The format of string resources

Raymond ChenJanuary 30, 2004Jan 30, 200401/30/04

Unlike the other resource formats, where the resource identifier is the same as the value listed in the *.rc file, string resources are packaged in "bundles". There is a rather terse description of this in Knowledge Base article Q196774. Today we're going to expand that terse description into actual code. The strings listed in the *.rc file ...

Integer overflow in the new[] operator

Raymond ChenJanuary 29, 2004Jan 29, 200401/29/04

Integer overflows are becoming a new security attack vector. Mike Howard's article discusses some of the ways you can protect yourself against integer overflow attacks. One attack vector he neglects to mention is integer overflow in the new[] operator. This operator performs an implicit multiplication that is unchecked: If you study the ...

Another reason not to do anything scary in your DllMain: Inadvertent deadlock

Raymond ChenJanuary 28, 2004Jan 28, 200401/28/04

Your DllMain function runs inside the loader lock, one of the few times the OS lets you run code while one of its internal locks is held. This means that you must be extra careful not to violate a lock hierarchy in your DllMain; otherwise, you are asking for a deadlock. (You do have a lock hierarchy in your DLL, right?) The loader lock ...

Some reasons not to do anything scary in your DllMain

Raymond ChenJanuary 27, 2004Jan 27, 200401/27/04

As everybody knows by now, you're not supposed to do anything even remotely interesting in your DllMain function. Oleg Lvovitch has written two very good articles about this, one about how things work, and one about what goes wrong when they don't work. Here's another reason not to do anything remotely interesting in your DllMain: It's ...