibility mode.
Can anyone suggest any possible problems that could have been avoided in XP compatibility mode that I should pay attention to in order to try to solve this problem? Thank!
EDIT:
Another thing that is probably very important to mention: I call DDK / Kernel functions from user space to get some functions that are not displayed through the WIN32 API.
I use ZwReadFile, ZwCreateFile, ZwWriteFile, RtlInitUnicodeString, ZwQueryVolumeInformationFile, ZwDeviceIoControlFile, ZwSetInformationFile, ZwClose.
The IOCTLs that I call include IOCTL_DISK_GET_PARTITION_INFO_EX, IOCTL_STORAGE_GET_DEVICE_NUMBER, IOCTL_DISK_GET_LENGTH_INFO, and IOCTL_DISK_GET_DRIVE_LAYOUT_EX.