Showing tag results for Other

In the category of dubious vulnerability, I submit the following (paraphrased) report: If I call the function, I can cause a buffer overflow exception if I provide an insertion that is more than 2000 characters long. The function in Windows NT, 2000 and XP used the dynamically expanding buffer technique to allocate memory for the re...

Why does the Welcome screen beep if you hit the space bar after the computer has finished starting up? For compatibility with a side effect of the Windows XP Welcome screen. A beta tester asked us why we removed the beeps that were generated if you started typing at the Welcome screen after the computer finished starting up. Well, we didn't ...

Take a shortcut to the command prompt or some other Windows component, right-click it, and select "Run as Administrator." The "Start in" directory from the shortcut is ignored and you are always dropped into the system directory. Why is the starting directory ignored? To avoid a category of attacks (current directory attacks). According to the d...

I've been informed that the Redmond branch of the Microsoft Company Store has begun stocking the dead tree edition of my book. "But wait, your program isn't printed by Microsoft Press; it's published by Addison-Wesley Professional. I thought the company store only stocked Microsoft Press titles." I'm told that this is a pilot program. (And no, I...

For good or ill, email is the most heavily used communication system at Microsoft, so much so that most people at Microsoft are known by their email addresses, sometimes more so than by their legal names! For example, most everybody at Microsoft knows Stephen Toulouse by his email address, "stepto" (pronounced as if it were spelled "steptoe"). No...

Welcome, Slashdot readers. Remember, this Web site is for entertainment purposes only. Why are INI files deprecated in favor of the registry? There were many problems with INI files. The registry tried to address these concerns. You might argue whether these were valid concerns to begin with, but the Windows NT folks sure thought they w...

On our team's web site, buried among the other debugging documents, was a page titled simply "Magic 8 Ball"®¹. If you visited it, you got a dark blue circle with a lighter-blue triangle, on which appeared white text with a randomly-chosen message. The messages were things like It was fun to give the 8-ball a shake, but the real purpose ...

As we saw last time, there are a variety of ways you can control DEP, one of which is to turn it on for all system processes. But even if you turn on DEP, it still sometimes turns itself off temporarily. It goes back to those bad versions of ATL. The application compatibility team found that there were so many programs written with application ...

Last time, we traced an failure to a shell extension that used an older version of ATL which was not DEP-friendly. But that led to a follow-up question: Why aren't we seeing this same crash in the main program as in the shell extension? That program uses the same version of ATL, but it doesn't crash. The reason is given in this chart. Notice ...

Somebody asked the shell team to look at this crash in a context menu shell extension. You should be able to determine the cause instantly. I replied, This shell extension is using a non-DEP-aware version of ATL. They need to upgrade to ATL 8 or disable DEP. This was totally obvious to me, but the person who asked the question met it...