Skip to main content

Manifest destiny

In a previous blog I wrote about the perils of auto-updating the EVE launcher on Windows when it is installed in Program Files - a protected folder - as it would elevate the process. Due to a bug (that's now been fixed) the launcher would then also start elevated after the update. Any files it would write in that elevated sessions would be owned by the administrator - subsequent launcher sessions where the launcher was started regularly would not be able to overwrite those files.

To further complicate matters we were occasionally getting reports of the client reporting damaged files even when the launcher seemed to be downloading and staging files successfully.

Protecting system files

This turned out be due to a very helpful feature of Windows, actually going back to Vista, when the UAC was introduced. When a legacy application wants to create a file in a protected location where it does not have write permissions, Windows will open a file in the Virtual Store folder, rather than letting the file create operation fail. When reading files, Windows will look in the Virtual Store first, so for many applications this will probably work fine.

The drawback to this helpful feature is that it can be downright confusing. Let's say we have an application that checks in the folder where the application lives for a file called myfile.txt. If it exists, it reads the file and displays the contents. If it doesn't exist, it prompts you for some text and writes to the file. Just to make this a bit more concrete, I've put this program up on github if you want to test this for yourself.

Show me

Put this application under C:\Program Files\TestVirtualStore. Run the app, it tells you the file C:\Program Files\TestVirtualStore\myfile.txt does not exist, prompts you for some text and proceeds to writing the file. You look in C:\Program Files\TestVirtualStoreand there is no file called myfile.txt there. You run the application again - this time it reads from the file myfile.txt and succeeds, showing you the text you typed earlier.



If you run the same application again, this time as administrator, it will again tell you the file does not exist. Type in some text for the application to write - make sure it is different from before. You look in C:\Program Files\MyApp again and lo and behold, the file is there.

Now run again normally (not as administrator) - you will see the original text displayed again. Where was it saved? In a folder called VirtualStore under %LOCALAPPDATA%. The virtual store kicks in when a legacy application wants to write to a protected folder but can't due to lack of permissions. This means that the application gets a different view of the world depending on whether it is run normally or as administrator. I find that somewhat confusing, to say the least.



Now I'm confused...

Let's look at another example, this time writing to C:\ProgramData\TestVirtualStore\myfile.txt. Normally, writing to ProgramData is allowed, but if the permissions of C:\ProgramData\TestVirtualStore do not allow writing, the VirtualStore kicks in again, with the same behavior as for Program Files. The same goes for permissions of individual files - if a file ends up there owned by the administrator, a regular launcher session would simply write a file to the VirtualStore instead. This time finding the file is obscured even further by the fact that ProgramData is a hidden folder - you won't see it unless you have view hidden files enabled in the Explorer.

Just to add to this perfect storm of events, the Windows 10 update would in some cases mess up the permissions of the ProgramData folder.

What is your legacy?

So why was this an issue for the launcher? Surely it's not a legacy application? Well, by definition it was, due to an unfortunate oversight. A legacy application is defined as 32-bit, not running with administrative privileges and not including a Windows manifest file. This is where I messed up - I forgot to include a manifest when setting up the EVE launcher project. Normally when starting up new project in Visual Studio it will include a manifest by default - in fact, I had to explicitly remove it when setting up the sample programs used above. The launcher is a Qt project, and it does not include a manifest by default - I had to add it explicitly. This blog here has a good description of how to do it for Qt projects.

If the launcher was a standalone program this probably wouldn't have been an issue, aside from sometimes seeing files and sometimes not, depending on whether you ran as administrator or not. The problem is that the launcher is staging files for the EVE client to use, and the EVE client was already set up with a manifest file so it was not classified as a legacy application. If the launcher ended up writing any files to the VirtualStore the client would never see those files, and worse still, it might see a different version of a file than what the launcher would see.

Don't forget your manifest

The moral of the story - make sure your Windows application has a manifest!

Comments

Popular posts from this blog

Working with Xmpp in Python

Xmpp is an open standard for messaging and presence, used for instant messaging systems. It is also used for chat systems in several games, most notably League of Legends made by Riot Games. Xmpp is an xml based protocol. Normally you work with xml documents - with Xmpp you work with a stream of xml elements, or stanzas - see https://tools.ietf.org/html/rfc3920 for the full definitions of these concepts. This has some implications on how best to work with the xml. To experiment with Xmpp, let's start by installing a chat server based on Xmpp and start interacting with it. For my purposes I've chosen Prosody - it's nice and simple to install, especially on macOS with Homebrew : brew tap prosody/prosody brew install prosody Start the server with prosodyctl - you may need to edit the configuration file (/usr/local/etc/prosody/prosody.cfg.lua on the Mac), adding entries for prosody_user and pidfile. Once the server is up and running we can start poking at it...

Simple JSON parsing in Erlang

I've been playing around with Erlang . It's an interesting programming language - it forces you to think somewhat differently about how to solve problems. It's all about pattern matching and recursion, so it takes bit getting used to before you can follow the flow in an Erlang program. Back in college I did some projects with Prolog  so some of the concepts in Erlang were vaguely familiar. Supposedly, Erlang's main strength is support for concurrency. I haven't gotten that far in my experiments but wanted to start somewhere with writing actual code. OTP - the Erlang standard library doesn't have support for JSON so I wanted to see if I could parse a simple JSON representation into a dictionary object. The code is available on Github:  https://github.com/snorristurluson/erl-simple-json This is still very much a work in progress, but the  parse_simple_json/1 now handles a string like {"ExpiresOn":"2017-09-28T15:19:13", "Scopes":...

JumperBot

In a  previous blog  I described a simple echo bot, that echoes back anything you say to it. This time I will talk about a bot that generates traffic for the chat server, that can be used for load-testing both the chat server as well as any chat clients connected to it. I've dubbed it  JumperBot  - it jumps between chat rooms, saying a few random phrases in each room, then jumping to the next one. This bot builds on the same framework as the  EchoBot  - refer to the previous blog if you are interested in the details. The source lives on GitHub:  https://github.com/snorristurluson/xmpp-chatbot Configure the server In an  earlier blog  I described the setup of Prosody as the chat server to run against. Before we can connect bots to the server we have to make sure they can log in, either by creating accounts for them: prosodyctl register jumperbot_0 localhost jumperbot prosodyctl register jumperbot_1 localhost jumperbot ... or by ...