The management of memory for resources in 16-bit Windows

In a previous entry I threatened to discuss the way resources were managed in 16-bit Windows. In 16-bit Windows, resources were not loaded until explicitly requested. The FindResource function located the entry for the resource in the resource directory and returned it in the form of a HRSRC. The LoadResource function took that resource handle,…

13

What goes wrong when you add “Copy To” to the context menu

Lockergnome tipped people off to this page which talks (among other things) about adding “Copy To” to the context menu. I considered adding this tweak to Tweak UI but ultimately decided against. Here’s why: The “Copy to Folder” and “Move to Folder” options weren’t designed to be on the context menu. They were only meant…

17

“Section 419” scammers arrested in Netherlands; Danish flag flies proudly

Dutch police have arrested 52 people suspected of defrauding gullible Internet users in one of the largest busts of the infamous “Nigerian e-mail” scam. Hooray for the Dutch police. Their next target: Web sites that illustrate a Dutch article with the Danish flag. (I must sheepishly admit that I too mistakenly identified the home of…

9

The format of string resources

Unlike the other resource formats, where the resource identifier is the same as the value listed in the *.rc file, string resources are packaged in “bundles”. There is a rather terse description of this in Knowledge Base article Q196774. Today we’re going to expand that terse description into actual code. The strings listed in the…

34

How do we decide what features make it into a product?

David Lemson has an excellent article titled How do we decide what features make it into Exchange?. Although he’s talking about Exchange specifically, the general principles apply to many products.


Integer overflow in the new[] operator

Integer overflows are becoming a new security attack vector. Mike Howard’s article discusses some of the ways you can protect yourself against integer overflow attacks. One attack vector he neglects to mention is integer overflow in the new[] operator. This operator performs an implicit multiplication that is unchecked: int *allocate_integers(int howmany) { return new int[howmany];…

21

Ikea walk-through

Jeff Davis tipped me off to this Ikea walk-through. Frustratingly, the walkthrough doesn’t include any cheat codes. Even though Ikea was founded by a Swede, its company colors match the Swedish national colors, all its product names are Swedish, and it is clearly associated with Sweden in the minds of everyone, it is in fact…

29

Another reason not to do anything scary in your DllMain: Inadvertent deadlock

Your DllMain function runs inside the loader lock, one of the few times the OS lets you run code while one of its internal locks is held. This means that you must be extra careful not to violate a lock hierarchy in your DllMain; otherwise, you are asking for a deadlock. (You do have a…

17

Passenger announcements in the airport

While in Seattle-Tacoma International Airport yesterday, waiting for my flight to eventually be cancelled due to weather, then waiting for a replacement itinerary (um, the weather is the same at the destination; doesn’t matter which plane you take), then waiting for the replacement to be cancelled also (wow imagine that), I heard an announcement on…

4

Some reasons not to do anything scary in your DllMain

As everybody knows by now, you’re not supposed to do anything even remotely interesting in your DllMain function. Oleg Lvovitch has written two very good articles about this, one about how things work, and one about what goes wrong when they don’t work. Here’s another reason not to do anything remotely interesting in your DllMain:…

24