The mystery of the stalker dental hygienist


Ony of my colleagues remarked that every time he visits the dentist, the hygienist seems to have stalker-level knowledge of his life.

"How did your son do at the chess tournament?"

"Have you decided to do anything fun with your brother's family when they come to visit?"

"Did your wife's performance go well?"

Eventually, he realized why the hygienist knew so much about his life: Because his wife's dentist schedule matches his, but she goes in a month earlier.

The hygienist chats with his wife during her visit, which means that when he goes in a few weeks later, the hygienist asks follow-up questions.

Comments (21)
  1. Nik says:

    And he thought “oh, that’s a perfectly harmless explanation”. But a week later he knocked over a picture frame, and he found the hidden camera !

  2. Don Reba says:

    “Every time he visits” — I’m surprised he didn’t ask the first time it happened. Did he think it was just a good guess?

    1. “Er… that seems an awfully private question. May I inquire as to how you have such intimate knowledge of my private life?”

      Or something like that?

      1. Brian_EE says:

        I find that you don’t answer the hygienist at all. He/She always talks and ask questions while his/her fingers are shoved into your mouth.

        1. Yet the wife somehow managed to.

        2. Rick says:

          I usually respond in ASL.

          But it turns out most dental hygienists don’t know sign language…

      2. Don Reba says:

        — See, that barely hurt at all. And, by the way, how did your son do at that chess tournament?
        — Oh, hey, was your kid competing, too?
        — Haha, no, it’s just that your wife had her checkup here last month. She said little Garry had a shot at winning.

  3. Ambarish says:

    This sounds similar to the unfair subway problem.

  4. Simon Clarkstone says:

    No, no, no; we can’t have non-technical posts on this blog. How about:

    A colleague of mine had a long-running puzzle where DentalHygenistEx would pass to its callback function handles that it seems “impossible” for DentalHygenistEx to know about. After some extended debugging, he hypothesised that the handles must be being passed into DentalHygenistEx somewhere else, and after resorting to the kernel debugger captured this stack trace (reconstructed from my best recollections):

    [extract from kernel debugger session]

    But this process isn’t even running as the same user! Is this a sign of information leaking between users? What is this program and why is it passing our handles to DentalHygenistEx()? The clue is in the penultimate stack frame, giving us the image name of WIFE64.EXE. Searching the MSDN documentation for Windows Familial Extensions (x64), we find the following:

    [MSDN excerpt]

    Handles being sent between processes of different users under some circumstances is an intended part of Windows Familial Extensions. But how is this magical information-tunelling performed? Observe the following heap-layout table captured at the same time (again reconstructed from my best recollections):

    [table of addresses and DLL names]

    The fifth item on the list is a shared memory area belonging to MARRIG32.DLL¹, the userland interface to NUPTUAL². I haven’t been involved for more recent versions, but in the early days of Windows XP (when this story occured) MARRIG32.DLL used such shared-memory areas for communication within process-pairs and must obviously (from the documentation quoted above) send handles back and forth.

    This is another case of a solution to a local problem (WIFE64.EXE needing new handles to send to DentalHygenistEx) being slightly more global than you expect but no more global than it is supposed to be. As for the apparent security design flaws, they are an illusion: WIFE64.EXE is indeed running under a different user, but it is a user paired/unified with the current one and so is already on the wrong side of the air-tight hatchway. DentalHygenistEx() understands NUPTUAL in its interpretation of ACLs and will not in general leak information between users.

    Footnotes:

    ¹ According a different colleague, Windows 10 reporting finds that over 80% of processes load MARRIG32.DLL or one of its successors at some point during their lifetime. I don’t remember the exact figure or which editions of Windows it applies to because it was from one conversation I had at lunch 2 years ago. I didn’t expect it to be on the exam.

    ² The best explanation I kind find for this name is as a dyslexic acronym for NT User-Pairing And Unification Library.

    1. cheong00 says:

      Talking about those Non-Computer post on this blog, I do miss “the wisdom of — graders” series.

    2. Matteo Italia says:

      Nitpicker’s corner: of course NUPTUAL cannot just “send handles back and forth” – NT kernel handles are local to a process; some DuplicateHandle calls are involved. I cannot believe that I have to specify this, but apparently some commenters just aren’t happy if I don’t state the obvious each and every time.

      1. Ian Yates says:

        Cherry on top.
        It’s like we could conceivably train some AI bot to Raymondize a standard story to make it interesting for us interested in the history, with a blend of modern, Windows & other IT

    3. xtal256 says:

      Raymond has frequently posted non-computer things on this blog, but your Windowization of his story was hillarious.

    4. D-Coder says:

      Bravo!

    5. Mac says:

      Genius stuff!

  5. Brian says:

    I’m reasonably sure the hygienists keep a portfolio of info about clients – while the specific one I see for a cleaning each six months may rotate, they always seem to recall details about my family and activities. Either they employ multiple people with photographic memories, or they write down what they learn.

    1. The staff at my dentist make no secret about the fact that they keep a dossier on my personal life. They’ll occasionally say things like, “It says here that you went on a trip to <place>. How’d that go?”

      1. James Sutherland says:

        That sounds a bit creepy – why keep a file like that?! On the other hand, my late rich cousin used to be a regular at the Ritz hotel in London, which apparently did exactly the same, so regular guests could be “recognised” and greeted as someone they knew. (My dentist goes to the other extreme; I discovered last checkup, after being a patient there for 20 years, that they have me listed as female with the wrong date of birth. Apparently gender was a field added in a subsequent update, and they never bothered to correct mine from the default value since it doesn’t generally matter…)

        My equivalent tale is talking to a “counter terrorism guy” from the federal government, on my first full day in TX. A few minutes into the conversation, he mentioned that one of the cleaning staff from my (British) high school had died earlier that year. That’s six time zones away, and *I* didn’t know that until then – prompting a few paranoid theories before he revealed that he used to work there himself. Small world.

        (Five years later, I got a new job in the UK, in another city – then discovered a friend from TX had just taken a job in the next building. It really is a very small world in some ways!)

  6. Paul says:

    This exact thing has happened to me!

  7. mikeb says:

    I guessed (wrongly) that the reveal was going to be that the hygienist followed clients and/or client family on social media sites, and made a point to check in on those connections for the day’s clients. In other words, the hygienist *would* turn out to be a stalker of sorts.

  8. lun says:

    Does doctor-patient privilege not apply to dental hygienists?

Comments are closed.

Skip to main content