Skip to main content

Manifest destiny

In a previous blog I wrote about the perils of auto-updating the EVE launcher on Windows when it is installed in Program Files - a protected folder - as it would elevate the process. Due to a bug (that's now been fixed) the launcher would then also start elevated after the update. Any files it would write in that elevated sessions would be owned by the administrator - subsequent launcher sessions where the launcher was started regularly would not be able to overwrite those files.

To further complicate matters we were occasionally getting reports of the client reporting damaged files even when the launcher seemed to be downloading and staging files successfully.

Protecting system files

This turned out be due to a very helpful feature of Windows, actually going back to Vista, when the UAC was introduced. When a legacy application wants to create a file in a protected location where it does not have write permissions, Windows will open a file in the Virtual Store folder, rather than letting the file create operation fail. When reading files, Windows will look in the Virtual Store first, so for many applications this will probably work fine.

The drawback to this helpful feature is that it can be downright confusing. Let's say we have an application that checks in the folder where the application lives for a file called myfile.txt. If it exists, it reads the file and displays the contents. If it doesn't exist, it prompts you for some text and writes to the file. Just to make this a bit more concrete, I've put this program up on github if you want to test this for yourself.

Show me

Put this application under C:\Program Files\TestVirtualStore. Run the app, it tells you the file C:\Program Files\TestVirtualStore\myfile.txt does not exist, prompts you for some text and proceeds to writing the file. You look in C:\Program Files\TestVirtualStoreand there is no file called myfile.txt there. You run the application again - this time it reads from the file myfile.txt and succeeds, showing you the text you typed earlier.



If you run the same application again, this time as administrator, it will again tell you the file does not exist. Type in some text for the application to write - make sure it is different from before. You look in C:\Program Files\MyApp again and lo and behold, the file is there.

Now run again normally (not as administrator) - you will see the original text displayed again. Where was it saved? In a folder called VirtualStore under %LOCALAPPDATA%. The virtual store kicks in when a legacy application wants to write to a protected folder but can't due to lack of permissions. This means that the application gets a different view of the world depending on whether it is run normally or as administrator. I find that somewhat confusing, to say the least.



Now I'm confused...

Let's look at another example, this time writing to C:\ProgramData\TestVirtualStore\myfile.txt. Normally, writing to ProgramData is allowed, but if the permissions of C:\ProgramData\TestVirtualStore do not allow writing, the VirtualStore kicks in again, with the same behavior as for Program Files. The same goes for permissions of individual files - if a file ends up there owned by the administrator, a regular launcher session would simply write a file to the VirtualStore instead. This time finding the file is obscured even further by the fact that ProgramData is a hidden folder - you won't see it unless you have view hidden files enabled in the Explorer.

Just to add to this perfect storm of events, the Windows 10 update would in some cases mess up the permissions of the ProgramData folder.

What is your legacy?

So why was this an issue for the launcher? Surely it's not a legacy application? Well, by definition it was, due to an unfortunate oversight. A legacy application is defined as 32-bit, not running with administrative privileges and not including a Windows manifest file. This is where I messed up - I forgot to include a manifest when setting up the EVE launcher project. Normally when starting up new project in Visual Studio it will include a manifest by default - in fact, I had to explicitly remove it when setting up the sample programs used above. The launcher is a Qt project, and it does not include a manifest by default - I had to add it explicitly. This blog here has a good description of how to do it for Qt projects.

If the launcher was a standalone program this probably wouldn't have been an issue, aside from sometimes seeing files and sometimes not, depending on whether you ran as administrator or not. The problem is that the launcher is staging files for the EVE client to use, and the EVE client was already set up with a manifest file so it was not classified as a legacy application. If the launcher ended up writing any files to the VirtualStore the client would never see those files, and worse still, it might see a different version of a file than what the launcher would see.

Don't forget your manifest

The moral of the story - make sure your Windows application has a manifest!

Comments

Popular posts from this blog

Large scale ambitions

Learning new things is important for every developer. I've mentioned  this before, and in the spirit of doing just that, I've started a somewhat ambitious project. I want to do a large-scale simulation, using  Elixir  and Go , coupled with a physics simulation in C++. I've never done anything in Elixir before, and only played a little bit with Go, but I figure,  how hard can it be ? Exsim I've dubbed this project exsim - it's a simulation done in Elixir. Someday I'll think about a more catchy name - for now I'm just focusing on the technical bits. Here's an overview of the system as I see it today: exsim  sits at the heart of it - this is the main server, implemented in Elixir. exsim-physics  is the physics simulation. It is implemented in C++, using the Bullet physics library. exsim-physics-viewer  is a simple viewer for the state of the physics simulation, written in Go. exsim-bot  is a bot for testing exsim, written in Go.

Working with Xmpp in Python

Xmpp is an open standard for messaging and presence, used for instant messaging systems. It is also used for chat systems in several games, most notably League of Legends made by Riot Games. Xmpp is an xml based protocol. Normally you work with xml documents - with Xmpp you work with a stream of xml elements, or stanzas - see https://tools.ietf.org/html/rfc3920 for the full definitions of these concepts. This has some implications on how best to work with the xml. To experiment with Xmpp, let's start by installing a chat server based on Xmpp and start interacting with it. For my purposes I've chosen Prosody - it's nice and simple to install, especially on macOS with Homebrew : brew tap prosody/prosody brew install prosody Start the server with prosodyctl - you may need to edit the configuration file (/usr/local/etc/prosody/prosody.cfg.lua on the Mac), adding entries for prosody_user and pidfile. Once the server is up and running we can start poking at it

Mnesia queries

I've added search and trim to my  expiring records  module in Erlang. This started out as an  in-memory  key/value store, that I then migrated over to  using Mnesia  and eventually to a  replicated Mnesia  table. The  fetch/1  function is already doing a simple query, with  match_object . Result = mnesia : match_object ( expiring_records , # record { key = Key , value = '_' , expires_at = '_' }, read ) The three parameters there are the name of the table -  expiring_records , the matching pattern and the lock type (read lock). The  fetch/1  function looks up the key as it was added to the table with  store/3 . If the key is a tuple, we can also do a partial match: Result = mnesia : match_object ( expiring_records , # record { key = { '_' , " bongo " }, value = '_' , expires_at = '_' }, read ) I've added a  search/1  function the module that takes in a matching pattern and returns a list of items wh