Subscribe: Larry Osterman's WebLog : Security
Added By: Feedage Forager Feedage Grade B rated
Language: English
bit app  blog  code  day  driven development  larry  long filename  long  max path  max  path  screen  started test  test  win apis 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Larry Osterman's WebLog : Security

Larry Osterman's WebLog

Just another Developer Network site

Last Build Date: Tue, 24 Nov 2015 15:59:52 +0000


Converting Win32 API results to std::wstring (or std::string)

Tue, 24 Nov 2015 15:59:52 +0000

Hmm. Just realized that this is a bit out of order and should have been published before the previous post . It turns out that there are a significant number of Win32 APIs that have a similar calling pattern – you call the API once to find the size of the buffer needed for the...

ExpandEnvironmentStringsA returns a different required buffer length than ExpandEnvironmentStringsW

Thu, 19 Nov 2015 11:48:00 +0000

I was writing some ANSI-only code the other day to handle the case where an environment string expansion could return a buffer larger than MAX_PATH (the test code I was modifying assumed that it could only ever see a MAX_PATH output, I wanted to make it more resilient). The way the code worked, I defined...

PathCchCanonicalizeEx doesn’t actually canonicalize filenames (AKA: Hey Larry, it helps to RTFM).

Tue, 17 Nov 2015 14:52:34 +0000

So I was working on some file path parsing logic the other day and I ran into a problem – I was converting a file name passed in on the command line to a long filename acceptable path (one starting with \\?\). As I mentioned before, the Win32 APIs that accept \\?\ filenames assume that...

Recursively Deleting a directory–with long filename support.

Mon, 16 Nov 2015 17:52:48 +0000

I recently was updating some test code to handle long filename (longer than MAX_PATH) support. My initial cut at the function was something like the following (don’t worry about the VERIFY_ macros, they’re functionally equivalent to asserts): const PCWSTR LongPathPrefix=L"\\\\?\\"; void RecursivelyDeleteDirectory(const std::wstring &strDirectory) { // Canonicalize the input path to guarantee it's a full...

What’s wrong with this code–a real world example

Wed, 28 Nov 2012 15:05:59 +0000

I was working on a new feature earlier today and I discovered that while the code worked just fine when run as a 32bit app, it failed miserably when run as a 64bit app. If I was writing code that used polymorphic types (like DWORD_PTR) or something that depended on platform specific differences, this wouldn’t...

Insecure vs. Unsecured

Sun, 06 Nov 2011 17:57:06 +0000

A high school classmate of mine recently posted on Facebook: Message just popped up up my screen from Microsoft, I guess. "This site has insecure content." Really? Is the content not feeling good about itself, or, perchance, did they mean "unsecured?" What the ever-lovin' ****? I was intrigued, because it was an ambiguous message and...

Read-Only and Write-Only computer languages

Tue, 27 Sep 2011 15:49:00 +0000

A colleague and I were chatting the other day and we were talking about STL implementations (in the context of a broader discussion about template meta-programming and how difficult it is).   During our discussion, I described the STL implementation as “read-only” and he instantly knew what I was talking about.  As we dug in...

What has Larry been doing for two years (and why has the blog been dark for so long)?

Fri, 16 Sep 2011 17:52:15 +0000

As many of you may know, I tend to blog about things I encounter in my day-to-day work that I think might be of general interest.  And for the past two years, even though I've run into things that were "blog-worthy", I couldn't write about them in public.  And thus no blog posts. But that's...

Getting started with test driven development

Thu, 15 Sep 2011 09:05:20 +0000

I'm at the build conference in Anaheim this week, and I was in the platform booth when a customer asked me a question I'd not been asked before: "How do you get started with test driven development".  My answer was simply "just start - it doesn't matter how much existing code you already have, just...

Nobody ever reads the event logs…

Tue, 03 May 2011 07:13:00 +0000

In my last post, I mentioned that someone was complaining about the name of the bowser.sys component that I wrote 20 years ago.  In my post, I mentioned that he included a screen shot of the event viewer. What was also interesting thing was the contents of the screen shot. “The browser driver has received...