Posts Tagged ‘windows’


October 21, 2015

Raymond Chen recently did a post about various functions that extracts a GUID from a string. He left out various pieces of information and I’m going to try to complete the picture.

Let’s start with UuidFromString. On Windows 95/98 UuidFromStringW is just a stub that returns RPC_S_CANNOT_SUPPORT. The minimum version information on MSDN is wrong in the usual way.

IID­From­String has already been covered so I’ll skip that.

Next up is CLSID­From­String. MSDN does of course not say anything about the ProgId handling but Raymond did talk about this part, I’ll just add that the implementation on Windows 8 checks if the string starts with a ‘{‘ and then tries to parse it as a GUID, otherwise it does a ProgId look-up pretty much like CLSIDFromProgID would do (I did not look at other Windows versions).

Now we’ll get to the real reason for this post. There are three more functions Raymond did not cover at all!

The first one is CLSIDFromStringWrap, exported by ordinal in SHLWAPI (version 5 and later). On Windows 8 it works like CLSID­From­String but on Windows 98/2000/XP (IE 5/6) it does not support ProgIds and works more like IID­From­String.

The second one is SHCLSIDFromString, exported by ordinal in SHELL32 (all versions) and by name in version 6 from XP.SP1 and later. MSDN fails to mention that it used to only be exported by ordinal and the version information is wrong. It works like IID­From­String except that the input string is a LPCTSTR (CHAR* on Windows 95/98 and WCHAR* on NT based systems).

The third one is RtlGUIDFromString in NTDLL (Windows 2000 and later). Because it takes a UNICODE_STRING it is mostly useful for kernel developers.

Our journey ends with GUIDFromString. This function is actually implemented in both SHELL32 (version 4.71 and later) and in SHLWAPI (version 5 and later). MSDN documents the ordinals but fails to document the minimum dll versions.

UNC + \\?\ means more work for you

May 9, 2011

Working with extended-length paths is bad enough on its own, but at least they are easy to display to the user:


Until you add UNC paths into the the mix that is…

UAC, are you high?

February 7, 2011

MSDN has a Starting Low Integrity Processes sample that creates a process with a Low IL and this works fine if the parent is running at Medium IL, but if the parent is running at High IL, UAC elevation no longer works. (The sample code does not talk about High IL parent, only Medium IL parents)

Windows does not seem to take the Integrity Level into account when checking for admin rights:
UAC Low IL Admin
When requesting elevation, it does not seem to check if Current IL < High IL and just assumes that any token that has a non-deny administrators group SID is elevated and starts the process with the wrong IL when it really should show the consent UI and force the IL to be >= High IL on the new process. Once we are in this state (Non-deny admin. group SID and IL < 0x3000) there is no way for us to elevate a child process or to get a higher IL!

It would probably come as a surprise to most people that the simple reg.exe command fails when the console has the "Administrator: " prefix and most admin check methods (IsUserAnAdmin(), TokenElevationType=TokenElevationTypeFull and TokenElevation: TokenIsElevated!=0) indicate that you are elevated! IsUserAnAdmin is only documented to check group membership and is a pre Vista API, but the other two are elevated token/privileges specific so either my definition of elevated is wrong, or there are some major bugs with the IL handling.

UAC, RunAs silent fail?

January 26, 2011

When running as a standard user with UAC disabled, choosing “Run as administrator” from the context menu is broken!

Silent Bob

Not showing the consent UI is understandable since UAC is not “hooked” into the system, but just starting the process non-elevated without a warning dialog is just wrong. When the runas verb is used with ShellExecute and UAC is not enabled it should just show the old Run As dialog used in Windows 2000/XP/2003.

(Safe) SHAutoComplete

May 29, 2010

For a long time, MSDN has stated that SHAutoComplete can only be called once on a HWND, but a recent blog post by Raymond Chen “documents” that this issue was fixed in Vista.

It sure would be nice to avoid the leak on older platforms as well, but MS is not going to help you (Implementing such a thing would reveal that their Subclassing API that supposedly is XP+ only actually goes all the way back to Win98 (Really IE5 on Win95 / NT4))

Without knowing the internals of browseui.dll (Where most of the autocomplete stuff seems to be implemented) we are left with a ugly hack: (more…)

Liar Liar, TIF on fire!

March 5, 2010

O rly?

Left out of the mix

October 31, 2009

Ever since the release of windows 95 it has been possible to minimize the volume control:

Win95 Volume Control
WinXP Volume Control

In Vista, the minimize button was removed for no reason. Why Larry, why???

Vista Volume Control

Adding the window style back with a tool like WinSpy++ clearly shows that there is no technical reason for the removal.

Vista Volume Control Mod

Even adding the maximize button works. (I have a little program that runs in the background and fixes little annoyances like this, when I get around to talking about the stupid vista explorer tree view, I might talk more about this tool and what it does)

Poor cmd.exe is looking pasty

October 5, 2009

When working in a terminal, you want to keep your hands on the keyboard as much as possible, but cmd.exe does its best to discourage you. Pasting from the clipboard is as “easy” as pressing Alt+Space+E+P. Or if you prefer the mouse (Why would you, you are in a terminal), just enable “quick edit“.

I guess giving your poor users a keyboard shortcut that can be pressed quickly with one hand is too much to ask? Ctrl+V is taken, but it screams optional registry hack. Please MS, give us a shortcut that is on by default! It can be anything, Alt+V, Ctrl+Alt+V or Ctrl+Space, I don’t care as long as we get one.

Don’t be such a square cmd.exe!

October 4, 2009

CMD.EXE turns what should be a simple copy/paste operation into a multi-step operation.


I’m not even saying the “normal” selection should be the default, but at least give me a keyboard modifier I can hold down to get a sane selection algorithm.