Why doesn’t RevertToSelf undo the most recent SetThreadToken?
A customer was experiencing unexpected behavior in their Windows service process with respect to impersonation. The customer’s question had two parts. Let’s take them one at a time. Our service...
View ArticleWhy did the friendly name for the Network Service account change?
A customer had a service that runs under the Network Service account. They found that starting in Windows Vista, if the service calls GetUserName, it no longer gets “NETWORK SERVICE” back; instead,...
View ArticleHow long do I have to keep the SECURITY_ATTRIBUTES and SECURITY_DESCRIPTOR...
A customer passed a SECURITY_ATTRIBUTES when creating a file and wanted to know how long that structure (and the structures it points to) need to remain valid. “Do I have to keep them around as long...
View ArticleSecurity through lying
I had forgotten the userid I had used to generate one of my online accounts. I thought I had used an underscore, but I couldn’t get the site to accept it. It did yell at me, though. “Userids must...
View ArticleHow do I create a directory where people can create subdirectories but cannot...
A customer was having trouble setting up security for a new file share for which they wanted a particular usage model: What we would like is for everybody to be able to create new files and folders on...
View ArticleHow can I generate a stack backtrace that is independent of ASLR?
When you capture a stack backtrace with the CaptureStackBacktrace function, the addresses returned are absolute addresses. If you’re capturing these values for future correlation, then saving the...
View ArticleDebugging session: Which of the many things happening in this single line of...
A crash report came in, and the offending line of code was the following: void CDeloreanSettings::UpdateFluxModulation(bool sendNotification) { ComPtr<IFluxModulator> spModulator; // Crash on...
View ArticleDiagnosing a crash in unloaded_something.dll
A failure report came in to the shell team because Explorer crashed at shutdown in what the debugger reported as unloaded_themeui.dll. Time to dig in. ntdll!RtlpCallVectoredHandlers+0xeb...
View ArticlePrinting the name and position of the focused item on the desktop
Today's Little Program prints the name and position of the focused item on the desktop. Remember, Little Programs do little to no error checking. #define UNICODE #define _UNICODE #include "stdafx.h"...
View ArticleThe chain reaction started when a customer’s line of business application...
A customer (via their customer liaison) reported that they use Folder Redirection to put various folders on a network share, but they discovered that one of their line of business applications doesn't...
View ArticleWhy does SHGetKnownFolderPath fail when impersonating?
A customer was having trouble with the SHGetKnownFolderPath function. We are calling the SHGetKnownFolderPath function. from a service while impersonating a user, but it returns E_ACCESSDENIED....
View ArticleHow can I tell whether a file is on a removable drive, a fixed drive, or a...
With the introduction of junctions, symbolic links, and volume mount points, it is no longer the case that a drive letter corresponds to a drive. You can mount multiple drives into a single drive...
View ArticleWhy does SetFileValidData fail even though I enabled the...
A customer reported that their call to SetFileValidData was failing with ERROR_PRIVILEGE_NOT_HELD despite the fact that they held the privilege whose name is defined by the symbol...
View ArticleIf I create multiple selectors each of size 4GB, do I get a combined address...
Every so often, someone comes up with the clever idea of extending the address space of the x86 processor beyond 4GB by creating multiple selectors, each of size 4GB. For example, if you created a 4GB...
View ArticleI finally finished this awesome game called Photoshop, let me send you a video
It used to be that if you needed to create a recording of a program on the PC, you had to get Expressions Encoder or some other capture program. But the feature is now built into Windows 10, assuming...
View ArticleInvestigating an app compat problem: Part 1: The initial plunge
Today we're going to look at an application compatiblity problem. Actually, today, we'll just look at the crash that is the reason why we have an application compatibility problem. We'll then spend...
View ArticleInvestigating an app compat problem: Part 2: Digging in
We left our story with the conclusion that the program crashed because its TLS slot was null. But how can we figure out who sets the TLS slot and why it failed to set the TLS slot? Let's hope that the...
View ArticleInvestigating an app compat problem: Part 3: Paydirt
Last time, we learned that the proximate cause of failure was that we were trying to set a bit in a bit array, except that the this pointer was null. That didn't really bring us any closer to the bug....
View ArticleWhat’s so special about the number 64 when it comes to TLS slots?
Last time, we ended with the question, "What's so special about the number 64?" when discovering that a program crashed if it ever got a TLS slot index greater than or equal to 64. Versions of Windows...
View ArticleClik here to view.
Is there a way to change the minimum size for large pages?
We discussed Large Page Support a few years ago. In practice, the large page minimum size is 2MB. A customer wanted to know if there was a configuration setting to change the minimum size for a large...
View Article