Monday, October 31, 2016

"Uninstalled processes" in the "App history" tab of Task Manager

If you go to the App history tab of Task Manager on Windows 8 or newer and then enable Options | Show history for all processes, you'll probably get an extra entry called "Uninstalled processes" that took a few resources.


The name might be a little confusing, but from what I can tell, that entry displays the sums of all the resources used by processes launched from executables that can no longer be found. You can test this theory by making a copy of a standalone program, running it for a while, then deleting it. The things it used will be added to the "Uninstalled processes" row.

Based on my Super User answer.

Saturday, October 29, 2016

AbiathRPC - Shared control of authentication challenge

A while back, I noted that it's less than ideal how an AbiathRPC server could order the client to sign anything the same length as a SHA256 hash. Putting the client in complete control of the message to be signed is also very bad, since that would enable replay attacks. I know I can't completely solve man-in-the-middle attacks without some sort of PKI, but I came to a good solution: have the server and client both be responsible for the signed message.

Now, the server still sends an authentication challenge for VeriMaps authentication, but the method that accepts the signed version now takes another part of the message in addition to the signature. When authenticating, the client generates a random bunch of bytes, appends that to the stuff received as the server's challenge, computes the SHA256 hash, and signs that.

Friday, October 28, 2016

AbiathRPC - Level downloading

A while ago in AbiathRPC development, I got the server to load levels from disk and transform them into something meaningful but also WCF-compatible. Today I got the client to download those levels and display them as though they were local. To do that, I had to write the level set proxy, which AbiathRPC swaps in when connecting to a server. It then clears the level view state dictionary (removing the image of the original temporary level), populates the level list in the Level menu, and updates the level label.

Server levels can be successfully viewed on the client. I am getting close to having some actual collaboration features working.

Thursday, October 27, 2016

Overlaying big text on the screen with PowerShell

Somebody wanted to use a command-line-invokable script to throw up a massive text overlay on the screen. The easiest way to do that using only built-in Windows tools is, of course, PowerShell.

When this script is run, the word "Hi!" appears in blue on top of everything. It goes away once the text (not the area around it) is clicked.

Add-Type -AssemblyName System.Windows.Forms
$form = New-Object System.Windows.Forms.Form
$form.TransparencyKey = $form.BackColor
$form.WindowState = 'Maximized'
$form.FormBorderStyle = 'None'
$label = New-Object System.Windows.Forms.Label
$label.Font = New-Object System.Drawing.Font ($label.Font.FontFamily, 200)
$label.ForeColor = [System.Drawing.Color]::FromKnownColor('Blue')
$label.AutoSize = $true
$label.Text = 'Hi!'
$label.Add_Click({$form.Close()})
$form.Controls.Add($label)
[Windows.Forms.Application]::Run($form)

It works by creating a standard Windows form, removing its background, maximizing it, adding a label with really large text, and showing the form.

Wednesday, October 26, 2016

AbiathRPC - VeriMaps authentication

A few days ago, I threw together an implementation of authentication for AbiathRPC based on VeriMaps certificates. Today I actually tested it, and I found that it didn't work: the data to sign has to be the same length of a hash produced by the hash algorithm used by the signature formatter. (Makes sense.) I changed the server to SHA256 the GUID before sending it to the client as the challenge. After fixing a couple simple oversights, VeriMaps authentication works as intended.

I considered whether a malicious server could get a client to sign an arbitrary blob of data (e.g. the SHA512 hash for a VeriMaps-signed level set). The choice of SHA256 for this hash algorithm makes it impossible for the server to use a level set's hash as the challenge. This setup is still less than ideal, since it precludes any other VeriMaps security systems that use SHA256. Therefore, I will change the server to always produce a challenge that starts with some constant value (e.g. "RPC") and change the client to check for that before signing. Nothing I do here can defend against man-in-the-middle attacks, but that's what real TLS is for.

Tuesday, October 25, 2016

Getting the Chrome version without it updating itself

Somebody wanted to know how to get the product version of Google Chrome without going to the "about" page, since that could cause an auto-update. I suggested a method that works on many programs including Chrome: consult the Details tab of the executable's Properties window. If the version was included by the program's author, it'll be in the Product version row. You can pull that from a running process by using PowerShell:

(Get-Process 'chrome').MainModule[0].ProductVersion

Monday, October 24, 2016

Determining whether the system was up at a given time with PowerShell, kind of

There isn't an easy cut-and-dry way of determining whether a Windows machine was running at a given time. You could try to look through Kernel-Power events and try to match "off"-like ones with "on"-like ones, but that would be tricky to get right with all the various power state transitions, especially if you consider sudden power losses.

Instead, I suggest this slightly subjective but very simple PowerShell oneliner:

Get-WinEvent -LogName Application | ? {$_.TimeCreated -le '10/19/2016 12:45 PM'} | select -First 1

It consults the Application event log (one of the very active logs) to get the most recent event before the given time. If that event's time is more than three hours or so before the given time, it's likely that the system was not running. If a human is reading the output, the contents of the most recent event would also probably provide a clue as to whether the system was powering down.

Based on my Super User answer.

Sunday, October 23, 2016

Setting the default prompt for command prompts

The prompt can be changed for the current command prompt window with the prompt command. If you want to persist the change, you need to set the PROMPT environment variable. This can be done from the command line with setx. This command sets the default prompt to a single > sign:

setx PROMPT $g

New command prompts will then have the new prompt. To reset the prompt, you can delete that environment variable with setx PROMPT "".

Saturday, October 22, 2016

Policy Plus - Acquire ADMX Files

The first thing Home users of Policy Plus will need to do is download and install the full set of policy definitions (ADMX files). These are free, but the installer from Microsoft doesn't place them in the PolicyDefinitions folder; the user has to move them there manually. To expedite this process, I added a feature to Policy Plus: Help | Acquire ADMX Files.

This dialog, given a destination directory (defaults to the main PolicyDefinitions folder), downloads that MSI from Microsoft, unpacks it (msiexec /a), and moves the ADMX files along with the current language's ADML files to the destination.


Once it's done, the success message lets the user open the newly downloaded policy definitions.

The changes are live on GitHub.

Friday, October 21, 2016

AbiathRPC - Server level loading

Before the AbiathRPC client extension can work with remote levels, the server has to be able to load and send them. A few days ago, I wrote a very simple addition to the server startup routine that opens a GalaxyLevels set with files specified in the config file and prepares it into a WCF-compatible format, which mostly involved transforming each level's data into a one-dimensional array as opposed to a three-dimensional one. I added a WCF operation contract to download all the levels, which will be called during the initial connection after authentication.

Thursday, October 20, 2016

Policy Plus - Semantic Policy Fragment

Over the past few days, I've been working on another aspect of the Semantic Policy System: the ability to easily produce a SPOL fragment from a policy's state. There's now a "Semantic Policy Fragment" option on the context menu of policies, which produces this dialog:


Just today, I found that there was no way to represent an empty multi-valued string in the SPOL format, so I made the None literal do that. I also saw that the value names in lists were always converted to lowercase when passed through PolFile, so I fixed that too. Finally, I added a check to PolicyProcessing that avoids a crash when Semantic Policy doesn't define all the elements in a policy.

The changes are live on GitHub.

Wednesday, October 19, 2016

AbiathRPC - Remote graphics

Today I managed to get remote graphics working in AbiathRPC. When the server starts, it loads two files as instructed in the config file into memory as byte arrays. When the tilesets are requested by a client, the server just sends down those byte arrays, which the client turns into bitmap images. To make Abiathar open an AbiathRPC level set, AbiathRPC supplies a very thin dependency file with the bare minimum needed for Abiathar to not crash. Abiathar first opens a blank level set with the Keen 4 graphics, then AbiathRPC replaces the graphics manager with one based on the two bitmaps received.

Next, I need to get a level set proxy going. That is made a little challenging by the fact that some Abiathar internals outside of the state manager modify the INextGenLevelSet directly. My current plan is to introduce a subtype of GalaxyLevel that carries a tag to uniquely identify the level on the server and identify levels newly created at the client.

Tuesday, October 18, 2016

Rebooting into Safe Mode from the recovery environment's command prompt

Today I worked on a Windows 10 machine that refused to boot. It could get to the recovery environment, but the "Startup settings" entry was missing, so I couldn't get to Safe Mode via normal means. It did offer a command prompt though, and some Googling turned up this Stack Overflow answer, which sets a flag in the BCD to boot to Safe Mode.

Note that in the recovery environment, {current} isn't the offline system's boot record. Instead, you can get the desired target's GUID from bcdedit -enum -v, then supply it to the command that sets the flag:

bcdedit /set {GUID} safeboot minimal

Reboot, and the system comes up into Safe Mode. Once you're finished fixing things, msconfig has a GUI that lets you go back to normal mode.

Monday, October 17, 2016

AbiathRPC - Injected state

A few days ago, I did some more tinkering with AbiathRPC. When I tried to overwrite the real state with the RPC-enabled wrapper, I immediately found that I had declared the field in Abiathar as being of the real implementation type, which meant that the new type had to be a subclass of that one. That actually made the job easier, since I only had to add methods for the overridden things as opposed to all of them. After fiddling with the order of arguments and the "this" object, I successfully injected the new state manager into Abiathar.

Then I threw together a basic WCF server, some simple authentication methods (username+password or open, VeriMaps still a work in progress), and some UI for the client to connect. The next step is to write some alternative implementations of the smaller wrappers. Then, I'll need to figure out how to finagle the dependency file opening process into opening something that's not entirely managed locally.

Sunday, October 16, 2016

Policy Plus - Export POL

Today I added an Export POL option to match yesterday's Import POL. For POL-file-based policy sources, the exporter just saves the existing PolFile instance to the new file. To export Registry-based sources, things are a little more interesting. Clearly, exporting the entire Registry would not be acceptable, and looking at every single policy to find the relevant Registry entries would also take a while (and miss some values if there were non-ADMX-based policies involved).

So I took advantage of the list of policy Registry locations I had already compiled. They were used to check whether a policy was really a policy as opposed to a preference. For each policy root, the exporter writes everything under it to a new PolFile, which is then saved to a file.

The changes are live on GitHub.

Saturday, October 15, 2016

Policy Plus - POL import

In continuing to fulfill the Policy Plus mission of providing convenient ways to share policy settings, today I wrote an Import POL feature. It's really simple: it just lets you browse for a POL file, asks you which section it belongs to, then applies it to the appropriate IPolicySource using the same method as the Save routine.

Next, I'll see about a way to export all currently-existing policy settings as a POL (in case the current source is a live Registry).

Friday, October 14, 2016

Policy Plus - Import Semantic Policy

Today I connected some UI to the Semantic Policy parser I finished yesterday. The form is essentially a basic text editor:


The Open File button produces a file browser dialog, then puts the contents of the selected file into the text box. The Reset button clears everything out of the text box except for the signature. The Verify button makes sure the text is a valid SPOL file. The Apply button actually applies the Semantic Policy information to the policy sources. This dialog is accessible under a new top-level menu, Share.

I rearranged the parser a little bit so that it could include the line where an error occurred in the exception. I also decided to put the section identifier (U or C) before the policy ID. That way, it's easier to scan and harder to forget.

The changes are live on GitHub.

Thursday, October 13, 2016

Policy Plus - SPOL parser

A couple days ago, I started writing a parser for a new Semantic Policy format. Today I filled out the part that loads the data for extra options. It figures out the type automatically, without needing to check the actual policy definition.

  • Enum selected indices are the number prefixed with the pound sign, like #2
  • Normal numbers are just the number, like 45
  • Checkbox check states are Boolean-naming strings, True or False
  • Text box contents are the string surrounded by single quotes with no escaping needed, like 'I can't do that'
  • Multi-valued text box contents are the double-quoted separated by commas, double quotes escaped by doubling if necessary, like "Thing 1", "I said ""wow!"""
  • Lists (non-dictionary) are double-quoted strings, one per line, surrounded by square brackets
  • Dictionary-like lists are the same as normal lists but with two strings on each line, one for the key, one for the value
An empty list and an empty dictionary look the same but are different types, so the parser just turns them both into Nothing, which is ignored by PolicyProcessing instead of causing an invalid cast.

Once I throw together a UI for importing SPOLs, I'll be able to test this parser.

Wednesday, October 12, 2016

AbiathRPC - State proxy

For quite a while, I've been thinking about creating an Abiathar extension that functions as a client for a server-client level editing collaboration system. The whole system would be called AbiathRPC, a play on words involving "Abiathar" and "RPC" (Remote Procedure Call). I had some extra time today, and I had an idea I wanted to test.

A lot of Abiathar's functionality is accessed programmatically through the IAbiatharState interface. For AbiathRPC to intercept the various calls, it would need to replace some functions on that interface. I don't want to manually rewrite the full implementation, which might change from version to version. I decided to try the Emit features of the Reflection system, which allows for runtime code generation.

I threw together a class that takes an IAbiatharState and uses it to create an AbiathRPC state wrapper. It generates a new class implementing that interface and (using the list of "hooked" methods) figures out where to redirect calls. The body of each generated method is very short, just a load of a field that stores the real state wrapper, a push of each argument, and a call. It took a lot of fiddling, but eventually I got something that works for the methods I tried (one pass-through and one hooked) and doesn't blow up with InvalidProgramException.

Tomorrow I'll see about swapping out the real Abiathar state manager for this one to make sure that the pass-through doesn't break anything.

Tuesday, October 11, 2016

Policy Plus - Semantic policy files

Sharing policy settings is a wordy affair at the moment. To tell someone how to tweak their machine in gpedit.msc, you have to step them through the right sequence of categories, have them hunt down the right policy, and twiddle the extra options as appropriate. .reg files make sharing Registry entries easy - there should be an analogy for policies.

Today I started work on just such a thing: the Semantic Policy format, .spol. Policy Plus will eventually have the ability to import (and probably create) these files. My goal is a format that's easily parsable, easily human-readable, and easily human-writable. It's not completely worked out yet, but I'm thinking of something like this:

Policy Plus Semantic Policy

Microsoft.Policies.BITS:BITS_Job_Timeout C
 Enabled
  JobInactivityTimeout: 5

Microsoft.Policies.BITS:BITS_MaxContentAge C
 Disabled

I plan on keeping indentation optional, but it does make the file easier to read, in my opinion. The enum type will be distinguished from the normal number type by a # sign before the number. String literals will have quotes. I'm not sure what to do about multiline string literals; I'm thinking of not supporting them at first because the UI doesn't (not in Policy Plus, not in LGPE).

This format will be superior to .pol in terms of policy representation because it actually has the semantics of policies; notice how there's no mention of Registry values.

Monday, October 10, 2016

Where Windows 7 stores pinned files and folders

In Windows 7, programs, files, and folders can be pinned to the Start menu. (For files and folders, the way of doing so isn't super obvious: you have to drag them from Explorer onto the Start button.) Programs that are pinned get shortcuts placed in a certain folder under %APPDATA%, but file/folder pins don't appear there.

So, to find where that information goes, I did some digging with Procmon. I found that Explorer keeps the pinned items in the values in this Registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2

The values of interest are Favorites, FavoritesChanges, and ProgramsCacheSMP. They're all binary, so changing them would be difficult. I did manage to replace a pinned folder with one with the same length of name in the same parent folder by changing all instances of the original target's name to that of the new target, but adding, removing, or significantly modifying an entry would be very difficult without reverse engineering the blob format.

Based on my Super User answer.

Sunday, October 9, 2016

Policy Plus - Info on the current category

For quite a while now, if you selected a category in the right pane of Policy Plus, that category's name and description would appear in the informational middle pane. Since Policy Plus doesn't have an Administrative Templates node to contain all the policy categories, though, there was no way to select one of the top-level categories to see its description.

That seemed strange to me, so I just adjusted the UpdatePolicyInfo method to show the current category's information if nothing was selected on the right. The subcategories-and-policies-count text now changes slightly ("This category" vs. "The selected category") depending on whether the category in question is selected from the categories tree or the category listing.

The changes are live on GitHub.

The top-level category "System" has its info in the middle pane

Saturday, October 8, 2016

Embedding a scrollable piece of plain text

I frequently need to paste code onto this blog that contains lines long enough that they might extend beyond the width of their container. By default, such lines would wrap, which would look strange for code. Therefore, I've taken to enclosing code in elements that have a horizontal scrollbar, as I did in a recent post.

This can be accomplished with a single element: <pre> for the code formatting, with the style element set to get the horizontal scrollbar:

<pre style="width:100%;overflow-x:scroll">Code here
More lines of code, no BR needed</pre>

The only disadvantage with this simple approach is that the scrollbar will always appear even if the text fits perfectly fine.

Friday, October 7, 2016

Windows 10 Wi-Fi won't turn on? Install different drivers

Today I dealt with a Lenovo ThinkPad E545 laptop that refused to enable Wi-Fi. In the network pop-up from the notification area icon, it said "Wi-Fi off." Flipping the appropriate switch in the Settings app had no effect; it just went back to Off immediately. Reboots didn't help, everything seemed fine in Device Manager, and no third-party VPN software (which is sometimes the cause of Windows 10 network troubles) was installed.

The only other thing I could think of was to install a different driver. Lenovo hasn't published Windows 10 drivers for the E545 yet, but I found some for 64-bit Windows 8. Bizarrely, they had drivers from at least two different vendors. The Realtek installer actually ran - as opposed to others which didn't. After setting the driver in Device Manager to the new Realtek one, the Wi-Fi switch actually worked, and sure enough, Wi-Fi turned on as normal.

Thursday, October 6, 2016

Moving data from PowerShell to a batch script

Sometimes getting a certain piece of data is dramatically easier in PowerShell than with the normal command-line utilities. If you've already written a script for batch, then it would be good to marshal data from PowerShell back into a batch variable.

That's moderately easy with PowerShell's Out-File and the command prompt's set /p. You do have to be careful with encoding: PowerShell by default spits out UTF-16LE files with a byte order mark, and set /p doesn't work well with that. The -Encoding switch has you covered.

This little fragment of batch scripting uses PowerShell to get the location of the user's Documents folder and stores it in a batch variable called DOCSPATH:

powershell -Command "[Environment]::GetFolderPath('MyDocuments') | Out-File 'docspath.tmp' -Encoding ascii"
set /p DOCSPATH=< docspath.tmp
del docspath.tmp

This only works well for data representable as text, but the command prompt doesn't really handle objects anyway, so that's OK. You do need write access to the current directory to run the above snippet; if that's an issue, change the file paths to point somewhere writable.

Based on my Super User answer.

Wednesday, October 5, 2016

Unnecessary scrollbars? Possibly a Chromium bug

In certain circumstances involving elements being expanded and then shrunk back down, unnecessary scrollbars may appear on those elements in Google Chrome and then never go away. This is a known bug in the Chromium code. The report even includes a neat interactive demonstration. If you've seen bizarre unnecessary/immovable scrollbars sticking around in Chrome, that's why.

Tuesday, October 4, 2016

Per-user Software Restriction Policies work

One person had created a limited user in Windows 7 and (presumably) used the parental control features to only allow certain applications to run as that user. Upon updating to Windows 10, the control panel used for those limitations disappeared, but the whitelist remained in effect.

I guessed that the parental controls are implemented in Software Restriction Policies. This seems to be correct, since the Microsoft\Windows\safer key in the policies section of the user's Registry had information on the whitelisted apps. That's really interesting, because the Group Policy Editor doesn't show Software Restriction Policies in User Configuration like it does for Computer Configuration.

If I ever implement the non-Administrative Templates Group Policy parts in Policy Plus, I'll see about having SRP work for both machines and individual users.

Sunday, October 2, 2016

Finding the mode of a data set with PowerShell

PowerShell's Measure-Object (or just measure) cmdlet can get the mean of a list of numbers if you pass the -Average flag. There doesn't appear to be a built-in way to get the mode (most common value), though. Fortunately, it's possible to use a bit of piping to do the job:

$myList | group | sort -Property Count -Descending

The results will be a list of the different values and their frequencies, with the most common ones at the top. To just get the mode for use in further calculations, get the first group from the list of groups and then take an element from the list of its contents (which should all be the same for plain numbers):

($myList | group | sort -Property Count -Descending)[0].Group[0]

Resizing a VHD does not necessarily expand the partition on it

Today I was experimenting with dynamically expanding VHD (virtual hard disk) files. At one point, I decided I wanted to increase the maximum size of such a VHD, so I used the PowerShell Resize-VHD cmdlet. I then tried to put more things on the VHD, but Explorer informed me that there was insufficient space. Looking in Disk Management, I saw that the virtual drive had been expanded, but the partition on it was the same size as before. That makes sense, since volumes are not the same as drives. Fortunately, PowerShell also has a Resize-Partition cmdlet.