Friday, May 15, 2009

Writing endian-independent code in C

http://www.ibm.com/developerworks/aix/library/au-endianc/index.html

Monday, May 4, 2009

Making a console application invisible, avoid unnecessary pop-ups.

If you have a non interactive console application, let it be an invisible application, you can always generate logs for troubleshooting. If you want to run a console application without console pop-ups, from startup folder or ‘Run’ registry key, you need to make following changes to the console project. The basic idea is to make your console project a windows application.

Step 1:
Go to Project Properties -> C/C++ ->Preprocessor.
Replace _CONSOLE with _WINDOWS.
Step 2:
Go to Project Properties-> Linker -> Subsytem.
Replace Console (/SUBSYSTEM:CONSOLE) with Windows (/SUBSYSTEM:WINDOWS).
Step 3:
Replace _tmain()/main() with WinMain(). If your console application uses command line arguments you need to make appropriate changes for WinMain().
Step 4:
Build and run the application, it will do the same operations, however, without any console pop-up.

Friday, April 24, 2009

Microsoft memory leak detection tool - UMDH

http://support.microsoft.com/kb/268343

Tuesday, March 31, 2009

Buffer Overflow Attacks

http://www.windowsecurity.com/articles/Analysis_of_Buffer_Overflow_Attacks.html
http://www.linuxjournal.com/article/6701

Sunday, March 29, 2009

Vista session 0 isolation, launching UI based applications from Windows Services in Vista.

/*
After going thru few samples, I came up with the following code which worked for me. I used a service running in Local System Account to test this sample.

http://blogs.technet.com/askperf/archive/2007/04/27/application-compatibility-session-0-isolation.aspx

*/

BOOL LaunchAppIntoInteractiveSession(CHAR *szCommandline, DWORD &dwExitCode)
{
BOOL bResult = TRUE;
DWORD dwSessionId = 0;
HANDLE hUserToken = NULL, hUserTokenDup = NULL;
DWORD dwCreationFlags = 0;

// Get active session
dwSessionId = WTSGetActiveConsoleSessionId();

if (!WTSQueryUserToken(dwSessionId, &hUserToken))
{
//handle the error
goto Cleanup;
}

if (!DuplicateTokenEx(hUserToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserTokenDup))
{
//handle the error
goto Cleanup;
}

LPVOID lpEnvironment = NULL;

/*if(CreateEnvironmentBlock(&lpEnvironment, hUserTokenDup, TRUE))
{
dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
}
else
{
lpEnvironment = NULL;
}*/

PROCESS_INFORMATION pi;
STARTUPINFO si;
dwCreationFlags = NORMAL_PRIORITY_CLASS CREATE_NEW_CONSOLE;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = "winsta0\\default";
ZeroMemory(&pi, sizeof(pi));

// Launch the process in the client's logon session.
if (!CreateProcessAsUser(
hUserTokenDup, // client's access token
NULL, // file name
szCommandline, // commandline to execute
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
lpEnvironment, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
))
{
//handle the error
}

//Wait until process exits.
WaitForSingleObject(pi.hProcess, INFINITE);

//Get the process exit code.
if (!GetExitCodeProcess(pi.hProcess, &dwExitCode))
{
//handle the error
goto Cleanup;
}

/*if (!DestroyEnvironmentBlock(lpEnvironment))
{
//handle the error
goto Cleanup;
}
*/

Cleanup:

CloseHandle(pi.hProcess);
CloseHandle(pi.hThread );

CloseHandle(hUserToken);
CloseHandle(hUserTokenDup);

return bResult;
}

Friday, February 13, 2009

Allowing access when opening a named pipe from a Service

//Basic idea is create the pipe with a NULL DACL. This code worked for Vista as well.
//http://msdn.microsoft.com/en-us/library/aa379286(VS.85).aspx

BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa;

sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;

if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
//handle the error here
}

//A NULL DACL is assigned to the security descriptor, which allows ALL ACCESS to the named pipe.
if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) 0, FALSE))
{
//handle the error here
}

//Use the security descriptor in the CreateNamedPipe()
hPipe = CreateNamedPipe(..., &sa);

Tuesday, December 16, 2008

Using InternetReadFile() to download a file over HTTP

http://support.microsoft.com/kb/149413