TONT 31753 为什么有两份『记事本』的程序文件?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060328-17/?p=31753

You may have noticed that there’s a copy of Notepad in %windir%\notepad.exe and another in %windir%\system32\notepad.exe.Why two?

可能你会注意到在 %windir%\notepad.exe 和 %windir%\system32\notepad.exe 分别各有一份记事本的程序文件,为什么会这样呢?

Compatibility, of course.

当然是为了兼容性了。

Windows 3.0 put Notepad in the Windows directory. Windows NT put it in the System32 directory. Notepad is perhaps the most commonly hardcoded program in Windows. many Setup programs use it to view the Readme file, and you can use your imagination to come up with other places where a program or batch file or printed instructions will hard-code the path to Notepad. In order to be compatible with programs designed for Windows 95, there needs to be a copy of Notepad in the Windows directory. And in order to be compatible with programs designed for Windows NT, there also needs to be a copy in the System32 directory.

Windows 3.0 在 Windows 目录下放置记事本,Windows NT 则放在 System32 目录下面。记事本大概是被硬编码到程序里最多的 Windows 组件之一了,很多安装程序都调用它来展示 Readme 文件,可想而知还有多少程序、批处理文件或印刷出来的操作说明里有硬编码的记事本的路径。为了保持与为 Windows 95 设计的应用程序的兼容性,在 Windows 目录下需要有一份记事本程序的副本,同样,为了保持与为 Windows NT 设计的程序的兼容性,System32 目录下也有一份。

And now that Notepad exists in both places, new programs have a choice of Notepads, and since there is no clear winner, half of them will choose the one in the Windows directory and half will choose the one in the System32 directory, thereby ensuring the continued existence of two copies of Notepad for years to come.

如今记事本在两个位置都有一席之地,新编写的程序就可以自由选择了。鉴于没有哪一份是明显的赢家,选择 Windows 目录下那份和选择 System32 目录下的那份的程序大概是一半一半的几率,由此保持两份副本共存的做法还要一直持续下去。

TONT 32453 为什么在NTFS分区和FAT分区上,回收站文件夹的名字不一样?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060131-00/?p=32453

译注:原文第一段比较长,为方便阅读,进行了手工拆分,今后再有的类似情况将不再另作备注。

On FAT drives, the directory that stores files in the Recycle Bin is called C:\RECYCLED, but on NTFS drives, its name is C:\RECYCLER. Why the name change?

在 FAT 格式的分区上,存储回收站文件的目录叫做 C:\RECYCLED,但在 NTFS 格式的分区上则叫 C:\RECYCLER。为什么会有这种变化呢?

The FAT and NTFS Recycle Bins have different internal structure because NTFS has this thing called “security” and FAT doesn’t. All recycled files on FAT drives are dumped into a single C:\RECYCLED directory, whereas recycled files on NTFS drives are separated based on the user’s SID into directories named C:\RECYCLER\S-…. (It has nothing to do with whether you are running English or Swedish Windows.)

FAT 分区和 NTFS 分区上的回收站的内部结构有所不同,因为 NTFS 文件系统有一种 FAT 文件系统所没有的功能,叫做『安全属性』。在 FAT 格式的分区上,所有删除的文件都被直接丢进了 C:\RECYCLED 目录里,而在 NTFS 分区上,回收站则按照用户的 SID 将删除的文件以 C:\RECYCLER\S-…. 的形式区别开来(这与你用的是英文版还是瑞典语版的 Windows 没有关系)。

Suppose the same directory name were used for both file systems, say, C:\RECYCLED. Since it is possible to upgrade a FAT drive to an NTFS drive with the CONVERT utility, this means that a FAT drive converted to NTFS would have a FAT-style Recycle Bin after the conversion. But since the names are the same, the Recycle Bin says, “Hey, look, here’s a C:\RECYCLED directory. That must be my NTFS Recycle Bin!” except that it isn’t. It’s a FAT Recycle Bin left over from the conversion. Giving the NTFS Recycle Bin a different name means that the Recycle Bin shell folder won’t get confused by the “wrong” type of recycle bin directory structure on an NTFS volume.

假设在两种格式的磁盘上,回收站文件夹的名字是相同的,都是 C:\RECYCLED。鉴于系统允许使用 CONVERT 工具将 FAT 格式的分区升级成为 NTFS 分区,这就意味着从 FAT 格式转换为 NTFS 格式的分区,在转换完成后就会有一个 FAT 格式的回收站(译注:上文所说的直接将文件丢进去,不按 SID 区隔的那种)。但由于(回收站的)名字是相同的,那么回收站功能便会认为,『嘿,看,这儿有个 C:\RECYCLED 目录,这肯定是我们 NTFS 格式的回收站没错!』,而事实上并非如此,它只是一个转换后遗留下来的 FAT 格式回收站而已。给 NTFS 格式回收站(目录)一个不同的名字,有助于令回收站功能不会在 NTFS 格式的卷上对『错误的』回收站目录结构产生疑惑。

Yes, the problem could have been solved some other way. For example, there could have been code to inspect the Recycle Bin directory to determine what format it is and ignore it if it didn’t match the actual file system. (Or, if you’re feeling really ambitious, somehow convert from one format to the other.) But that would be over-engineering. You have to write and test the detection (and possibly conversion) code, there’s the risk of a false-positive, the code runs at every boot, and it needs to be maintained whenever either the FAT or NTFS recycle bin format changes. All for a scenario that happens at most once per drive.

的确,这个问题也能通过其他方式解决。例如,回收站功能可以新增一段代码,来判断目录内的格式,并忽略与当前文件系统不相符的情况。(又或者真的很有雄心壮志的话,把不相符的格式转换为相符的也可以。)但是那样就成了过度开发的案例了。你得撰写相关的代码,对检测功能进行测试(可能还包括转换格式的功能),这其中存在判断错误的可能,这段代码会在每次系统启动时运行,并且每次 FAT 或 NTFS 文件系统的回收站格式发生变化时都要维护,而以上所有的麻烦,都只为了一个在每个磁盘上最多只会发生一次的事情。

Or you could change one text string and be done with it. (I could make some really awful “Gordian knot”/”string” remark here but will refrain.)

也可以选择就修改一个字符串(译注:RECYCLER 和 RECYELED 的区别)就搞定了。

TONT 32483 为什么有时损坏的二进制文件会令系统提示『程序太大,不能装入内存』?

原文链接:https://devblogs.microsoft.com/oldnewthing/20060130-00/?p=32483

译注:原文第一段比较长,为方便阅读,进行了手工拆分。

If you take a program and corrupt the header, or just take a large-ish file that isn’t a program at all and give it a “.exe” extension, then try to run it (Warning: Save your work first!), you will typically get the error “Program too big to fit in memory”. Why such a confusing error message? Why doesn’t it say “Corrupted program”?

随便找一个程序来,然后把它的文件头搞乱,或者干脆随便拿一个挺大的、不是应用程序的文件,并给它一个.exe的扩展名,然后尝试运行之(警告:先保存好你正在进行的工作!),通常你会得到一条错误信息:『程序太大,不能装入内存』。为什么是这么令人费解的一条错误信息呢?为什么不说是『程序已损坏』呢?

Because the program isn’t actually corrupted. Sort of.

因为从某种意义上讲,这个程序实际上并没有损坏。

A Win32 executable file begins with a so-called “MZ” header, followed by a so-called “PE” header. If the “PE” header cannot be found, then the loader attempts to load the program as a Win16 executable file, which consists of an “MZ” header followed by an “NE” header. If neither a “PE” nor an “NE” header can be found after the “MZ” header, then the loader attempts to load the program as an MS-DOS relocatable executable. If not even an “MZ” header can be found, then the loader attempt to load the program as an MS-DOS non-relocatable executable (aka “COM format” since this is the format of CP/M .COM files). In pictures:

一个 Win32 可执行文件的开头包含所谓的『MZ』文件头,紧跟着是所谓的『PE』头。如果找不到PE头,那么加载器就会尝试将程序按照 Win16 可执行文件进行读取,而 Win16 的文件头便是MZ后面跟一个NE。如果在MZ头之后既没有找到PE头,也没有找到NE头,那么加载器会尝试将程序按照MS-DOS可重定位可执行文件进行加载。如果连MZ头都没找到,那么加载器就会将其按照MS-DOS不可重定位可执行文件(也叫做COM格式,因为这是CP/M的.COM文件的格式)进行加载。总的来说就是:

MZ PE Win32
NE Win16
其它情况 MS-DOS 可重定位可执行文件
其它情况 MS-DOS 不可重定位可执行文件

Observe that no matter what path you take through the chart, you will always end up at something. There is no exit path that says “Corrupted program”. But where does “Program too big to fit in memory” come from?

很明显,根据上面表格中列出的情况,不管走哪条路最后都会到达某个终点,并且并没有哪个终点是显示『程序已损坏』这条消息的选项。话说回来,『程序太大,无法载入内存』又是怎么回事呢?

If the program header is corrupted, then various fields in the header such as those which specify the amount of memory required by the program will typically be nonsensical values. The loader sees an MS-DOS relocatable program that requires 800KB of conventional memory, and that’s where “Out of memory” comes from. An MS-DOS non-relocatable program contains no such information about memory requirements. The rule for loading non-relocatable programs is simply to load the program into a single 64KB chunk of memory and set it on its way. Therefore, a program with no “MZ” header but which is larger than 64KB in size won’t fit in the single 64KB chunk and consequently results in an “Out of memory” error.

如果某个程序的文件头损坏了,那么在文件头中的一些字段——例如指定程序所需内存数量的值通常会是一些毫无意义的数值。加载器会将其视为一个请求800KB常规内存的 MS-DOS 可重定位应用程序(译注:常规内存上限为640KB),而这就是『内存不足』消息的来源。MS-DOS 不可重定位应用程序是不包含类似所需内存数量之类的信息的,加载这类程序的路子,就是将其装入单独一段64KB内存并运行它。因此,一个没有MZ头、但是尺寸又比64KB大的程序自然无法装入64KB的内存段,由此引发了『内存不足』的错误。

And since people are certain to ask:

顺便一提吧,反正肯定会有人问:

“MZ” = the legendary Mark Zbikowski.

MZ:传奇人物 Mark Zbikowski 的缩写(译注:微软公司的元老级开发者)

“NE” = “New Executable”, back when Windows was “new”.

NE:新式可执行程序(New Executable)的缩写,那时候 Windows 还蛮『新』的。

“PE” = “Portable Executable”, because one of Windows NT’s claims to fame was its portability to architectures other than the x86.

PE:便携式可执行程序(Portable Executable)的缩写,因为 Windows NT 出名的原因之一就是其可以在 x86 平台之外的可移植性。

“LE” = “Linear Executable”, used by OS/2 and by Windows 95 device drivers.

LE:线性可执行程序(Linear Executable),由 OS/2 和 Windows 95 的驱动程序所使用。

TONT 32683 当网站依赖安全漏洞的时候

原文链接:https://devblogs.microsoft.com/oldnewthing/20060112-15/?p=32683

译注:原文第一段超级长,为方便阅读,进行了手工拆分。

Perhaps the biggest risk when making a change in the name of security is all the things that may have been relying on the previously-lax security settings. After all, disabling an insecure feature is easy. The hard part is disabling it while retaining compatibility with people who were relying on that feature.

可能以安全之名做出改变的最大风险,就是那些依赖从前并不那么严格的安全设置的东西。毕竟,关闭一项不安全的功能并不困难,困难的是在关闭它的同时,还能保持与依赖这些功能的人的兼容性。

In the security investigations I’ve been involved with, perhaps the largest chunk of my time is spent trying to find a way to mitigate the security hole without breaking existing customers. (And it’s the Line of Business scenario that is the biggest question mark.)

在我所参与过的安全审查工作中,可能花费时间最多的就是找到一条门路来减缓某个安全漏洞的影响,而不至于破坏既有客户的体验。(并且也是商业用户这条线上的问题最大)

Here’s a real-life example: Consider a sports web site which sells a service to subscribers wherein the site creates a pop-up window whenever a game’s score has changed or some other significant event has occurred. That way, you can leave your browser minimized and go about your day, but when something happens in the game, it will pop up an alert. The round of security changes in Windows XP SP2 broke this site because the rules on positioning of pop-up windows were tightened so that pop-up windows could not appear outside the browser itself. This prevents pop-up windows from being used to cover important browser elements (such as the status bar, the address bar, or a security dialog) and makes it harder for pop-ups to masquerade as system dialogs. But it also broke this company’s business model. And of course, if Microsoft does something that cause you to lose money, you sue. There were probably corporations that had internal web sites that relied on the ability to position pop-ups without restriction. Those corporations no doubt also complained about this change in the name of security.

来举一个现实的例子:假设有一个体育网站向客户销售一种服务,这种服务会在某场比赛的比分发生改变、或有重大事项发生时弹出一个窗口,如此你便可以将浏览器窗口最小化去做别的事,而当比赛出现变化时便会弹出提示。Windows XP SP2的一轮安全更新破坏了这一机制,因为弹出窗口的规则收紧了,现在弹出窗口不能在上级窗口范围之外弹出了。这一改变是用来放置窗口遮蔽浏览器的重要元素(如状态栏、地址栏,或某个安全对话框)的,也让弹出窗口冒充系统对话框的几率大减。然而这项措施也破坏了这家(体育网站)公司的商业模型。理所当然的是,如果微软公司的所作所为让你蒙受了经济损失,你当然会选择起诉。同样的,也有一些企业的内部网站依赖旧有的设计,来将弹出窗口不受限制地进行定位,这些企业也无一例外地抱怨这项以安全之名做出的改变。

As with most security changes that have compatibility consequences, a “safety valve” was added to return to the old insecure behavior for those customers who were relying on it. In this case, you can put the affected sites in the Trusted Sites zone and enable the “Allow script-initiated windows without size or position constraints” setting. But this is just a stop-gap, re-opening the security hole to let this site continue to operate the way it does. The real fix is not to rely on the security hole.

就像多数包含兼容性后遗症的安全更新一样,开发者增加了一道『安全阀』来方便那些仍然依赖旧有的、不安全的行为的客户。在这种情况下,你可以将受影响的网站放进『信任的站点』列表中,并启用『允许脚本启动的窗口不受大小或位置限制』的选项。不过,这只是一道权宜之计,等于将安全漏洞重新打开来,让那些网站可以继续按照旧有的方式运作。真正的修复方式,是不再依赖这些安全漏洞。

TONT 32693 『诱饵』视觉样式

原文链接:https://devblogs.microsoft.com/oldnewthing/20060111-09/?p=32693

During the development of Windows XP, the visual design team were very cloak-and-dagger about what the final visual look was going to be. They had done a lot of research and put a lot of work into their designs and wanted to make sure that they made a big splash at the E3 conference when Luna was unveiled. Nobody outside the visual styles team, not even me, knew what Luna was going to look like. On the other hand, the programmers who were setting up the infrastructure for visual styles needed to have something to test their code against. And something had to go out in the betas.

在 Windows XP 的开发过程中,视觉设计团队对系统最终的外观讳莫如深。团队进行了大量的研究,对设计投入了很大的精力,意在确保Luna主题在E3展会上揭晓时可以大放异彩。团队之外,没有任何人——即便是我对Luna会长什么样有所认知。另一方面,为视觉样式功能编写基础代码的工程师们,则需要一些可以用来测试他们代码的东西,而 Beta 版也总得放点什么进去。

The visual styles team came up with two styles. In secret, they worked on Luna. In public, they worked on a “decoy” visual style called “Mallard”. (For non-English speakers: A mallard is a type of duck commonly used as the model for decoys.) The ruse was so successful that people were busy copying the decoy and porting it to their own systems. (So much for copyright protection.)

视觉样式团队做了两个样式出来。在台面下,他们继续为Luna样式努力着,而面对公众时,他们做了一个『诱饵』视觉样式,名为『Mallard』(绿头鸭)。(致非英语用户:绿头鸭是一种常被用于诱饵模型的鸭子。)这一诡计实在是很成功,以至于人们都忙不迭地赶去复制这个诱饵主题、将其移植到他们的系统里去了。(版权保护什么的就算了吧。)