The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts
It’s a trap! Employment documents that require you to violate company policy
Required to commit actions that are grounds for termination.
How can I detect that a user's SID has changed and recover their old data?
A customer maintained a database which recorded information per user. The information in the database is keyed by the user's SID. This works out great most of the time, but there are cases in which a user's SID can change. "Wait, I thought SIDs don't change." While it's true that SIDs don't change, it is also true that the SID associated with a user can change. Since SIDs encode the domain to which they belong, a user which moves from one domain to another within an organization, will need to be assigned a new SID. But wait, does that mean that the user lost access to all their stuff? After all, all their stu...
Taking advantage of the fact that the handle returned when you create a kernel synchronization object has full access regardless of the actual ACL
A customer wanted some help deciding what security attributes to place on an event object intended to be used by multiple security contexts. We have two processes, call them A and B, running in different security contexts. I have an event that process A creates and shares with process B. The only thing process A does with the event is signal it, and the only thing process B does with the event is wait on it. Our question is what ACLs you recommend for the event. For now, we're using O:BAD:(A;;GR;;;WD)(A;;GA;;;LS)(A;;GA;;;BA). (In case it matters, process A is usually running as a service with Local System priv...
Where does the Installed Updates control panel get the install date from?
A corporate customer wanted to know where the Installed Updates control panel gets the Installed On information from, because they found that the values were always set to the current date regardless of when the update was actually installed. The algorithm goes roughly like this: First, ask MSI what date the update was installed by calling and asking for the . If that doesn't work, then go to the registry key under and look for a value called (surprise) . (Note that 32-bit updates on 64-bit machines will be redirected into a key.) If that still doesn't work, then it's time to guess: Windows XP uses th...
It's time we face reality, my friends: We're not rocket scientists
During the development of Windows 95, it was common for team members to pay visits to other teams to touch base and let them know what's been happening on the Windows 95 side of the project. It was during one of these informal visits that the one of my colleagues reported that he saw that one of the members of the partner team had a Gary Larson cartoon from The Far Side depicting a group of scientists studying a multi-stage rocket ship they just assembled, but the stages are connected all crooked. One of the scientists says, "It's time we face reality, my friends. … We're not exactly rocket s...
How do I read the "Double-click to open an item (single-click to select)" setting in Folder Options?
Today's Little Program reports whether the Double-click to open an item (single-click to select) option is selected in the Folder Options dialog. A customer wanted to know how to do this, presumably so that their program would respect the setting and adjust its user interface to match. The flag and member name is kind of weird. The ability to single-click to open an item was introduced as part of the Windows Desktop Update which came with Internet Explorer 4. This update made Explorer more Web-like, with single-click to activate and underlines appearing on hover. (This was back in the day when making eve...
Dispelling the myths, rumors, and innuendo surrounding the QueryPerformanceCounter function
The function has been the subject of much rumor and innuendo. In response to all the confusion, the kernel folks put together a page which tries to settle the controversy once and for all. It discusses the history of QPC over the ages, the problems it had on earlier versions of Windows or older firmware (which is probably where a lot of the myths started), its interaction with hypervisors, offers guidance on how to use it and its alternatives, and includes a very nice Q&A.
Why does the OpenThread function behave differently when the target thread belongs to another process?
A customer discovered strange behavior in the function and wondered whether it was expected. We use the function to obtain a thread handle with , passing in a valid thread ID. We later pass this handle to to get the thread exit code. We have found that the function succeeds if the thread in question belongs to another process, provided the thread is still running (has not yet exited). On the other hand, if the thread belongs to our own process, then the call always succeeds regardless of whether the thread is running or not. Is this expected behavior? And can we assume that if fails with , then it means that...