Bug in MSDN: TDI_EVENT_RECEIVE_DATAGRAM & it’s handler

If you ever wanted to handle TDI_EVENT_RECEIVE_DATAGRAM (http://msdn2.microsoft.com/en-us/library/ms801156.aspx) event handler in TDI, you would notice that it’s declaration is a bit strange(http://msdn2.microsoft.com/en-us/library/ms801622.aspx): NTSTATUS ClientEventReceive( IN PVOID TdiEventContext, IN CONNECTION_CONTEXT ConnectionContext, IN ULONG ReceiveFlags, IN ULONG BytesIndicated, IN ULONG BytesAvailable, OUT ULONG *BytesTaken, IN PVOID Tsdu, OUT PIRP *IoRequestPacket ); Guess what? It’s declaration is the …

Continue reading ‘Bug in MSDN: TDI_EVENT_RECEIVE_DATAGRAM & it’s handler’ »

DRIVER_VERIFIER_IOMANAGER_VIOLATION in Windows Server 2003 SP2 with latest updates ON

Recently, I’ve received following error when trying to test my TDI filter driver on Server 2003 SP2 with latest updates ON: DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9) Arguments: Arg1: 00000208, (Fatal error) This IRP is about to run out of stack locations. Someone may have forwarded this IRP from another stack. (IRP specified.) This violation message appeared, when I …

Continue reading ‘DRIVER_VERIFIER_IOMANAGER_VIOLATION in Windows Server 2003 SP2 with latest updates ON’ »

explorer.exe is in danger :)

Kaspersky (http://www.kaspersky.com/) recently released a signature update that treats explore.exe as a virus. This false signature may affect those people who set the option ‘delete virus’ ON – it let’s anvtivirus delete the suspicious binary from file system. I guess, it may cause unpredictable results, even if WFP (Windows File Protection) will try to recover …

Continue reading ‘explorer.exe is in danger :)’ »

The case of Task Manager that does not kill

Quite long time ago, my friend Vadym Stetsiak described a bug of Task Manager, which allows to disallow (!) the killing of a process, if it’s name is lsass.exe. In order to test this bug, you can rename any executable file into lsass.exe, run it, and than try to kill it from Task Manager. You …

Continue reading ‘The case of Task Manager that does not kill’ »

A shame on Kaspersky …

As one of the stages in my work, I do tests of different antiviruses with components I develop. This allows me to handle incompatibility issues, profiling BSODS and other critical errors that might appear during software lifecycle 😉 These days I was looking at Kaspersky (latest trial version from official site, as it was mentioned …

Continue reading ‘A shame on Kaspersky …’ »

Undefeatable files & folders in Windows XP SP2 – a bug in SHFileOperationW

Recently I was surprised with one interesting behavior of my Windows XP box. I was playing with long name files and noticed that major part of my shell extensions do not work with files, whose path is longer then 260 symbols. I also noticed, that Windows Shell does not allow me to create long file …

Continue reading ‘Undefeatable files & folders in Windows XP SP2 – a bug in SHFileOperationW’ »

Bug in wininet: RETR command is not supported since IE7 release

If your FTP client relies on Wininet and supports resuming of downloads then it fail to work under IE7 because RETR command is not working properly when you invoke it using FtpCommand(…) function. The function fails with access violation, outputting the “0xC0000005: Access violation reading location 0x00000001” message. The problem was reported in wininet NG …

Continue reading ‘Bug in wininet: RETR command is not supported since IE7 release’ »

Seems like “malware” may have a chance to exist under Windows Vista

Microsoft to give Vista kernel access to security firms – an interesting article that explains why Microsoft is going to publish new API to allow 3rd party security software to access the Vista kernel. This is a really amazing news, because once these gates will be opened to 3rd party security software they can be …

Continue reading ‘Seems like “malware” may have a chance to exist under Windows Vista’ »

Why does Windows do not provide more flexible API for Shell Context Menu Handlers?

Recently, I came across an interesting situation. My PC (XP SP2) was making some calculations. CPU activity was high. I was surfing through my folders and clicked on one of them using right button of the mouse. The context menu appeared after 10-20 seconds … “Why does it takes so long” – I asked myself? …

Continue reading ‘Why does Windows do not provide more flexible API for Shell Context Menu Handlers?’ »

Sometimes you DO need to invent the wheels

There is a well-known approach that states ‘there is no need to re-invent the wheel’. In other words, it means that if you decided to implement some functionality in your program, you should googlize to make sure it’s not implemented by other people and if it is then just use it and don’t waste the …

Continue reading ‘Sometimes you DO need to invent the wheels’ »

OllyDbg, Windows XP SP2 (32-bit) and Kaspersky Antivirus

I use OllyDbg debugger from time to time. The most wonderful debugger I ever seen: it’s light, powerful and does not require installation … This evening I got a few BSOD’s on my Windows XP SP2 after running OllyDbg. So I started the investigations. Analyzing minidump using WinDbg showed that system went down because of …

Continue reading ‘OllyDbg, Windows XP SP2 (32-bit) and Kaspersky Antivirus’ »

The magics of FILE_FLAG_BACKUP_SEMANTICS flag or contradiction in the MSDN library

MSDN: “The FILE_FLAG_BACKUP_SEMANTICS flag specified in the call to CreateFile gives the backup application process permission to read the access-control settings of the file or directory. With this permission, the backup application process can then call GetKernelObjectSecurity and SetKernelObjectSecurity to read and than reset the access-control settings.”. However there is another (undocumented) behavour of FILE_FLAG_BACKUP_SEMANTICS …

Continue reading ‘The magics of FILE_FLAG_BACKUP_SEMANTICS flag or contradiction in the MSDN library’ »

IE 7 Beta 3 bugs …

I installed yesterday IE 7 Beta 3 (for XP SP2 32bit) and now I realize that it contains a lot of bugs. It crashes mostly when you navigate to “specific urls”. Here is the steps to reproduce: – login to msmvsps.com – goto http://msmvps.com/ControlPanel/Blogs/articlelist.aspx – click on “New Article” button – wait untill IE7 dies …

Continue reading ‘IE 7 Beta 3 bugs …’ »