Skip to main content

Manifest destiny

In a previous blog I wrote about the perils of auto-updating the EVE launcher on Windows when it is installed in Program Files - a protected folder - as it would elevate the process. Due to a bug (that's now been fixed) the launcher would then also start elevated after the update. Any files it would write in that elevated sessions would be owned by the administrator - subsequent launcher sessions where the launcher was started regularly would not be able to overwrite those files.

To further complicate matters we were occasionally getting reports of the client reporting damaged files even when the launcher seemed to be downloading and staging files successfully.

Protecting system files

This turned out be due to a very helpful feature of Windows, actually going back to Vista, when the UAC was introduced. When a legacy application wants to create a file in a protected location where it does not have write permissions, Windows will open a file in the Virtual Store folder, rather than letting the file create operation fail. When reading files, Windows will look in the Virtual Store first, so for many applications this will probably work fine.

The drawback to this helpful feature is that it can be downright confusing. Let's say we have an application that checks in the folder where the application lives for a file called myfile.txt. If it exists, it reads the file and displays the contents. If it doesn't exist, it prompts you for some text and writes to the file. Just to make this a bit more concrete, I've put this program up on github if you want to test this for yourself.

Show me

Put this application under C:\Program Files\TestVirtualStore. Run the app, it tells you the file C:\Program Files\TestVirtualStore\myfile.txt does not exist, prompts you for some text and proceeds to writing the file. You look in C:\Program Files\TestVirtualStoreand there is no file called myfile.txt there. You run the application again - this time it reads from the file myfile.txt and succeeds, showing you the text you typed earlier.

If you run the same application again, this time as administrator, it will again tell you the file does not exist. Type in some text for the application to write - make sure it is different from before. You look in C:\Program Files\MyApp again and lo and behold, the file is there.

Now run again normally (not as administrator) - you will see the original text displayed again. Where was it saved? In a folder called VirtualStore under %LOCALAPPDATA%. The virtual store kicks in when a legacy application wants to write to a protected folder but can't due to lack of permissions. This means that the application gets a different view of the world depending on whether it is run normally or as administrator. I find that somewhat confusing, to say the least.

Now I'm confused...

Let's look at another example, this time writing to C:\ProgramData\TestVirtualStore\myfile.txt. Normally, writing to ProgramData is allowed, but if the permissions of C:\ProgramData\TestVirtualStore do not allow writing, the VirtualStore kicks in again, with the same behavior as for Program Files. The same goes for permissions of individual files - if a file ends up there owned by the administrator, a regular launcher session would simply write a file to the VirtualStore instead. This time finding the file is obscured even further by the fact that ProgramData is a hidden folder - you won't see it unless you have view hidden files enabled in the Explorer.

Just to add to this perfect storm of events, the Windows 10 update would in some cases mess up the permissions of the ProgramData folder.

What is your legacy?

So why was this an issue for the launcher? Surely it's not a legacy application? Well, by definition it was, due to an unfortunate oversight. A legacy application is defined as 32-bit, not running with administrative privileges and not including a Windows manifest file. This is where I messed up - I forgot to include a manifest when setting up the EVE launcher project. Normally when starting up new project in Visual Studio it will include a manifest by default - in fact, I had to explicitly remove it when setting up the sample programs used above. The launcher is a Qt project, and it does not include a manifest by default - I had to add it explicitly. This blog here has a good description of how to do it for Qt projects.

If the launcher was a standalone program this probably wouldn't have been an issue, aside from sometimes seeing files and sometimes not, depending on whether you ran as administrator or not. The problem is that the launcher is staging files for the EVE client to use, and the EVE client was already set up with a manifest file so it was not classified as a legacy application. If the launcher ended up writing any files to the VirtualStore the client would never see those files, and worse still, it might see a different version of a file than what the launcher would see.

Don't forget your manifest

The moral of the story - make sure your Windows application has a manifest!

Popular posts from this blog

Waiting for an answer

I want to describe my first iteration of exsim, the core server for the large scale simulation I described in my last blog post. A Listener module opens a socket for listening to incoming connections. Once a connection is made, a process is spawned for handling the login and the listener continues listening for new connections. Once logged in, a Player is created, and a Solarsystem is started (if it hasn't already). The solar system also starts a PhysicsProxy, and the player starts a Ship. These are all GenServer processes. The source for this is up on GitHub: Player The player takes ownership of the TCP connection and handles communication with the game client (or bot). Incoming messages are parsed in handle_info/2 and handled by the player or routed to the ship, as appropriate. The player creates the ship in its init/1 function. The state for the player holds the ship and the name of the player. Ship The ship holds the state of the ship - …

Large scale ambitions

Learning new things is important for every developer. I've mentioned this before, and in the spirit of doing just that, I've started a somewhat ambitious project.

I want to do a large-scale simulation, using Elixir and Go, coupled with a physics simulation in C++. I've never done anything in Elixir before, and only played a little bit with Go, but I figure, how hard can it be?

Exsim I've dubbed this project exsim - it's a simulation done in Elixir. Someday I'll think about a more catchy name - for now I'm just focusing on the technical bits. Here's an overview of the system as I see it today:

exsim sits at the heart of it - this is the main server, implemented in Elixir. exsim-physics is the physics simulation. It is implemented in C++, using the Bullet physics library. exsim-physics-viewer is a simple viewer for the state of the physics simulation, written in Go. exsim-bot is a bot for testing exsim, written in Go. exsim-client is the game client, for inter…

Mnesia queries

I've added search and trim to my expiring records module in Erlang. This started out as an in-memory key/value store, that I then migrated over to using Mnesia and eventually to a replicated Mnesia table. The fetch/1 function is already doing a simple query, with match_object. Result=mnesia:match_object(expiring_records, #record{key=Key, value='_', expires_at='_'}, read) The three parameters there are the name of the table - expiring_records, the matching pattern and the lock type (read lock). The fetch/1 function looks up the key as it was added to the table with store/3. If the key is a tuple, we can also do a partial match: Result=mnesia:match_object(expiring_records, #record{key= {'_', "bongo"}, value='_', expires_at='_'}, read) I've added a search/1 function the module that takes in a matching pattern and returns a list of items where the key matches the pattern. Here's the test for the search/1 function: search_partial_…