Archive for the ‘Windows’ Category


October 21, 2015

Raymond Chen recently did a post about various functions that extracts a GUID from a string. He left out various pieces of information and I’m going to try to complete the picture.

Let’s start with UuidFromString. On Windows 95/98 UuidFromStringW is just a stub that returns RPC_S_CANNOT_SUPPORT. The minimum version information on MSDN is wrong in the usual way.

IID­From­String has already been covered so I’ll skip that.

Next up is CLSID­From­String. MSDN does of course not say anything about the ProgId handling but Raymond did talk about this part, I’ll just add that the implementation on Windows 8 checks if the string starts with a ‘{‘ and then tries to parse it as a GUID, otherwise it does a ProgId look-up pretty much like CLSIDFromProgID would do (I did not look at other Windows versions).

Now we’ll get to the real reason for this post. There are three more functions Raymond did not cover at all!

The first one is CLSIDFromStringWrap, exported by ordinal in SHLWAPI (version 5 and later). On Windows 8 it works like CLSID­From­String but on Windows 98/2000/XP (IE 5/6) it does not support ProgIds and works more like IID­From­String.

The second one is SHCLSIDFromString, exported by ordinal in SHELL32 (all versions) and by name in version 6 from XP.SP1 and later. MSDN fails to mention that it used to only be exported by ordinal and the version information is wrong. It works like IID­From­String except that the input string is a LPCTSTR (CHAR* on Windows 95/98 and WCHAR* on NT based systems).

The third one is RtlGUIDFromString in NTDLL (Windows 2000 and later). Because it takes a UNICODE_STRING it is mostly useful for kernel developers.

Our journey ends with GUIDFromString. This function is actually implemented in both SHELL32 (version 4.71 and later) and in SHLWAPI (version 5 and later). MSDN documents the ordinals but fails to document the minimum dll versions.

A home for old explorers

September 30, 2014

I was inspired by some of the leaked Windows vNext screenshots and decided to try to replicate the new Explorer Home special folder.

Explorer Home clone


Certification requirements for Metro style apps

February 15, 2012

As I feared, Microsoft are heading down the locked-down Apple style path with Metro/WinRT.

Let’s take a look at the (preliminary) certification requirements for the Windows Store: (more…)

Never means never, unless you are the taskbar

September 14, 2011

I like to keep my taskbar buttons grouped a certain way but explorer forces per application combined groups even when you tell it never to combine!

The DWM hates the paparazzi

August 24, 2011

The windows team is probably working on the third generation of the DWM but the screen shot capability is still in the dark ages, just take a look at the B8 blog:

A third-party tool should not be required to create a simple screen shot of a window in 2011.

The application directory bundle shell hack

August 14, 2011

In the words of the great Raymond Chen: In Windows, the directory is the application bundle but that is a poor excuse for the lack of some kind of application bundle or fat binary support. I usually don’t care about eye candy but it would be nice (and a fun experiment) if we could get a application directory to look and act like a real application bundle. (more…)

UNC + \\?\ means more work for you

May 9, 2011

Working with extended-length paths is bad enough on its own, but at least they are easy to display to the user:


Until you add UNC paths into the the mix that is…

UAC, are you high?

February 7, 2011

MSDN has a Starting Low Integrity Processes sample that creates a process with a Low IL and this works fine if the parent is running at Medium IL, but if the parent is running at High IL, UAC elevation no longer works. (The sample code does not talk about High IL parent, only Medium IL parents)

Windows does not seem to take the Integrity Level into account when checking for admin rights:
UAC Low IL Admin
When requesting elevation, it does not seem to check if Current IL < High IL and just assumes that any token that has a non-deny administrators group SID is elevated and starts the process with the wrong IL when it really should show the consent UI and force the IL to be >= High IL on the new process. Once we are in this state (Non-deny admin. group SID and IL < 0x3000) there is no way for us to elevate a child process or to get a higher IL!

It would probably come as a surprise to most people that the simple reg.exe command fails when the console has the "Administrator: " prefix and most admin check methods (IsUserAnAdmin(), TokenElevationType=TokenElevationTypeFull and TokenElevation: TokenIsElevated!=0) indicate that you are elevated! IsUserAnAdmin is only documented to check group membership and is a pre Vista API, but the other two are elevated token/privileges specific so either my definition of elevated is wrong, or there are some major bugs with the IL handling.

UAC, RunAs silent fail?

January 26, 2011

When running as a standard user with UAC disabled, choosing “Run as administrator” from the context menu is broken!

Silent Bob

Not showing the consent UI is understandable since UAC is not “hooked” into the system, but just starting the process non-elevated without a warning dialog is just wrong. When the runas verb is used with ShellExecute and UAC is not enabled it should just show the old Run As dialog used in Windows 2000/XP/2003.