The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts

It rather involved being on the other side of this airtight hatchway: Account vulnerable to Active Directory administrator

A security vulnerability report came in that went something like this: Disclosure of arbitrary data from any user An attacker can obtain arbitrary data from any user by means of the following steps: There's no point continuing, because the first step assumes that you are on the other side of the airtight hatchway. If you have compromised the domain controller, then you control the domain. From there, all the remaining steps are just piling on style points and cranking up the degree of difficulty. A much less roundabout attack is as follows: No, wait, I can make it even easier. You are the dom...

If you set up roaming profiles, you are expected to set up each machine identically, for the most part

A customer discovered the following behavior when they set up roaming user profiles on their domain. Consider two machines, 1 and 2. An application A is installed on machine 1, but not machine 2. A user with a roaming profile logs onto machine 1 and pins application A to the taskbar. That user then logs off of machine 1 and logs onto machine 2. Now things get interesting: The taskbar on machine 2 initially shows a white icon on the taskbar, representing the nonexistent application A. A short time later, that icon vanishes. When the user logs off of machine&n...

When corporate policies meet precision scientific equipment

One of my colleagues used to work as an IT consultant, and one of his clients was a tobacco company. Since they were a tobacco company, the company policy on smoking was "You can smoke anywhere, any time." "Anywhere" includes the labs. The labs with very expensive precision scientific equipment. My colleague told me that this policy meant that the company regularly replaced $50,000 pieces of equipment after only a few months, thanks to smoke damage. But the company couldn't change their smoking policy. Imagine the public relations disaster if a tobacco company had a no-smoking policy! Starting next year, cigar...

Notes on calculating constants in SSE registers

There are a few ways to load constants into SSE registers. Load them from memory. Load them from general purpose registers via . Insert selected bits from general purpose registers via . Try to calculate them in clever ways. Loading constants from memory incurs memory access penalties. Loading or inserting them from general purpose registers incurs cross-domain penalties. So let's see what we can do with clever calculations. The most obvious clever calculations are the ones for setting a register to all zeroes or all ones. These two idioms are special-cased in the processor and execute faster th...

Detecting whether a SID is well-known SID

You might think that the function would tell you whether a SID is well-known, but it doesn't. Rather, it tells you whether a SID exactly matches the well-known SID you specified. For example, you can ask, "Is this the Authenticated Users SID?" or "Is this the Everyone SID?" But you can't ask, "Is this any type of well-known SID?" I guess you could enumerate through all the well-known SIDs, and check if your SID matches any of them, but that's getting kind of ugly. If what you're interested in is whether this is a machine-relative SID (or a domain-relative SID, which is the special case where the machine is ...

What states are possible in a DRAWITEMSTRUCT structure?

The structure has an member which contains a number of bits describing the state of the item being drawn. How do those states map to the underlying control? Most of the states are rather obvious. For a list box item to be selected, it means that the item is part of the selection. But what does selected mean for a button? Since people like tables, I'll put the answer in a table: Okay, now that it's all in a table, how do I read the table? A box is blank if the corresponding flag is not currently used by the control type. (No guarantees about the future.) For example, as of this writing, button controls do ...

If you get a procedure address by ordinal, you had better be absolutely sure it's there, because the failure mode is usually indistinguishable from success

A customer reported that the function was behaving strangely. We have this code in one of our tests: Recently, this test started failing in bizarre ways. When we stepped through the code, we discovered that ends up calling instead of . The first time we try to test , we get stack corruption because has a different function prototype from , and of course on top of that the test fails horribly because it's calling the wrong function! When trying to narrow the problem, we found that the issue began when the test was run against a version of the DLL that was missing the function entirely. The line wa...

The psychology of confirmation, or something, I don't know what to call it

There is probably a name for this phenomenon. I will illustrate it below. "Is there a way to configure the system to do X?" — Go to the Y dialog and select Z. "It doesn't work." — I just tried it. It works for me. I'm using 〈configuration details〉. "Thanks. It's working."

Creating double-precision integer multiplication with a quad-precision result from single-precision multiplication with a double-precision result

Suppose you want to multiply two double-word values producing a quad-word result, but your processor supports only single-word multiplication with a double-word result. For concreteness, let's say that your processor supports 32 × 32 → 64 multiplication and you want to implement 64 × 64 → 128 multiplication. (Sound like any processor you know?) Oh boy, let's do some high school algebra. Let's start with unsigned multiplication. Let x = A × 2³² + B and y = C × 2³² + D, where A, B, C, and D are all in the range 0 … 2³² − 1. Each of the multiplications (not counting the power-of-two multiplications) is a 32 × 3...