IPHelper API for kernel mode

The Cookbook mentions Networking: Kernel Mode IP Helper APIs. If you wonder where you can find them, they are the same as the usermode APIs. Only difference is the header. Instead of compiling against #include “iphlpapi.h”, you compile against #include “netioapi.h”. Maarten


The manifest and the resource

When you add a manifest you need to make sure that you give it the right resource type. If for some reason your manifest is not being picked up and you’ve ruled out fusion caching, then make sure that you don’t have this:   But this: The first resource 1033 will not get picked up…


Creating a COM component returns ERROR_MORE_DATA

Under Vista you might get this error when you create a COM component (800700EA ERROR_MORE_DATA). Most likely the cause of your problem is that the registry for your CLSID is messed up. You can check by starting RegEdit and navigating to the CLSID. In the regular string presentation, you won’t see a difference; looking at…


Manifest and the fusion cache

When you have an application without a manifest and you try to elevate it with an external manifest, you might get frustrated and get to the conclusion that this external manifest thing is flaky at best. The scenario goes something like this. You install your legacy application (by which I mean there is no manifest…


Mark and Manmeet on .Net Show

Mark and Manmeet appeared on the .Net show last week. Enjoy:  http://msdn.microsoft.com/theshow/episode.aspx?xml=theshow/en/episode059/manifest.xml  Maarten


MSI uninstall gives unsigned dialog

This week we again had the honor of getting the expert advise of one of the Windows Installer PMs (here and here). He mentioned that when uninstalling a signed msi package you still get the scary this-package-is-unsigned dialog. Reason is that the installer tosses out files from the cab it doesn’t need to save space. Obviously this will ruin…


rundll32.exe appwiz.cpl,NewlInkHere is back

For some reason it was quite common to use an undocumented (and hence unsupported and we-can-pull-rug-underneath-at-any-time) export from the appwiz.cpl called newlinkhere. This export was removed in Vista. Since this was quite a popular export (live.com for it yourself, you’ll see) we decided at a late stage to put it back in. I haven’t verified…


Session 0 isolation, COM and COM+

Session 0 isolation is not limited to NT services. It also applies to COM+ server applications and COM out-of-process applications running under anything else than the interactive user. So all problems related to services living in a different Terminal Server session from the first logged in user now also apply to dllhost processes (COM+ or surrogated COM dlls) and…


Impact of Least Privilege in System Services

Of all security changes in Vista, UAC with its spit token and MIC is for obvious reasons getting most attention. But there are a lot of other areas that have been tightened up for security reasons and we keep finding new ones that impact customers. One of them is detailed in the document on service…


Per-User COM on Vista for elevated token processes

Per-user COM in Vista (where CLSIDs, etc. go under HKCU\Software\Classes instead of HKLM\Software\Classes) behaves different on Vista compared to XP. Actually it does not work at all for full administrators (to be precise, it is actually for any process with a MIC level higher than medium but more on that later). The CoCreateInstance or CreateObject call will return…