If you’re interested in playing with/testing Pivot, ensure you follow me (@WithinRafael) on Twitter. I’ll be giving away codes this weekend and throughout the following week.

[See post to watch Flash video]

If you find yourself in the mood to write Ribbon-enabled applications, make absolutely sure you grab the Ribbon preview tool. You can easy cook and debug Ribbon UI XML with this tool. Some photos covering the recommended implementation steps follow.

Webcam chat at Ustream

Day 1: Tuesday, November 17 8:30am - 10:30am (PDT)
(See other time zones)

Day 2: Wednesday, November 18 8:30am - 10:30am (PDT)
(See other time zones)

Update 11/7 (2): The code in question is not a part of the IMAPIv2 Code Samples. If you visit Codeplex and actually download the source code, you’ll see this code is separate.

Update 11/7 (3): ImageMaster UDF parsing is a valid derivative work licensed under GPL. The original parsing code is from LGPL 7zip. Here’s a comparison. And another.

Update 11/9: Microsoft has pulled the tool pending further investigation.

Update 11/13: Microsoft has acknowledged the code use, see Port 25 for more details.

While poking through the UDF-related internals of the Windows 7 USB/DVD Download Tool, I had a weird feeling there was just wayyyyyyyyy too much code in there for such a simple tool. A simple search of some method names and properties, gleaned from Reflector’s output, revealed the source code was obviously lifted from the CodePlex-hosted (yikes) GPLv2-licensed ImageMaster project. (The author of the code was not contacted by Microsoft.)

I see two problems here. (I’m not a FSF professional, so there may be more.)

First, Microsoft did not offer or provide source code for their modifications to ImageMaster nor their tool. According to GPLv2:

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

Second, Microsoft glued in some of their own licensing terms, further restricting your rights to the software (TermsOfUse.rtf). According to their terms:

1. Scope of License. The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not
· work around any technical limitations in the software;

· reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;

· make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;

· publish the software for others to copy;

· rent, lease or lend the software;

· transfer the software or this agreement to any third party; or

· use the software for commercial software hosting services.

I understand Microsoft is a big company and that this could have been externally contracted work, but someone dropped the ball during code review/licensing. Cue the fail horns, Drew.

Example of reflected Microsoft tool code and ImageMaster source code on CodePlex

If they want to waste their time creating wrappers – fine – but I draw the line at the ripping off my logon UI tip then returning to comment-spam their crap software.

What a bunch of losers.

Comment author: Frank (IP: 71.169.142.181 , pool-71-169-142-181.burl.east.myfairpoint.net)
E-mail: frank77@myfairpoint.net

So assuming each logical block of the image is 2048 bytes large, one could also assume the last logical block is –2048 from the end of the file, right? Well, that’s what the tool assumes. It checks for the last AVDP at the start of the last logical block, doesn’t find it, and bombs out.

I haven’t read through the entire spec., but I doubt there’s anything in here regarding the container of the UDF formatted data.

While one could argue Microsoft Store-downloaded ISOs are comprised in a compatible manner and therefore this scenario is unsupported it wouldn’t have been hard to add some AVDP seeking code.

As a quick hack to resolve this issue, I wrote a tool that merely finds the AVDP in your ISO file and copies it to offset (EOF-2048). This will allow you to use your own ISOs with the Microsoft tool. Microsoft.NET 2.x or higher required.

The unique ability to change the wallpaper in Windows 7 Starter: a specialized theme includes a custom screen saver and 15 wallpapers designed by Boontje.

How is this possible?

Upon clicking the Customize and Buy link on HP’s website, and clicking through the various customizable components, you’ll discover the included software bundle consisting of some simple applications and a copy of Stardock MyColors, designed for Windows 7. For those unaware, MyColors is simply a stripped down WindowBlinds application targeting the download-and-apply-my-theme users that don’t need the power (or cost) of WindowBlinds. The internals, however, are the same. As this software replaces the Microsoft Windows theming subsystem with its own, it completely bypasses any and all license restrictions imposed by Microsoft. (On the surface, this doesn’t feel very... legal. But I’m sure Microsoft green lighted this.)

(Slight addition [10/20]): MyColors also features some DesktopX and IconPackager code. Thanks for the note, Julien.

So there you go. An updated copy of MyColors for download should be available on or shortly after October 22, the same day Windows 7 officially launches.

I received a note from a reader indicating users of OpenDNS are receiving phishing warnings about a site I created a few days ago, in light of the Hotmail news. Upon using OpenDNS’ CacheCheck feature, it appears the site has indeed been blocked. According to OpenDNS’ little blurb at the bottom, they “block known phishing sites”. That’s funny, because they really don’t know a damn thing about the site. They didn’t bother to ask me about how it worked nor bothered to click the only link at the bottom of the page to find my (previously) top-most post here, indicating the site isn’t a scam. How can I run a phishing operation without asking for credentials or posing to be Bank of America?

*shakes head in disgust*

Hopefully this post will clarify the site’s intentions and purpose.

Notable showcase locations:

• Windows 7 Launch in New York City (October 22) + Train
• Microsoft PDC 2009 (November 15-20) + Airplanes

The rules are simple:

• No pornographic, druggie, dating, or nude stickers. Violence is acceptable though.
• No overly humongous stickers.  Be realistic.
• No Katy Perry. No Miley Cyrus. No Paul Thurrott.
• I ultimately decide if I want to use your sticker or not. Product samples and/or bribes can work to your advantage.

If you’re interested, email rafael+stickers@withinwindows.com with a description/image of your sticker and I’ll send you an address to mail them to.

Accepted stickers thus far: Bing, Identity Mine, LiveSide, Pingie, DataPortability, F-Secure, Hostgator

Back on the 17th, I posted a quick registry hack for those that wanted to force certain Zune software features on or off. One of my readers inquired, however, about Radio features that seemed to exist but were disabled. Double-checking my previous research, there was nothing available to enable anything related to Radio, so I had to dig deeper.

Before you see Zune’s cute UI, the software has to jump through a number of hoops beforehand. Some of these hoops involve asking the Zune Gods (pictured to the right) if certain features are enabled or disabled. This inquiry is made by calling a special function called IsFeatureEnabled, implemented by a special object returned from Zune’s native (as opposed to managed) library. (This function is one of many that are described by an interface called IFeatureEnablement.)

Why is this important?

While it is true that most of the Zune features were implemented with a “ignore the Gods” override, this isn’t true for the unfinished Radio feature. This feature was marked as permanently disabled, hiding unfinished/unstable code from the public.

Re-enabling this feature isn’t exactly easy.

At first, I was inclined to simply disassemble all the managed code into IL, edit, and re-assemble. This turned into a nightmare involving digital signatures, Steven Sinofsky, and embedded native code (which cannot be disassembled properly). My second idea involving writing a loader that patched the relevant code at runtime fell flat too, due to my inexperience with the whole managed/native mish mash environment. Growing tired, I simply resorted to old school patching-on-disk of the Zune native library.

First, I wrote a utility to identify what I need to patch. Static analysis is fun, but not that fun. The Zune Function Locator utility (pictured above) may have a corny name but it does its job. (I plan on further expanding the tool’s capabilities, hence the generic name.) It will locate, within Zune’s native library (ZuneNativeLib.dll), where the IsFeatureEnabled function starts.

Err… why do we care?

Well, as I mentioned before, this function asks the Zune Gods if a feature is enabled or disabled. It returns the “answer” to the Zune software, controlling whether or not the user sees the feature. We’ll need to rewrite this function’s logic to always return “can haz”.

Second, I opened the library in a disassembler to provide a machine code listing of what’s going on here. The contents weren’t really relevant – I was going to rewrite it.

Third, I opened the library in trusty ol’ XVI32, jumped to the offset my tool spat out earlier, moved a few bytes in and… mashed the keyboard, inputting a bunch of random characters.

No, not really.

I typed in the hexadecimal characters for several assembly opcodes that ensured the feature was always considered enabled. The actual x64 code for this is below:

xor rax, rax
inc rax
mov [r8], al
dec rax
pop rdi
retn

(The x86 code is very similar, therefore I won’t spend two hours trying to format it properly in Windows Live Writer.)

Fourth, I saved everything and fired up Zune. Crossing my fingers, the UI appeared and lo’ and behold the Radio feature appeared.

As mentioned earlier, the Radio feature is very unpolished and unstable. The baked in stations don’t play or display station graphics, but I’m willing to bet the folks at Zunerama will have it tamed in a few days.

All the resources I used are available for download from either here or the internet. Enjoy your private tinkering, but remember: I’m not responsible if your entire Zune music collection is replaced with Katy Perry albums. Also keep in mind the patched library may inhibit proper servicing (i.e. updating) by Microsoft. YMMV.

Download: Zune Function Locator 0.1 [x86/x64] // Raw patching instructions

• \Windows\ehome\Mcx2Prov.exe
• \Windows\System32\AdapterTroubleshooter.exe
• \Windows\System32\appinfo.dll
• \Windows\System32\BitLockerWizardElev.exe
• \Windows\System32\bthudtask.exe
• \Windows\System32\chkntfs.exe
• \Windows\System32\cleanmgr.exe
• \Windows\System32\cliconfg.exe
• \Windows\System32\CompMgmtLauncher.exe
• \Windows\System32\ComputerDefaults.exe
• \Windows\System32\dccw.exe
• \Windows\System32\dcomcnfg.exe
• \Windows\System32\DeviceEject.exe
• \Windows\System32\DeviceProperties.exe
• \Windows\System32\dfrgui.exe
• \Windows\System32\djoin.exe
• \Windows\System32\eudcedit.exe
• \Windows\System32\eventvwr.exe
• \Windows\System32\fsquirt.exe
• \Windows\System32\FXSUNATD.exe
• \Windows\System32\hdwwiz.exe
• \Windows\System32\ieUnatt.exe
• \Windows\System32\iscsicli.exe
• \Windows\System32\iscsicpl.exe
• \Windows\System32\lpksetup.exe
• \Windows\System32\MdSched.exe
• \Windows\System32\msconfig.exe
• \Windows\System32\msdt.exe
• \Windows\System32\msra.exe
• \Windows\System32\MultiDigiMon.exe
• \Windows\System32\Netplwiz.exe
• \Windows\System32\newdev.exe
• \Windows\System32\ntprint.exe
• \Windows\System32\ocsetup.exe
• \Windows\System32\odbcad32.exe
• \Windows\System32\OptionalFeatures.exe
• \Windows\System32\perfmon.exe
• \Windows\System32\printui.exe
• \Windows\System32\rdpshell.exe
• \Windows\System32\recdisc.exe
• \Windows\System32\rrinstaller.exe
• \Windows\System32\rstrui.exe
• \Windows\System32\sdbinst.exe
• \Windows\System32\sdclt.exe
• \Windows\System32\shrpubw.exe
• \Windows\System32\slui.exe
• \Windows\System32\SndVol.exe
• \Windows\System32\spinstall.exe
• \Windows\System32\SystemPropertiesAdvanced.exe
• \Windows\System32\SystemPropertiesComputerName.exe
• \Windows\System32\SystemPropertiesDataExecutionPrevention.exe
• \Windows\System32\SystemPropertiesHardware.exe
• \Windows\System32\SystemPropertiesPerformance.exe
• \Windows\System32\SystemPropertiesProtection.exe
• \Windows\System32\SystemPropertiesRemote.exe
• \Windows\System32\taskmgr.exe
• \Windows\System32\tcmsetup.exe
• \Windows\System32\TpmInit.exe
• \Windows\System32\verifier.exe
• \Windows\System32\wisptis.exe
• \Windows\System32\wusa.exe
• \Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_a1e8f56d586ec10b\fsquirt.exe
• \Windows\System32\oobe\setupsqm.exe
• \Windows\System32\sysprep\sysprep.exe

For those of you in the US or Canada, stop reading now.

Welcome non-US/CA readers! There’s nothing more frustrating than buying a Zune, plugging it in, and discovering the software is “broken” because of how your computer is “configured”. Features like the Marketplace and that snazzy intro video? Completely missing! Yikes.

If you’re positive you should be seeing these features, don’t panic. Microsoft spent a lot of time programming some overrides for you. Simply navigate to HKCU\Software\Microsoft\Zune and create a key called FeaturesOverride. Within this key, create a DWORD for each feature you want to enable and set its value to 1. A list of tweakables follow.

• Quickplay
• Marketplace
• Picks
• Videos
• MusicVideos
• Podcasts
• Channels
• Games
• SubscriptionFreeTracks
• SignInAvailable (allows restricted locales to sign in!)
• FirstLaunchIntroVideo
• MBRRental
• MBRPurchase
• MBRPreview

For those that are lazy, you can download a simple registry script to double-click. Don’t blame me if it eats your hard drive though.

You’re welcome, NVIDIA.

While playing around with Movie Maker, I tried to import some video content stored on my HP MediaSmart. Just my luck, it’s not supported. As you can plainly see on the right, Microsoft suggests I copy my content – which could theoretically be gigabytes in size – to my local disk.

Uh. How about no?

Poking around a bit, I noticed Movie Maker has an undocumented override switch... but it comes at a tiny cost: The network share housing your media must may need to allow unfettered Guest access. For those that aren’t trying to hide porn on their MediaSmart servers, this isn’t a big deal. I suspect this is either a temporary code issue revolving around the lack of user impersonation or a security feature. Either case, it’s annoying.

(Update August 21, 2009: Tom Warren mentioned he did not require Guest access. YMMV.)

To run the roadblock, navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows Live\Movie Maker and add a DWORD value named AllowNetworkFiles. Afterwards, simply double-click it and set its data to either 0 (disabled) or 1 (enabled).

Keyboard cat, inside the new Windows Live Movie Maker, playing me off.

Update (8/10): A NVIDIA representative has indicated the fix will be “available in the next driver release” sometime this month.

While poking around Process Explorer, I stumbled upon a process having a curiously high handle count. Having dealt with leaky components before, I identified the 64 handle/minute pattern almost immediately.

Figure - Process Explorer viewing nvSCPAPISvr.exe open file handles

As the description indicates, this particular component (a Windows service) is responsible for some sort of NVIDIA Stereoscopic feature. With some Bing’ing around, I discovered this functionality is only useful if you use 3D glasses shown on the NVIDIA 3D Vision product page.

While I could have simply stopped the service – which shouldn’t be configured to start Automatically to begin with – I decided to dive a little deeper to understand the issue.

After some disassembly, I found string references to \INF\OEM*.INF which led me to a piece of code wrapped in a loop. My ASM to C++ hand transcribed version of the code (not representative of the real product):

GetWindowsDirectoryA(260, path);
strcat(path, "\\INF\\OEM*.INF");
 
HANDLE find_handle = FindFirstFile(path, &wfd);
 
if(find_handle != INVALID_HANDLE_VALUE) {
 
  do
  {
    HANDLE inf_handle = SetupOpenInfFile(
        wfd.FileName,
        NULL,
        INF_STYLE_WIN4,
        error_line);
 
    // [...] Additional code to search for nvstusb.cat/sys
  }
  while(FindNextFile(find_handle, &wfd));
 
  FindClose(find_handle);
}
 

The bug isn’t obvious at first glance. The issue lies within the use of SetupOpenInfFile. The handle returned by this function is never passed into SetupCloseInfFile, leaving various internal file and mutex handles open consuming a large amount of memory (as this user reported in July).

To mitigate this issue, I strongly suggest you stop and disable the NVIDIA Stereoscopic 3D Driver Service. If you use its stereoscopic features, I suggest you only use the service for short amounts of time.

Although the latest drivers I’m using aren’t WHQL signed (190.56), this problem also exists in all drivers versioned 186.xx and up. This range is inclusive of WHQL and non-WHQL signed drivers. I, again, urge Microsoft to include some sort of Application Verifier testing with all components bundled with WHQL submitted drivers.

Figure of Milestone 1, 2, and Beta (Milestone 3-like) Taskbars displayed vertically, respectively.

The Milestone 1 Taskbar was switched on with the addition of a Boolean DWORD value named EnableCHS, placed in the HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced key. One could infer CHS is a symbolic reference to the Chinese and their government’s way of shrouding everything in secrecy. Microsoft has come out and said CHS stood for Can Has Superbar, a reference to “lolspeak”. This iteration of the Taskbar featured very basic grouping features, live preview, and early support for “pinning” although not completely functional.

Milestone 2 builds featured an improved Taskbar, primarily focused on improving past pinning and grouping work. It also featured the beginnings of what we now know as Jumplists and Aero Peek. Unlike the previous Taskbar, the Shell performed more vigorous checks on who you were, under the Microsoft corporate umbrella, to determine if you were authorized to use the new Taskbar. One could infer these additions denote the point in time in which “new Taskbar builds” of Windows 7 had to be shared outside the Shell group for further work (e.g. the teams that work on Libraries, Find and Organize).

At the end of what you could call the “private development” tunnel, Microsoft started work on Milestone 3 builds of Taskbar. It is at this time, pinning and grouping features were smoothed out, attention jerking elements were removed (e.g. the awful white gradient), and the more subtle icon resources installed in preparation for the upcoming technical preview. Unpictured, Jumplists still had the small arrow that appeared upon hover over a Taskbar button.

The Milestone 3 Taskbar received little polish before being pushed out to the public in the first Pre-beta build of Windows 7. While demoed at the Professional Developers Conference in 2008, the Taskbar was not intended for public use. Having received a tip of the new Taskbar’s existence, however, I circumvented its Milestone 2-based protection and developed a tool to enable its public critique. (After all, we, the users, were the ones that were going to be using this from now until the next major Taskbar change. I felt it was important to perfect it now before code freeze.)

Updated July 30, 2009: Added proper definition of CHS, as per Microsoft.

Mom and Dad will likely get a pre-built machine, by either a popular manufacturer or their kids, so this isn’t a problem for them. Us, on the other hand, are incredibly lazy. We won’t want to bend down and grab one of a million USB fobs. Or put yet another executable on our NAS. Or heaven forbid, waste a CD. We need something clever. This is one such clever.

Step 1 – Launch (and configure) Windows Media Player

Throughout the OS, you’ll find references to Windows Media Player. Click one of them. You’ll be welcomed by a wizard that takes a good five minutes to go through, if you don’t choose the Recommended option.

Step 2 – Search for your browser, using the Windows Media Guide

If it isn’t already on your screen, open the Windows Media Guide. You can do this by clicking the very large Media Guide button in the lower-left corner of Windows Media Player. In the upper-right corner of the Guide, type your browser of choice into the Search box. Purely for example purposes, cough, I typed “Firefox”.

Step 3 – Click an ad, download your browser

Upon completion of your search, you’ll be presented with some advertising. We’ll use this to our advantage to hop outside the cage we’re in. Pick an ad, click it. If it doesn’t take you to the manufacturers site in less than a few clicks, go back and pick a different ad. Eventually you’ll end up at the desired location with the binaries you need trickling down to your desktop.

For those that wish to download Internet Explorer, you can simply type the keyword IE8 or Opera. I’m serious.

Figure 1, 2 -- Windows Media Player being used to search for and download Mozilla Firefox

Click Code⁷ for more details.

Figures 1 and 2 -- Microsoft Office “Outspace” turned on and off (Microsoft Word)

For those of us that hate change, fear not. You can revert back to the old way of doing things with a quick registry tweak. Simply navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars (creating that key if it doesn’t already exist) and create a DWORD named UseOutspace. Give it a value of 0 or 1 (representing disabled or enabled, respectively) and you’re done. You’ll notice with Outspace off, a piece of the original Office button shows up. This is a bug that’ll be cleaned up as the product matures.

Your scrutinizing peers include myself and these other old farts:

Ed Bott, MVP, EdBott.com
Paul Schottland, Product Unit Manager for Microsoft
Steve Sinchak, MVP, Tweaks.com
Lowell Heddings, HowToGeek.com
Howard Lo, Microsoft’s Regional Team Manager (APAC)
Emil Protalinski, Ars Technica – One Microsoft Way
Corrine Chorney, MVP, Security Garden and The Windows Club Moderator
James Fisher, MVP, Windows Talk and The Windows Club Moderator
Anand Khanse, MVP, The Windows Club Administrator.

You have nothing to lose by submitting, so don’t be a lazy bum.