The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts
If you want to track whether the current thread owns a critical section, you can use the critical section itself to protect it
You may find yourself in the situation where you want to keep track of the owner of a critical section. This is usually for debugging or diagnostic purposes. For example, a particular function may have as a prerequisite that a particular critical section is held, and you want to assert this so that you can catch the problem when running the debug build. After we successfully enter the critical section, we mark the current thread as the owner and increment the entry count. Before leaving the critical section, we see if this is the last exit, and if so, we clear the owner field. Note that we update the owner...
Where is this CRC that is allegedly invalid on my hard drive?
If you're unlucky, your I/O operation will fail with , whose description is "Data error (cyclic redundancy check)." Where does NTFS keep this CRC, what is it checking, and how can you access the value to try to repair the data? Actually, NTFS does none of that stuff. The CRC error you're getting is coming from the hard drive itself. Hard drives nowadays are pretty complicated beasts. They don't just plop data down and suck it back. They have error-checking codes, silent block remapping, on-board caching, sector size virtualization, all sorts of craziness. What's actually happening is that the file system asks...
Why is the syntax for touching a file from the command prompt so strange?
The magic incantation for updating the last-modified date on a file is What strange syntax! What's with the plus sign and the commas, anyway? The formal syntax is the much more straightforward This means to start with the file , then append the files , , and , treating them all as binary files. If you omit the part, then you get This means "Start with A, then append nothing." The side effect is that the last-write time gets updated, because the command processor opens for append, writes nothing, then closes the handle. That syntax has worked since at least MS-DOS 2.1 (the earliest version ...
The credit card with a half-million-dollar credit limit
High as the sky.
It really wasn't that fancy a Swedish sentence
I dreamed that I was on vacation with my family at a cabin in the woods. I went downstairs with my elder child, and in the playroom I saw another family who are good friends of ours. I guess they chose to vacation at the same place. They had hired a Swedish-speaking nanny to help with the kids. The nanny asked me a simple question, and I gave a straightforward answer. "Hon är den äldre av mina två barn." The nanny was all so impressed that I was using like super-fancy-pants Swedish grammar. Spoiler alert: It isn't particularly fancy.
A program for my nieces: The ABCs, part 1
I'm going to spend the next few weeks developing a Little Program in several parts. This is a program I wrote for my nieces, who always wanted to play with my laptop (instead of playing with me). Initially, I fired up Notepad and maximized it, and cranked the font size, but that became cumbersome, because I had to reset the font size and Word Wrap setting when they were done. On top of that, my eldest niece complained that some of the the letters were "wrong": The shape of the capital J in the font that I use does not match the shape of the capital J that my niece was taught. (The top serif didn't match.) Ha...
It rather involved being on the other side of this airtight hatchway: Disabling Safe DLL searching
The Microsoft Vulnerability Research team discovered a potential current directory attack in a third party program. The vendor, however, turned around and forwarded the report to the Microsoft Security Response Center: Our investigation suggests that this issue is due to a bug in Microsoft system DLLs rather than our program. When a process is launched, for example, when the user double-clicks the icon in Explorer, a new process object is created, and the DLLs are loaded by a component known as the Loader. The Loader locates the DLLs, maps them into memory, and then calls the DllMain function for each of t...
Why was the Windows source code trunk called the Blue Line?
The nickname doesn't get used much at all any more, but back in the day, the Windows source code trunk was called the Blue Line. Where did it get that name? From the color of the whiteboard pen. When the branching structure was worked out, the trunk was drawn with a blue pen. If you were in that meeting, and you wanted to raise a point about the diagram, you might say, "But when the red line meets the blue line…", or "How do changes get from the green line to the blue line?" Everybody called the trunk the "blue line" in the meeting, and that nickname carried forward into the internal documentation. Of...
Why don't elevated processes inherit their environment variables from their non-elevated parent?
As a general rule, child processes inherit the environment of their parent. But if the parent is non-elevated and the child is elevated, then this inheritance does not happen. Why not? There are two answers to this question. For the kernel-color glasses answer, I defer to Chris Jackson, the App Compat Guy. It's interesting to see how it all works, but it doesn't explain why the mechanism was designed to block environment variable inheritance. The reason for the design is that allowing an elevated process to inherit the from a non-elevated process creates an attack vector. The non-elevated process sets its t...