SHOpenRegStream does not mix with smart pointers
Some time ago, I noted that CoGetInterfaceAndReleaseStream does not mix with smart pointers because it performs an IUnknown::Release of its interface parameter, which messes up all the...
View ArticleThe case of the orphaned critical section despite being managed by an RAII type
Some time ago, I was enlisted to help debug an elusive deadlock. Studying a sampling of process memory dumps led to the conclusion that a critical section had been orphaned. Sometimes, the thread that...
View Article2018 year-end link clearance
James Mickens USENIX Security 2018 Keynote: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? Answer: Because Keynote Speakers Make Bad Life Decisions And Are Poor Role...
View ArticleWhy does the elevation prompt have only the wallpaper as its background?
One small change to the elevation interface in Windows 8 has to do with the image behind the elevation prompt. In earlier versions of Windows, the image was a snapshot of your desktop, including all...
View ArticleHow can I prevent a WebView control from opening a browser window?
A customer had an application that used a UWP WebView control. Some Web sites open links in a new window by using techniques like TARGET=_blank. When the user clicks on such a link, it opens in a Web...
View ArticleWhy am I getting mojibake when I try to create a shell link?
A customer couldn't get the IShellLink interface to work. They tried to set the shortcut target to a path, but it came out as Chinese mojibake. Here's a reduction of their code to its simplest form....
View ArticleA trick for keeping an object alive in a C++ lambda while still being able to...
You may want to capture your this pointer into a C++ lambda, but that captures the raw pointer. If you need to extend the object's lifetime, you will need to capture a strong reference. For plain C++...
View ArticleThe GetRegionData function fails if the buffer is allocated on the stack. Is...
If you pass a NULL buffer to the GetRegionData function, the return value tells you the required size of the buffer in bytes. You can then allocate the necessary memory and call GetRegionData a...
View ArticleSTATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun
A category of dubious security vulnerability is people who recently discovered the STATUS_STACK_BUFFER_OVERRUN status code. The confusion is made even worse by the fact that the human-readable...
View ArticleIt rather involved being on the other side of this airtight hatchway: Messing...
A security vulnerability report came in that went something like this: If a user obtains write access to another user's registry, then the user can make that other user's life miserable by making the...
View ArticleWhy am I getting mojibake when I try to create a window?
A customer was compiling their program as Unicode, but since their data was almost all in ASCII, they were using the ANSI versions of the APIs. They registered their class with the RegisterClassA...
View ArticleWhy do we even need to define a red zone? Can’t I just use my stack for...
On Windows, the stack grows downward from high addresses to low. This is sometimes architecturally defined, and sometimes it is merely convention. The value pointed-to by the stack pointer register is...
View ArticleWhy would the incremental linker insert padding between section fragments?
Last year, I briefly discussed the subtleties of inter-fragment section padding, and noted that the incremental linker is a common source of this padding. Commenter DanStur wondered why the...
View ArticleDon’t pass lambdas (or other multi-line entities) as parameters to macros
Consider this macro: #ifdef DEBUG #define LOG(value) LogValue(value) #else // In production, evaluate but don't log. #define LOG(value) (value) #endif This seems not entirely unreasonable, but bad...
View ArticleHow do I get the effect of C#’s async void in a C++ coroutine? Part 1: Why...
The co_await C++ language keyword makes it a lot easier to write coroutines. The compiler does the grunt work of transforming your function into a state machine, similar in spirit to the coroutine...
View ArticleHow do I get the effect of C#’s async void in a C++ coroutine? Part 2:...
Last time, we looked at how to write a function that formally returns void that nevertheless performs co_await operations. The function acts like a fire-and-forget, where the remainder of the task...
View ArticleHow do I get the effect of C#’s async void in a C++ coroutine? Part 3:...
Last time, we figured out how to use a coroutine in a place where the caller expects a function returning void. It required some wrapping, and our research led to this pattern: void...
View ArticleThe Intel 80386, part 1: Introduction
Windows NT stopped supporting the Intel 80386 processor with Windows 4.0, which raised the minimum requirements to an Intel 80486. Therefore, the Intel 80386 technically falls into the category of...
View ArticleThe Intel 80386, part 2: Memory addressing modes
All of the memory addressing mode demonstrations will be some form of this instruction: MOV somewhere, 0 which stores a zero somewhere. In practice, the registers used to calculate effective addresses...
View ArticleThe Intel 80386, part 3: Flags and condition codes
The flags register contains a bunch of stuff, but here are the flags easily accessible in the debugger: Flag Clear/Set Meaning Notes OF nv/ov Overflow DF up/dn Direction Must be up at function...
View Article