The Old New Thing

But who's going to set up their own email server?

November 23, 2010 Nov 23, 2010 11/23/10
Raymond Chen
Many many years ago, back in the days when Microsoft's email address had exclamation points, an internal tool was developed to permit Microsoft employees to view and update their Benefits information from the comfort of their very own offices. Welcome to the paperless office! One of my friends noticed an odd sentence in the instructions for ...

Consequences of using variables declared __declspec(thread)

November 22, 2010 Nov 22, 2010 11/22/10
Raymond Chen
As a prerequisite, I am going to assume that you understand how TLS works, and in particular how variables work. There's a quite thorough treatise on the subject by Ken Johnson (better known as Skywing), who comments quite frequently on this site. The series starts here and continues for a total of 8 installments, ending here. That last ...

One possible reason why ShellExecute returns SE_ERR_ACCESSDENIED and ShellExecuteEx returns ERROR_ACCESS_DENIED

November 18, 2010 Nov 18, 2010 11/18/10
Raymond Chen
(The strangely-phrased subject line is for search engine optimization.) A customer reported that when they called , the function sometimes fails with , depending on what they are trying to execute. (If they had tried they would have gotten the error .) After a good amount of back-and-forth examing file type registrations, a member of the ...

If you measure something, people will change their behavior to address the measurement and not the thing the measurement is intended to measure

November 16, 2010 Nov 16, 2010 11/16/10
Raymond Chen
We all know that once you start measuring something, people will change the way they behave. We hope that the change is for the better, but that's not always the case, and that's especially true if you are using the metrics as a proxy for something else: People will manipulate the metric without necessarily affecting the thing that your ...

The program running in a console decides what appears in that console

November 15, 2010 Nov 15, 2010 11/15/10
Raymond Chen
James Risto asks, "Is there a way to change the behavior of the CMD.EXE window? I would like to add a status line." The use of the phrase "the CMD.EXE window" is ambiguous. James could be referring to the console itself, or he could be referring to the CMD.EXE progarm. The program running in a console decides what appears in the console. ...

Why does the common file dialog change the current directory?

November 12, 2010 Nov 12, 2010 11/12/10
Raymond Chen
When you change folders in a common file dialog, the common file dialog calls to match the directory you are viewing. (Don't make me bring back the Nitpicker's Corner.) Okay, the first reaction to this is, "What? I didn't know it did that!" This is the other shoe dropping in the story of the curse of the current directory. Now the question...

Using delayload to detect functionality is a security vulnerability

November 11, 2010 Nov 11, 2010 11/11/10
Raymond Chen
We saw last time that your debugging code can be a security vulnerability when you don't control the current directory. A corollary to this is that your delayload code can also be a security vulnerability, for the same reason. When you use the linker's delayload functionality to defer loading a DLL until the first time it is called, the ...

Your debugging code can be a security vulnerability: Loading optional debugging DLLs without a full path

November 10, 2010 Nov 10, 2010 11/10/10
Raymond Chen
Remember, the bad guys don't care that your feature exists just for debugging purposes. If it's there, they will attack it. Consider the following code: When you need to debug the program, you can install the DLL into the application directory. The code above looks for that DLL and if present, gets some function pointers from it. For ...