July 2006 - Posts

Wednesday, July 19, 2006 7:35 PM

The magics of FILE_FLAG_BACKUP_SEMANTICS flag or contradiction in the MSDN library

MSDN: "The FILE_FLAG_BACKUP_SEMANTICS flag specified in the call to CreateFile gives the backup application process permission to read the access-control settings of the file or directory. With this permission, the backup application process can then call GetKernelObjectSecurity and SetKernelObjectSecurity to read and than reset the access-control settings.".

However there is another (undocumented) behavour of FILE_FLAG_BACKUP_SEMANTICS flag. It allows non-privileged user to flush buffers on a volume.

The documentation for FlushFileBuffers function contradicts the found undocumented behavour: "To flush all open files on a volume, call FlushFileBuffers with a handle to the volume. The caller must have administrative privileges."

Read this discussion on kernel NG.
Posted by Volodymyr Shcherbyna | 1 comment(s)
Filed under:
Saturday, July 08, 2006 8:44 PM

IE 7 Beta 3 bugs ...

I installed yesterday IE 7 Beta 3 (for XP SP2 32bit) and now I realize that it contains a lot of bugs. It crashes mostly when you navigate to "specific urls". Here is the steps to reproduce:

- login to msmvsps.com
- goto http://msmvps.com/ControlPanel/Blogs/articlelist.aspx
- click on "New Article" button
- wait untill IE7 dies

Error report is as always not imformative, I used OllyDbg debbuger to attach to process to see the "details" of a crash. Look at attached screenshot.

P.S. Issue has been submitted here

Posted by Volodymyr Shcherbyna | with no comments
Filed under:
Friday, July 07, 2006 6:17 PM

Finally Microsoft implemented InternetReadFileExW function ...

Some time ago I was surprised when noticed that UNICODE version of WinInet function InternetReadFileEx is not implemented. Disassembling wininet.dll gave me the following results:

.text:000007FF7D0D16A0 ; InternetReadFileExW proc near
.text:000007FF7D0D16A0                 sub     rsp, 28h
.text:000007FF7D0D16A4                 mov     ecx, 78h
.text:000007FF7D0D16A9                 call    cs:SetLastError
.text:000007FF7D0D16AF                 xor     eax, eax
.text:000007FF7D0D16B1                 add     rsp, 28h
.text:000007FF7D0D16B5                 retn
.text:000007FF7D0D16B5 InternetReadFileExW endp

So InternetReadFileExW just was calling SetLastError(120); which means that this function is not impelemneted on the target system. The problem is: at that time official documentation stated that InternetReadFileExW is implemented!

I wrote several letters to MSFT about this issue, but they just forgot about me - there were no reply concerning my problem. Now I see that starting with IE7 Beta Microsoft implemented this function as a quick hack - it simply calls InternetReadFileExA:

.text:6302FDC7                 public InternetReadFileExW
.text:6302FDC7 InternetReadFileExW proc near
.text:6302FDC7
.text:6302FDC7 hFile           = dword ptr  8
.text:6302FDC7 lpBuffersOut    = dword ptr  0Ch
.text:6302FDC7 dwFlags         = dword ptr  10h
.text:6302FDC7 dwContext       = dword ptr  14h
.text:6302FDC7
.text:6302FDC7                 mov     edi, edi
.text:6302FDC9                 push    ebp
.text:6302FDCA                 mov     ebp, esp
.text:6302FDCC                 mov     eax, [ebp+lpBuffersOut]
.text:6302FDCF                 push    esi
.text:6302FDD0                 xor     esi, esi
.text:6302FDD2                 cmp     eax, esi
.text:6302FDD4                 jz      short loc_6302FDF3
.text:6302FDD6                 cmp     [eax+8], esi
.text:6302FDD9                 jnz     short loc_6302FDF3
.text:6302FDDB                 push    [ebp+dwContext] ; dwContext
.text:6302FDDE                 push    [ebp+dwFlags]   ; dwFlags
.text:6302FDE1                 push    eax             ; lpBuffersOut
.text:6302FDE2                 push    [ebp+hFile]     ; hFile
.text:6302FDE5                 call    InternetReadFileExA
.text:6302FDEA                 mov     esi, eax
.text:6302FDEC
.text:6302FDEC loc_6302FDEC:                          

.text:6302FDEC                 mov     eax, esi
.text:6302FDEE                 pop     esi
.text:6302FDEF                 pop     ebp
.text:6302FDF0                 retn    10h
.text:6302FDF3 ; ---------------------------------------------------------------------------
.text:6302FDF3
..text:6302FDF3                 push    57h
.text:6302FDF5                 jmp     loc_63044AE6
.text:6302FDF5 InternetReadFileExW endp

Posted by Volodymyr Shcherbyna | with no comments
Filed under:
Wednesday, July 05, 2006 3:29 PM

First (rather philosophical) post ...

Here there.

My name is Vladimir Scherbina. I am a software developer living in Ukraine in a nice city named Kiev.

I am kind of person from a "new generation" - those who started their programming expirience with high level languages. My first language was "BASIC" and my first computer was "Korvet" - it's an Soviet computer that was used in a schools for teaching kids. These computers were canceled in 1985 y. in Soviet Union but they still can be found in ukranian schools (I hope).

After "BASIC" I moved to Pascal, C, then C++ and finally x86 asm. I also worked (a lot) with MC++, C#, J#, Java, PHP, VB, VB.NET and other interpreted languages but my love is pure C/C++ or x86 asm.

I'll try to post here an interesting ideas/investigations concerning win32/win64.

For now that's all. I hope you will forgive me my mistakes in English (my native language is russian/ukranian).
Posted by Volodymyr Shcherbyna | with no comments
Filed under: