Archive for June, 2007

IE7 Crashing?

Friday, June 15th, 2007

I have noticed in the past few days that IE7 has been crashing a lot on msdn2.microsoft.com. Is anyone else seeing this or did I somehow screw up my system? Vista, latest updates, blah blah…

Posted in General nonsense, Microsoft | 3 Comments »

Please at least Authenticode-sign your drivers

Friday, June 15th, 2007

I am a happy user of Parallels Desktop, which, for those that don’t keep up with this sort of thing, is virtual machine software for Mac. It’s a great product overall, although it has a few rough edges.

One of the rougher edges is the fact that their drivers are unsigned. I suspect they’re probably doing some unsignable things, but for Vista, there’s still a partial solution: Authenticode signing.

I’ve covered signing on this blog in the recent past, so I won’t re-hash the technical details again. But from the perspective of an end-user, I hate clicking all of those blood-red boxes. I even missed a click once and had to figure out how to fix it manually.

Authenticode doesn’t do much for downlevel platforms, but it can make a big, positive difference to end users on Vista and beyond.

Posted in WDK, Windows | No Comments »

Whence came function hooking?

Wednesday, June 13th, 2007

A friend is digging around trying to find out when function prologue hooking was invented, and who did it. Does anyone out there know of any old-time uses of function prologue hooking?

I’m NOT talking about:

  • Interrupt hooking
  • system call hooking
  • window hooks
  • VxD service hooking
  • hot patching
  • any “architected” hook

I’m interested only in programs that disassemble a C (or similar) function prologue and replace it with some sort of jump or call or something.

Anyone have any old examples?

UPDATE: One commenter pointed out Detours. Their paper was published in 1999. I was hoping for something before that, as I can’t bring myself to believe that they invented the technique of function prologue hooks that recently.

Posted in Programming | 8 Comments »

Is it just me…

Monday, June 11th, 2007

…or are LookupAccountName and LookupAccountSid named backwards?

Annoying.

Posted in Programming | 1 Comment »

A documented way to get loaded modules

Tuesday, June 5th, 2007

This is a new one on me. I just saw this mentioned on NTDEV for the first time yesterday. AuxKlibQueryModuleInformation is a documented way to get the loaded modules, replacing some of the functionality of ZwQuerySystemInformation.

In fact, the entire Auxiliary Kernel-Mode Library Routines section is interesting. I had no idea it existed until now. Other exports include AuxKlibGetImageExportDirectory and AuxKlibGetBugCheckData.

Doron Holan says that it’s backward-compatible all the way to Windows 2000 via a static library, in a similar manner to cancel-safe queues and the safe string library.

Neato.

Posted in DDK, Programming, WDK | 1 Comment »