Holy cow, I wrote a book!
One of my colleagues on a previous team was stationed in Alaska
as part of his military service.
He said that one of the things people did for a cheap thrill
was to take a cup of hot water outside when it was like a bazillion
degrees below zero and throw it up into the air.
(Things must be really boring in Alaska in the dead of winter.)
But you have to see it to believe it.
And now you can.
I have no idea why the window manager team added
to Windows NT.
It basically says,
"Hi, use this key to violate all the rules known to mankind about
what can legitimately be done in a DllMain function.
Oh, and be
an attractive malware attack vector, too."
I've debugged a few crashes that were traced back to the
What makes them particularly fun is that
the offending DLL is usually not on the stack.
Rather, the fact that a foreign DLL is being loaded
inside USER32's initialization code
means that you're violating the rule against
calling LoadLibrary inside
a DllMain function.
The result of this madness is that DLLs get initialized out of
order, and typically manifests itself in some DLL crashing
trying to use an object (often a critical section)
that it is supposed to have initialized in its
It crashed because the loader got tricked into initializing
DLLs out of order.
The dependent DLL received its DLL_PROCESS_ATTACH
before the prerequisite DLL.
I end up looking at these failures because the victim DLL
is often a DLL that my group is responsible for.
The window manager folks came to the same conclusion about
and it doesn't work any more in Windows Vista by default.
(Nick Kramer describes how to re-enable it.)
If you come to New York City in December,
you'll find the festive Christmas season throughout the town.
Skaters wobble beneath the giant tree in Rockefeller Center.
Giant snowflakes adorn the upper floors of the
Saks Fifth Avenue store
while animated Christmas-themed window displays entertain visitors
on the ground floor of Saks, as well as
Macy's (where Santa takes a roller coaster ride),
Lord and Taylor,
and many other stores.
But somewhat overlooked in all this extravagance are the
amateur efforts of the residents of Dyker Heights.
(Take the R to 86th then make the 20-minute walk or
catch the B64 bus to 11th Avenue.)
There is no line for tickets; there is no entrance.
You just wander through the streets admiring the Christmas
lights, inflatable snowmen, Nativity displays, and other
decorations, be they tasteful and reverential or
(what you're more likely to notice) ostentatious and mind-boggling.
There were a lot of extravagant displays, but the one that took the
cake was the large house with a 15-foot-tall Santa flanked by
20-foot tall nutcracker soldiers, accompanied by two merry-go-rounds
and life-size figures waving to passers-by from the upper balcony.
Visit in the early evening, say from 5pm to 7pm.
This hits the sweet spot between "late enough that night has fallen"
and "catch them before the lights are turned off."
We visited during a weekday and there were barely any people on the
streets, and those we saw
were locals just out for an evening stroll.
There were a few cars driving slowly through the neighborhood,
but not enough to disrupt that friendly neighborhood atmosphere.
(I suspect things are much different on the weekends.)
Remember, this is a residential neighborhood, not a commercial display,
so don't make a lot of noise and please respect the residents' privacy.
Here's a question that came in from a customer:
Is there a way to view all the Windows color schemes at once?
We want to display text in the COLOR_BTNTEXT color
against a background of COLOR_INACTIVECAPTION,
and we want to check that this looks good in all of the themes.
A mistake I see from some programs is mixing system colors
that are not meant to be mixed.
The colors I'm talking about are the ones obtained from
the GetSysColor function.
Here are the text and background color pairs,
with a sample of what those colors are
on a default install of Windows XP.
If you're going to combine colors,
and you need them to contrast against each other
(for example, because you're going to draw text with them
as the foreground and background colors),
choose a pair from one of the rows above.
Do not choose colors from different rows because there is no
guarantee that they will be readable against each other.
For example, I like to use
black on #71FFFF
as my color scheme for highlighted text.
I've seen programs which break the above rule and draw text in the
COLOR_HIGHLIGHT color against a background
on the assumption that the highlight color contrasts against
the window color.
(They get away with this in the default Windows XP color scheme
because the window color is white and the highlight color is medium blue.)
Unfortunately, on my machine, this results in
text that is
extremely painful on the eyes.
Remember: When it comes to system colors, match.
In early 1997, the movie
Fly Away Home,
a film about a teenage girl and her father rescuing a family of geese
(inspired by Operation Migration),
was released on DVD.
the movie was
well-reviewed and even earned an Academy Award nomination.
The very same weekend, the movie
with the very similar name
Follow Me Home
was released in theaters.
Its critical reception was less favorable.
exploiting the inattentive?
Take a shortcut to the command prompt or some other Windows component,
right-click it, and select "Run as Administrator."
The "Start in" directory from the shortcut is ignored
and you are always dropped into the system directory.
Why is the starting directory ignored?
To avoid a category of attacks (current directory attacks).
the dynamic link library search order documentation,
the current directory is searched in step five,
after the executable directory, and a variety of system-defined
If a program calls LoadLibrary and does not pass
a fully-qualified path, and the DLL cannot be found in one of the
first four locations, the current directory will be searched.
An attacker can drop a DLL into a directory and trick you into
running a program with that directory as its current directory.
When that program tries to load a library that normally doesn't exist,
the one the attacker created will be found and loaded.
This is bad.
Note that this behavior applies only to
Windows binaries and only if they are launched through
an elevation prompt.
(Programs that are not a part of Windows do not receive this
behavior because compatibility testing showed that third-party
application rely heavily on the current directory being preserved
across an elevation boundary.
installers will unpack their contents into a temporary directory,
change to that temporary directory, and then run the main setup
In the discussion of the environment variable problem,
BryanK posits that the real mistake was allowing batch files to
modify their parent environment in the first place.
Instead, they should have run in a sub-process.
Try saying that when your computer has only 16KB of memory,
which is how much memory the original IBM PC came with.
Heck, try saying that when your operating system doesn't
even support sub-processes!
It wasn't until MS-DOS 2.0 that the ability to run a process
and then regain control after the process exits even existed.
MS-DOS 1.0 followed the CP/M model wherein exiting a process
freed all the memory in the computer
(save for the operating system itself, of course; thank you, nitpickers)
and loaded a fresh copy of the command interpreter.
There were some checksum hacks to avoid reloading the command
interpreter if it didn't appear to have been modified by the
program that just exited.
Besides, if batch files couldn't modify the environment of
the command interpreter, the AUTOEXEC.BAT file
would be pretty useless.
Last night, I had dinner and went bhangra dancing
with Larry Page's fiancée's brother's co-worker.
He's a nice guy.
Okay, so you already read
The healing properties of safe mode
Here's the bonus content that was cut for space.
the original title was "The Magical Healing Powers of Safe Mode,"
but it got trimmed for space reasons.
(Ich bin mit
der deutschen Übersetzung des ersten Satzes
ein bisschen enttäuscht.
Die eingeklammerte Phrase
bittet um einen von den
nur auf Deutsch gesehenen
unverständlich langen adjektivischen Ausdrücken.
Anstatt dessen hat der Übersetzer aufgegeben
und die Phrase einfach weggelassen.
Anderseits benutzt die deutsche Version den ursprünglichen
Titel, so vielleicht ist es ja nicht so schlecht.)
Useless Windows history:
The feature now known as safe mode went through many other names
before the final name was settled upon.
I've been informed that the Redmond branch of the
Microsoft Company Store
has begun stocking the dead tree edition of
"But wait, your program isn't printed by Microsoft Press;
it's published by Addison-Wesley Professional.
I thought the company store only stocked Microsoft Press titles."
I'm told that this is a pilot program.
(And no, I don't know what the success criteria are.)
When I stopped by the store a few days ago, they were in the process
of reorganizing the book section, so not only was my book not up,
neither were any others!
But it should be there "any day now."
And remember, I'll gladly sign your book
but you have to tell me what to write.