Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

Blue Ink Blue Ink
  • Nothing for Money, now on WP7

    Just in case you missed it, there's an amazing app in the WP7 marketplace that shows a one dollar bill on your screen. For just 0.99 EUR. Judging by the description (my devotion to the experimental method is not unlimited), it seems that all it does is showing the obverse and reverse of the bill.

    If you find that's cute, you cannot possibly miss the other apps of the same kind... up to the incredible "€500 bill" that goes for just about 425.00 EUR.

    Seriously.

    This set me thinking... the submission process currently only allows Microsoft to bounce apps that are flawed or that break some of the rules. It's not their place to determine if an app is worth its asking price. Add the no refund policy and you get an explosive mix.

    Essentially, nothing can stop anyone from writing a correct but worthless app, slap a ridiculous price tag on that (doesn't have to be so spectacularly high) and rake in the profits from the occasional fool. Ok, maybe it takes a very special fool, a one in a million fool, which makes this not much of a concern for WP at the moment. But all of a sudden, having a Marketplace integrated in Windows, with its hundreds of millions of users, doesn't sound like a good idea.

  • Invent a better solution for a deceptively simple problem (AKA how I change de folder)

    ,androidi wrote

    ...

    edit: I think this method may need to verify that the parent is actually a console, otherwise there could be interesting results - as in starting this from debugger shows the parent is devenv.exe.

    Maybe. In its current form, the program is just a dumb CD replacement, it doesn't have any side effect unless you pass an argument, which rules out most accidents. For the purposes of our little excercise I considered that to be good enough.

    For production use, this might require further scrutiny: if the side effect is generally benign, you may want to think twice before limiting the scope of your program to CMD alone.

  • Invent a better solution for a deceptively simple problem (AKA how I change de folder)

    Technically there is a way: DLL injection. Minus the DLL injection part... as it turns out, kernel32 is always loaded in every process at the same address and SetCurrentDirectory is compatible with LPTHREAD_START_ROUTINE, so you can call CreateRemoteThread without having to write a DLL.

    Here's a rough proof of concept (as in: written in a rush, tested for two minutes on exactly one machine)

    #include "stdafx.h"
    #include <Windows.h>
    #include <TlHelp32.h>
    
    DWORD GetParentProcessId () {
      DWORD processId = GetCurrentProcessId ();
      HANDLE snapshot = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, processId);
    
      if (snapshot == INVALID_HANDLE_VALUE) {
        _tprintf (_T("Cannot create shapshot.\n"));
        ExitProcess (0);
      }
    
      PROCESSENTRY32 processEntry;
      processEntry.dwSize = sizeof (PROCESSENTRY32);
      if (Process32First (snapshot, &processEntry)) {
        do {
          if (processEntry.th32ProcessID == processId) {
            return processEntry.th32ParentProcessID;
          }
        }  while (Process32Next (snapshot, &processEntry));
      }
    
      ExitProcess (0);
    }
    
    BOOL EnableDebugPrivileges () {
      HANDLE token;
      LUID sedebugnameValue;
      TOKEN_PRIVILEGES privileges;
    
      if (OpenProcessToken (GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES| TOKEN_QUERY, &token)) {
        if (LookupPrivilegeValue (NULL, SE_DEBUG_NAME, &sedebugnameValue)) {
          privileges.PrivilegeCount = 1;
          privileges.Privileges[0].Luid = sedebugnameValue;
          privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    
          if (AdjustTokenPrivileges (token, FALSE, &privileges, sizeof (privileges), NULL, NULL)) {
            CloseHandle (token);
            return TRUE;
          }
        }
        CloseHandle (token);    
      }
    
      return FALSE;
    }
    
    int _tmain (int argc, _TCHAR* argv []) {
      DWORD processId = GetCurrentProcessId ();
      DWORD parentProcessId = GetParentProcessId ();
      _TCHAR pathname [MAX_PATH];
    
      if (argc < 2) {
        if (GetCurrentDirectory (MAX_PATH, pathname)) {
          _tprintf (_T ("%s\n"), pathname);
        }
        return 0;
      }
    
      if (_tclen (argv [1]) >= MAX_PATH) {
        _tprintf (_T ("The filename or extension is too long.\n"));
        return 0;
      }
    
      if (! SetCurrentDirectory (argv [1])) {
        _tprintf (_T ("The system cannot find the path specified.\n"));
      }
    
      //TODO: get the actual casing in the pathname
      wcscpy_s (pathname, argv [1]);
    
      if (! EnableDebugPrivileges ()) {
        _tprintf (_T ("Error: Cannot enable debug privileges."));
        return 0;
      }
    
      HANDLE target = OpenProcess (PROCESS_ALL_ACCESS, FALSE, parentProcessId);
      if (target != INVALID_HANDLE_VALUE) {
        HMODULE kernel32 = LoadLibrary (_T("kernel32.dll"));
        if (kernel32 != NULL) {
          FARPROC address = GetProcAddress (kernel32, "SetCurrentDirectoryW");
          if (address != NULL) {
            LPVOID remoteMemory = VirtualAllocEx (target, 0, sizeof (pathname), MEM_COMMIT| MEM_RESERVE, PAGE_EXECUTE_READWRITE);
            if (remoteMemory != NULL) {
              if (WriteProcessMemory (target, remoteMemory, pathname, sizeof (pathname), NULL)) {
                HANDLE handle = CreateRemoteThread (target, NULL, 0, (LPTHREAD_START_ROUTINE) address, remoteMemory, 0, NULL);
                if (handle == NULL) {
                  _tprintf (_T ("Error: %d"), GetLastError ());
                } else {
                  WaitForSingleObject (handle, 1000);
                  CloseHandle (handle);
                }
              }
              VirtualFreeEx (target, remoteMemory, 0, MEM_RELEASE);
            }
          }
          FreeLibrary (kernel32);
        }
        CloseHandle (target);
      }
      return 0;
    }
    

    A couple of notes:

    1) Due to the assumption about kernel32, the program must match the "bitness" of the command prompt.

    2) The program doesn't require elevation, but I wouldn't be surprised if it didn't work for a restricted user.

    EDIT: fixed a bad typo in VirtualFreeEx

  • IE9 copy & paste removes line returns

    @androidi: It doesn't seem to be Google's fault this time: the minimum repro I could find is:

    <div style="display: table">
      <div>
        This text cannot be selected
      </div>
    </div>

    If you remove the "display: table" directive, or remove the inner nested div, the problem disappears. Weird...

  • Happy birthday, Linux!

    Hey, I thought nobody was supposed to comment on Windows 8 until build.

    //TODO: find an appropriate smiley

  • Channel 9 show idea

    ,cbae wrote

    *snip*

    That's why I think they shouldn't call the new version Windows 8. They should call it Windows 7 R2. How long as Apple's OS been stuck on "version" 10?

    Maybe Apple feared back compatibility. Lots of programmers have written incredibly bad code when checking for version numbers, maybe because they don't think their application will stay around long enough, or because they don't think they will still be around when the excrement hits the ventilation system. Or something... but historically, bumping up the major version number has proved to be a big source of headaches.

  • Toshiba Mango, waterproof.

    @JoshRoss: I don't think that alone would suffice: repelling water is great, but it doesn't take a very large droplet to short a USB connector. I just hope they didn't overuse the ugly silicone plug covers.

  • Select Case behavior

    ,evildictait​or wrote

    *snip*

    Every time you write your own hash function a cryptographer somewhere cries.

     

    @Blue Ink: If you're writing hardware code that is timing sensitive and writing it in something other than C or assembly, then you're doing it wrong.

    Obviously. And using C would still expose you to the subtle difference between eager and short-circuit operators... unfortunately mine wasn't an academic example.

    As for the other comment, I think the hash function has little to do with what blowdart was referring to. If you use a method that fails early (such as short-circuit evaluation, or even just memcmp) when comparing some secret value with another submitted by the attacker, you may be giving away how much of the submitted value is correct. It's the same as making a combination lock that emits a louder tick whenever you hit on a partial result.

    In the end, someone may cry, but it won't necessarily be a cryptographer.

  • Worthless Hardware Latency ​Qualificati​on

    @exoteric: It's a minefield. WHQL may be imperfect, but there are two things that keep everybody reasonably happy: it's perceived as a level field and failures are not publicly disclosed. Neither condition would ever be possible with a public beta and things would get ugly real quick.

  • Worthless Hardware Latency ​Qualificati​on

    @androidi: no, it's the job of Nvidia to write a driver that performs as it should. What WHQL is all about is making sure that a bad driver doesn't cause a blue screen. Performance is none of their concerns.

    And even if it were, they may not get their job done: hardware manufacturer will go to extreme lengths to beat the competition while passing WHQL with flying colors... there's an old post by Raymond Chen on the subject. Recommended read.