The reparse point tag 0x80000018 has the "Microsoft" bit set, but is not documented on MSDN. This tag is new to Windows 10 and is defined in the SDK as IO_REPARSE_TAG_WCI. Information on this is very scarce and the most I could find on it is that it may stand for "Windows Container Image" with no explanation as to the tag's function.
Plenty of reparse point tags are mysterious, but what's special about this one is that it is used by some universal apps: when installed, %USERPROFILE%\AppData\Local\Packages\<app>\ contains a LocalCache directory which is an IO_REPARSE_TAG_WCI reparse point. Inside it is a mostly empty mirror of the user profile directory structure, consisting entirely out of these WCI reparse points.
What is the purpose behind these reparse points? Why do some universal apps use them and others don't?
WCI: Windows Container Isolation
wcifs.sys is the Windows container isolation file system filter driver. For processes running in Windows containers, it provides a view of the virtual file system for that process.
Related
I'm actually wondering how you can control the icon size (or generally: which icon to use?) for a 'classic' WPF application appearing in the Windows 10 start menu as a tile shortcut.
I only found very few posts like this one on SO, but the only answer one gets is that the corresponding mechanisms are only implemented for 'modern' Windows apps. This may be true in terms of live tiles and manifest-based definitions.
However, there has to be a way of triggering 'bigger' icons. Specific example: I have built an WPF application that, when pinned to the start menu, only shows up with a small icon in it. This is the case for all 'classic' applications - see attached image of a shortcut to the 'Orca.exe' db editor. I do believe in a way to achieve bigger icons because I noticed the Mozilla Thunderbird application (which is a 'classical' application) shows up with this one (custom background color and big icon size).
Is there anyone who understands how to achieve this and may share his knowledge? I already extracted the used icons from executables/shortcuts and compared them, but both only provide standard icon sizes up to 256px, no difference there.
Thanks!
This is actually pretty simple, but I remember having a hard time myself finding the documentation (or realizing that this is perfectly working for 'classic' applications):
Reference: MS docs - How to customize Start screen tiles for desktop apps
You can control the described behaviour and appearence of start menu tiles with a xml file called [Software].VisualElementsManifest.xml, where [Software] has to be replaced by the name of the .exe file (without extension), e.g. thunderbird.VisualElementsManifest.xml. As you already mentioned it, you can peek into the Thunderbird folder for a working example of it's content. Basically it looks like this:
<Application xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>
<VisualElements
ShowNameOnSquare150x150Logo='on'
Square150x150Logo='VisualElements\VisualElements_150.png'
ForegroundText="dark"
BackgroundColor="#FF0000"/>
</Application>
You can even provide additional options and assets for proper scaling, localization and accessibility by creating proper ressource files, documentation from MS has step by step instructions for this.
Note that the documentation warns about it's deprecated content. I don't know how long this work or if they are planning to completely remove this way of tile specification in the future, however it went perfectly fine on all version of W10 so far.
Note #2: If you're trying this out with an existing installation/shortcut, you have to refresh the modification timestamp of the corresponding shortcut and then unpin/pin the tile again, otherwise the shell won't notice the new definition file existance. Simplest way to do so in PS (run as admin when modifying shortcut in the system folder):
(ls "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\[ShortcutName].lnk").lastwritetime = get-date
or from CMD within the destination folder:
copy /b [ShortcutName].lnk +,,
I have a server component that reads its configuration from a file. The configuration file is also read and written by an administration component. The components are separate programs, and they will be running under separate accounts. I want to change the ACL on the configuration file to:
application: read
administration: read and write
Its important to drop write from the application because the application opens a listening socket. That is, its high risk and I want to contain it as much as possible.
After some searching, it looks like ioctl is used to do it in C. ioctl_list offers a list of control codes but its not apparent to me how to add two users with different permissions on the configuration file. The man page online at die.net does not discuss the permissions in-depth or offer sample code. For example the word "perm" (root of "permission") only shows up once in the discussion.
On Windows, reducing permission to honor least privilege is drawn out but its pretty straight forward (Richter gives good examples in his Advanced Windows programming series).
How does one change permissions on a linux file using C APIs? What control codes are to be used?
Thanks in advance.
This is not done with ioctl, but rather with dedicated system calls: chmod, chown, and chgrp for the basic user/group/other set of file permissions, and acl_* for full-fledged ACLs. You probably also want to know about the setuid, setgid, and setgroups system calls, which are how you drop privileges in a running application.
You can accomplish your goals using only the basic user/group/other permissions. Configure your system as follows:
The server application has a dedicated user ID and group; let's say they are both named nlserver ("nl" for "noloader").
The administrative component also has a dedicated user ID and group, let's say nladmin.
The configuration file is set to be mode 0640 (aka -rw-r-----) and owned by user nladmin, group nlserver. (The code responsible for doing this should be in the administrative component, not the server itself.)
When the server starts up, after doing everything it needs to do as root (e.g. bind low-numbered ports), it uses setgroups, setgid, and setuid (IN THAT ORDER!) to change to user nlserver, group nlserver, and clear the supplementary groups list. Only after doing so does it open the configuration file.
Is there any archive format that offers the following:
be digitally sign-able with a digital certificate from a trusted source like Verisign - for preventing changes to the file (I am not referring to read only, but in case the file was changed it should no longer be signed telling the user this is not the original file)
be stream-able - be able to be opened even if not all of the content has been transferred (also not strictly linearly)
be "readable" - be able to read the data without extracting to a temporary folder (AFAIK if you open a file in a zip archive it is extracted first, and this stays true even for zip based formats like OOXML. This is not what I want)
be portable - support on at least Windows, Linux and Mac OS X is a must, or at least future support
be free of patents - Be open source - also preferably a license that allows commercial use(as far as i know GPL a share-alike license so it doesn't allow commercial use, BSD on the other hand allows it)
Note: Though it may come in handy eventually I can not think right now of a scenario that would require both point 1 and point 2 simultaneously. Or lets leave it a be able to check the signature only when the whole file was downloaded.
I am not interested in:
being able to be compressed
being supported on legacy systems
Does any existing archive format fit this description (tar evolutions like DAR and pax come to mind) ?
If there is, are there programing libraries available for the above mentioned OSs?
If not, would it be hard to create such a thing?
Usage scenario:
I want to use this to create a new media container.
Current media containers contain the audio, video and subtitle streams directly.
Matroska, currently the most advanced container, has supplementary features like attachments and menus.
The menu functionality however is not implemented and very limited.
What I want to create is one level higher.
I want to create a file similar in a way to OOXML.
Also all of the menuing should be done in web technologies like HTML5 (as it is now the tag allows for any kind of codec to be used) and CSS.
Also just like you have holograms on dvds to prove the authenticity I want to create a sign-able file
Research notes:
Before asking this question I stumbled uppon this:
Whats the best way digitally sign a zip file for download using .Net
While detached signing would be feasable for the individual files contained in this archive it is not an ellegant solution for the archive file. Not end user friendly.End users should be able to doubleclick the file to open it in a media player like VLC, and see a message that the file is legit (just like you see in a browser if the page is transmitted with SSL through HTTPS or not)
EDIT: clarified point 5
EDIT 2: added a note to clarify point 1 and 2
EDIT 3: added usage scenario
EDIT 4: added research notes section
P.S.: This is my first question on StackOverflow
I doubt that you find such format out of the box. I understand how such solution can be built with help of our SolFS, but SolFS doesn't have built-in signing (you can add signing easily).
Wondering if there's any guidelines that should be followed when writing an application that should work not only on a plain ol' non-networked computer but also on a computer/network that is setup with Active Directory (or some other directory service) and/or Terminal Services? Anything I should look out for, be aware of, etc?
Microsoft has renamed Terminal Services to 'Remote Desktop Services' so searching and looking around MSDN my not be as constructive using the old terminology.
I'd start having a look around Remote Desktop Services Programming Guidelines found here:
http://msdn.microsoft.com/en-us/library/aa383490(VS.85).aspx
On the AD site a starting point would be here:
[http://msdn.microsoft.com/en-us/library/ms682458(VS.85).aspx][2]
The most important things to be aware of:
On a Terminal Server users are not admins, they have no rights to:
Write in Program files folder
Register ActiveX controls
Write into (ini files) in Windows(\System32)
HKLM hive of the registry
Some other points:
- Certain API's like getting the Windows directory will return redirected results (in this case the windows subfolder of the homedrive) UNLESS you mark your executable as Terminal Server aware
- Your application must not rely on settings in HKCU that prevent startup when not present
- Multiple users might use your app concurrently so each user must be able to have their own settings (in HKCU)
I have started coding an FTP client application (for fun). I’m trying to represent remotely hosted files with icons. For example, let’s say I’m browsing the root folder of an FTP server (/) and want to display the Backup.zip file with the icon association from that client operating system. On some systems, this may be the windows compression icon and other operating systems this may be WinZip or WinRAR icons.
I have the client browsing local files with the SHGetFileInfo() function. This works great with files that are local, however, this function requires the physical file in order to retrieve the associated icon. So, this will not work with remotely hosted files. I have found some samples of loading icons given a file extension, and this is really where the question comes in... What would be the best strategy to get icons associated to remote files?
Go to the registry every time and look up extension to icon associations
Create 1 byte files with each extension and use the SHGetFileInfo() function for remote files (using local 1 byte files as association for remote files)
Other strategies???
What would a professional software company creating an FTP client do?
Thank you for your time.
-Jessy Houle
I suggest that you don't go to the registry every time: go if you need to, but if you've already been for a given filetype then remember/cache that result (within your program) and reuse it.
Use the procedure here from a previous Stack Overflow question on the same idea and uses the registry instead of an actual file.
How can I get the filetype icon that Windows Explorer shows?