Tuesday, 21 March 2017

As I win StackOverflow 'Fanantic' Gold Medal here is a Miscellany of my SO Fails ...

So I use StackOverflow as a resource.  I ask questions because I think it is better than Google.  I also answer VBA questions not for the sake of kudos but if I can gain points then hopefully that means my questions get taken seriously.  It turns out that at midnight this evening I will win a gold medal "Fanatic" which is gained by turning up on SO 100 days in a row.  In this post I'm going to curb my enthusiasm by confessing to those of my questions I deleted because they were poorly received.  Here is a miscellany of my SO fails.


How to write C++ code to call into VBE7.dll to mimic VBA code?

I found that VBA's Left$ and Split etc. are all implemented in a file call VBE7.dll, I used Dependency Walker (Depends.exe) to establish this.  I asked SO if there was a header file that could call into this file.

Hans Passant replies
It is not documented. Not like you can't figure it out by trial and error, but you have little guarantee that your hard work is going to survive for long. And you have a nasty dependency that you can't distribute yourself. If the function is simple to reverse-engineer then it is also simple to re-implement it, and make it a lot better using the power of C++.

So Hans is saying essentially "Bad idea, don't be silly!"

What does “tag” prefix stand for [c++] in tagVARIANT and tagSAFEARRAY?


What does "tag" prefix stand for [c++] in tagVARIANT and tagSAFEARRAY? These are the COM structures but they are known as Variant and SafeArray. What is the "tag"? tagvariant| tagSAFEARRAY

Hans Passant replies
It comes from the C language, the language that inspired IDL syntax. Lots of google hits, this is one.

Yeah, so this is easy to Google for once you have the right search words "Structure Tags C", see top hit.

How to close VirtualAlloc loophole? Use different account credentials?


So I was writing some code to open an application and get information on its button structures and then send a message to click on the button. The tasks involved calling OpenProcess with access everything permission and then calling VirtualAlloc and then copying data into my process.

During my travels, I've seen examples of code injecting DLLs into another process. On reflection, this is a massive loophole. In fact, it is quite shocking.

How best to close VirtualAlloc loophole? Does configuring the exe to run under a different account (username/password) prevent (at the OpenProcess call)?

This got downvoted, it seems the SO is less bothered about this loophole. Here is an exchange of comments before I deleted question.
There is no "loophole". If it is a process you created, you have access to it. If it's someone else's process, you need "Administrator" privileges. – Ðаn 2 hours ago

@Dan: If I am software house and I write an application, and I am liable for screw-ups on customer's machine then it is very important to defend against code injection. – S Meaden 2 hours ago

It rather involved being on the other side of this airtight hatchway "Not every code injection bug is a security hole. Yes, a code injection bug is a serious one indeed. But it doesn't become a security hole until it actually allows someone to do something they normally wouldn't be able to." – Ðаn 1 hour ago

On any sane OS the programmer can't "defend" against an admin, and this is good IMHO. But I have the impression this is slowly changing... – alain 1 hour ago

No comments:

Post a Comment