Posted in 2021
New web server hijacker HttpResetModule.dll
- 22 September 2021
Today a friend’s server was hacked. The web site displays normally if visited directly. The content is highjacked when visit from a Baidu Search result, similar to what user 41nbow experienced at https://www.freebuf.com/articles/web/222060.html.
A file system wide search for recent changed files shows that %windir%\system32\inetsrv\config\applicationHost.config file was recently updated. New entries were added to the end of the <globalModules> section. Despite their location being C:\Windows\Microsoft.NET\Framework\v2.0.50727 and C:\Windows\Microsoft.NET\Framework64\v2.0.50727, they bear no Microsoft signature nor any other version information. Also, the file name HttpResetModule is suspicious, why a web server want do reset a connection?
Better Late Than Never
- 16 June 2021
This post originally appeared on Joycode on Sept 17 2004.
在文件选择对话框和浏览器中都可以显示文件夹视图,但是有时需要对显示的方式进行控制,例如在文件选择对话框初始化时设置显示方式为详细资料视图或者缩略图视图,有的时候需要用程序来选择一些项目,例如在文件选择对话框中添加全选按钮,或者打开文件所在文件夹并且选中指定文件。
Converting generic OopFactory.X12 structures to typed counterparts
- 30 April 2021
OopFactory.X12 can parse EDI messages into segments and loops. However despite typed segments and loops exist, the parser does not generate them in the object model. The unit test only use them when generating EDI messages.
The typed segments and loops are aggregative objects that do not contain their own data members besides the contained untyped objects. Which means if I replace the contained object with the generic one from the parser via .Net reflection, then I can access the object model in a typed way. So I created this in a static class
How To Determine When a Page Is Done Printing in WebBrowser Control
- 24 March 2021
Note this post is originally written in 2012. It was lost when moving my web site from Windows Live Spaces to WordPress. I found a dead link to my web site on Stackoverflow and found an archive from archive.org. So here it is the old article, with dead link updated of course.
The printing from a WebBrowser control can be customized by using custom headers and footers (https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Archive/267240, archived from http://support.microsoft.com/kb/267240) or replacing the default print template. However, using such techniques conflicts with the PRINT_WAITFORCOMPLETION flag, which is used for synchronous printing.
Troubleshooting a memory leak
- 27 February 2021
Got called into a memory leak troubleshooting.
The application was leaking memory at 1mb per second. In memory profiler, most of the growing memory are used by byte[] and RuntimeMethodHandle (growing at around a million per minute). Initially I thought it is a disposing problem, but the memory occupied by disposable objects does not increase over time.
Icepocalypse 2021 冰狱 2021
- 18 February 2021
this is my dairy about the winter storm occurred in Feb 2021.
这是我2021年二月冬季风暴的日记
微软拼音卡顿的问题
- 05 January 2021
微软拼音最近每次激活的时候都要卡上个几分钟。而且不是一个程序只卡一次,中英文切换之后还会继续卡。
用了Process Monitor跟踪了一下,发现每次切换中英文的时候,微软拼音都会在%appdata%MicrosoftInputMethodChs下面创建一个名字为UDPXXXX(这里XXXX是16进制数字).tmp的文件,我这个目录下有六万五千多个这样的文件。从命名风格来看,很明显是在调用GetTempFileName,而这个函数有65535个文件的限制,不删除文件的话,第65536次调用会失败,应该是微软拼音没有处理好调用这个函数失败的情况,也没有删除临时文件的代码,就卡住了。