Jump to content

  • Log In with Google      Sign In   
  • Create Account

Just Let It Trickle

What Makes A Genius? Intelligent Qube’s IQ Algorithm

Posted by , 12 August 2015 - - - - - - · 460 views

When I play games I don’t really play anything new. Heck, the last game I bought as it was released was Final Fantasy X, the original version.

The one game I do play and perhaps play too much, is Intelligent Qube (or Kurushi since I’m a contrary European) on the PS1. I usually speedrun it, but then I found a high score for the game on Twin Galaxies of 1,244,800 with an IQ record of 506. This was achieved on the default / easiest difficulty, nevertheless if you’ve played the game you’ll understand that they’re both pretty great scores.

The scoring mechanics for the game are relayed via the tutorial and otherwise easily observable so anybody doing a score attack can gauge how they’re progressing and what they need to do. How the IQ score is calculated on the other hand is not public knowledge. So seeing as I like to know how things work, can read PlayStation (MIPS) assembly, and some clever people have fitted debuggers into PlayStation emulators, I went to uncover it.

The results I found contained some rather unexpected information.

Read the rest of this entry on Just Let It Flow

Plug in to CL’s Kitchen

Posted by , 25 January 2013 - - - - - - · 688 views

It's well known that Visual Studio's C compiler hasn't progressed much beyond C89, save for things like variadic macros. What might not be quite as well known is that to rectify this a bit, somebody created a C99 to C89 converter. A decent tool to be sure, but it doesn't integrate well into Visual Studio. Being a seperate program means you have to fudge things to run it instead of cl.exe, or you have to set a pre-build step, save the processed output and then compile those files instead of the ones in your project. It's not terribly friendly for IDE purposes. Wouldn't it be nice if there was a way to intercept the compilation and process the source files as it goes? What isn't well known is that you can do that, with compiler plugins.

The good news about these plugins is that unlike IDE ones such as Visual AssistX, the support is directly in the compiler so you don't have to have a pay-for version to use them. You see, not only does cl.exe have the plethora of options it displays as help, it has undocumented ones too. Ones which allow you to change or add compiler passes and pass your own arguments to them.

Continue reading on Just Let It Flow...

Dropping Like Files - Zipping Without Libraries on Windows

Posted by , 17 October 2012 - - - - - - · 1,110 views
windows, c++
If you haven't been living under a rock (or in a non-Windows world) you'll know that since XP, Windows has had zip file extraction and creation. You may also know that what it doesn't have, is a defined API so us normals can leverage it programmatically. But there are ways and means.

Think about it, the usual way you'd interact with zip files is through the shell. You'd highlight a bunch a files and "Send To" a Compressed Folder or drag them into an existing folder and voila. There's obviously some code behind that's actually doing those things, and since you can do them from 'Open File' dialogs and the like, it can't be code within the Explorer executable.

You can search Google all you want, but you'll only find that MSDN isn't sandbagging and there are no directly exported functions to create zips. What you may find is that shell32 and friends do have functions and interfaces to duplicate the Shell's methods of dragging, dropping and sending to, so that seems a good lead to follow...

Continue reading on Just Let It Flow

Things Up Microsoft's Sleeve - Console Graphics

Posted by , 08 October 2012 - - - - - - · 1,005 views
windows, trivia
CreateConsoleScreenBuffer, what a fabulous function. You ask it nicely, and it gives you as many 'console window content' buffers as you want. With the other supporting functions it's everything you need for a AAA game (ascii-art-animation natch). But backup a minute here. what's that mysteriously reserved parameter for and why is there a flags argument with a weasely worded "only supported screen buffer type"? Sounds like there's something else it can (or at least could) do.

Sure enough, there is. For the function really doesn't just have one defined buffer type, it has two. The second is the truthfully, if optimistically, named CONSOLE_GRAPHICS_BUFFER. Now doesn't that sound fancy? I mean, non-ascii graphics in the console, groovy!

The creation of this 'graphics buffer' works via the magic of that bogus 'reserved' last parameter. Forget about your regions and device contexts though, where we're going is much more low-tech.

Read the rest on Just Let It Flow

WindowWatcher is Here

Posted by , 21 June 2012 - - - - - - · 1,015 views

Way back in the mysts o' tyme I told a tale of a little picture-in-picture / interactive zoom tool I was working on. Well, a whole year and 4 months later I got round to fixing the buggy bits and wrote some help pages. Now it's ready for public consumption as an Installer, or just a Zip.

It's simple to use. You pick an open window
Posted Image

And you get another window (optionally always on top) that displays th chosen windows' live client area:
Posted Image

From there you can interact with the source window just as you would the real one with mouseover effects, button clicks etc But that's a bit boring, and with large windows the contents are all small like, so what you can do is select an area
Posted Image

and be zoomed into that
Posted Image

Then you can resize the window to enlarge or reduce the size of the content
Posted Image

Finally, because it'd be rude not to, you can still interact with the now zoomed and enlarged content
Posted Image

If you prefer to see it in moving action, I whipped up an 'ad' on my first go round last year.


It requires Windows Vista, 7, or 8 and Aero to be enabled and that's about it. It weighs in at about 150K soaking wet and uses a whopping 1.5MB of memory, so if it looks useful, have a go with it.

Installer, Zip.

Native Only Apps with VS Express for Win8

Posted by , 02 June 2012 - - - - - - · 3,652 views
visual studio
Microsoft say "Visual Studio Express 2012 for Windows 8 provides tools for Metro style app development. To create desktop apps, you need to use Visual Studio Professional 2012, or higher."

That isn't quite true. In fact, there's no quite about it. In the current RC version on MSDN, it's downright wrong, and simple to achieve too.

So how do you do it?

Before starting the IDE, navigate to
Open general_appcontainer.xml and find the line that contains <BoolProperty Name="WindowsAppContainer", and change the readonly property to false, from its default of true and save. You may need to save the modified file elsewhere and copy the file over the original depending on UAC and permission settings.

Open the IDE and create a Visual C++->Blank App (XAML) project

When created, you can delete almost all things it puts in there. The xaml files, the appxmanifest, the assets and common folders and if you don't need or want precompiled headers you can delete both pch files too.

Now, right click the project file and change these values:

Configuration Properties->General and switch Metro Style App to false.

And there you go! You can compile and debug native, WinRT-less apps using the old guard of WNDCLASSEX and GetModuleHandle type stuff from when men were men and women even moreso. You'll need to readd UNICODE, _UNICODE, _DEBUG/NDEBUG to the preprocessor directives if you need them, and re-enable pdb-generation and the subsystem type in the linker settings.

The only major downside is that the Win32 SDK that comes with this version is severely lacking many major things such as bits for the common controls and GDI32.lib etc. If you have an older SDK you can point it at though, it's isn't that bad. if you don't, you'll also have to remove the entries that aren't kernel32.lib and user32.lib in Linker->Input or generate lib files from the dlls using link.exe.

What does turning the Metro switch off do?

Unsets C/C++->General->Consume Windows Runtime Extensions (No)
This removes the dependency on vscorlib110.dll

Unsets the WINAPI_FAMILY define, which winapifamily.h defaults to WINAPI_FAMILY_DESKTOP_APP
This enables the functions marked in the SDK as being for desktop apps only (basically all the ones you're familiar with from Win32).

Unsets Linker->Windows Metadata->Generate Windows Metadata
Stops the generation of winmd files which have no purpose for non WinRT apps

Removes the non IDE Linker setting: /AppContainer
This turns off the new for Windows 8 IMAGE_DLLCHARACTERISTICS_APPCONTAINER flag in the Optional PE Header, and lowers the OS and Subsystem version of the generated exe down to 6.0 (Vista) levels (the default is 6.2 (Win 8))

And that's about it as important stuff goes. Deleting one character and changing three others has turned Microsoft from paragons of virtue, into rotten stinking liars.

If you're only interested in the updated C++ 11 toolchain, it's probably just easier to copy the VC\bin, VC\include and VC\lib directories and use them side by side with your current install of VS. The compiler binaries run on Vista+ as long as msvcr110.dll is in the path somewhere.

No Hooks Please, We're British - Thread Creation Notification

Posted by , 25 May 2012 - - - - - - · 962 views

If what you're writing already requires a dll, or you can augment an existing one, then you're already set and can use the fact that DllMain gets called when threads are created and destructed to your advantage. If you're not, or can't then you're pretty much stuck for an answer. Conventional wisdom on the web seems to revolve around hooking CreateThread or even use the kernel based notification scheme. However making a whole driver is overkill and with several methods of creating threads called at various levels of Windows, hooking isn't always sufficient either, especially if you want to execute code in the thread context. WMI is also a technical possibility, but with its '10,000 lines of code where 10 will do' philosophy, that's where its staying.

Dll thread_attach notifications work because when threads are created and torn down, ntdll loops around the internal structures corresponding to each module loaded in the process and calls their entry point if they meet certain criteria. The structure for the exe is included in the enumeration but as it doesn't identify as a dll, its entry point isn't called. The thing to do then, is modify the structure to a) look like a dll and b) make it think our entry point is a DllMain...

Continue reading on Just Let It Flow

Leveraging Windows' Built In Disassembler

Posted by , 25 April 2012 - - - - - - · 1,911 views
Wait, there's a disassembler built into Windows? Well, only in the sense that a supermarket that has the ingredients to build a cake. There's no ready made pastry hidden away in the depths of system32, unlike there is for file hashing [1].

What there is though, is an aisle full of ingredients going by the name of DbgEng.dll. This fellow forms part of the debugging tools triumverate with its more illustrious counterpart dbghelp.dll and the mysterious symsrv.dll. DbgEng contains the interfaces which make up WinDbg's core functionality, a portion of such is disassembling. So, being the sort of chef who would appear on a Gordon Ramsay show in quite short order, I rustled up a quick messily coded bun.

It's not IDA or Hiew, it's not meant to be. But for an 'objdump -d' like, quick and dirty tool that handles the 3 most common Windows architectures (as well as ARM and Alpha!) and doesn't require a toolchain to be installed, it's perfectly acceptable for my uses. It may be for others too, so have at it if you should so desire.

Download it here

Posted Image

AMD64 output with symbols.

Posted Image

ARM output from files compiled by eMbedded VC.

The code was to be part of a larger project which never was and so, is in a terrible state mixed with this library and that. In scant consolation, below are the basic steps to how it works, and how you can do it yourself if you're suitably deranged. The help for these interfaces and functions is on MSDN (obviously) and also the debugger.chm help file that comes with the Debugging Tools For Windows package which also houses the up to date headers, libs, and other helpful little programs.

Pseudocode steps

[1] - The lesser known tool is certutil.exe, the command line to hash files is
certutil -hashfile <file> <hash name>
Hash name can be SHA1, SHA256, SHA384, SHA512, MD2, MD4, MD5, must be uppercase

Chroot-ing in Windows - As Easy As A:, B:, C:

Posted by , 16 January 2012 - - - - - - · 1,255 views
Windows, C++, Internals
Linux people who have to work in Windows are sometimes found lamenting about the basic tools it has which are absent from Microsoft's product. While recent developments of Windows have implemented variously featured versions of whoami, ln, cat, grep, ps and chmod, one app that's so far evaded the conversion is chroot.

Whatever the reason may be for its absence, it is definitely not because there's is no support mechanism for it. Just like in Linux, it's a single function call.

NtSetInformationProcess(hProcess, ProcessDeviceMap, &hObjectDirectory, sizeof(hObjectDirectory));

Ok, so it's technically one function call, but there needs to be a bit of setup beforehand...

Continue reading on Just Let it Flow

Bagging Some Property - Getting A Windows User's Picture Tile

Posted by , 03 January 2012 - - - - - - · 1,050 views

It doesn't sound like it should be so hard. I mean, the shell has managed to produce it every time you've logged on since Windows XP. MSDN has a page dedicated to user profiles that includes a section on where it is and how its treated. It details that a users picture lives in their temp directory, except for most times when it doesn't. It's not wrong in its description. The picture will turn up if you open the User Account control panel, but if you're trying to grab it programatically, asking the user to open Control Panel and all that or even worse, opening it from your own code and killing the window just as quick aren't fantastic solutions.

If you’ve searched for this before or being otherwise snooping through the shell’s exported functions, you may have seen something called SHGetUserPicturePath or its ex version SHGetUserPicturePathEx. Just the sound of their names elicit sounds of joy, a joy that the long search is over. And it should be, except that it isn't. For one thing, up until a few weeks ago there was no public record of how to use them or what they do, at least not one picked up by Google. Now that’s been rectified (with the docs above) and given the MSDN page, 2+2 would suggest these are the functions called upon opening the control panel.

Continue reading on Just Let It Flow

January 2017 »

22 232425262728