0xbadfca11

Summary

FSCTL_QUERY_FILE_REGIONS stuck on sparse file on ReFS(v2) with 64KB cluster size.

Affect

• Windows Server 2025 (26100.3194)

Not affect

How to stuck

Do Format E: /FS:ReFS /A:64K /Q.
Run below code.

0xbadfca11

1. Add kernel32.lib to Ignore Specific Default Libraries.
   But don't remove kernel32.lib from Additional Dependencies.
2. Set Additional Dependencies to fileextd.lib;ntdll.lib;%(AdditionalDependencies).
   Order is important. fileextd.lib must come before kernel32.lib.
3. FileExtd.lib was not created with __declspec(dllimport) in mind. Need to take precautions against the _imp__ symbol.
   Do either.
   • #define WINBASEAPI before #include <windows.h>. Although this is easy, keep in mind that it affects the entire source file.

• Override __imp__SetFileInformationByHandle@16 using assembly.

0xbadfca11

Don't use GetImageConfigInformation.

GetImageConfigInformation bug

GetImageConfigInformation is hard coded that the Image Config Directory is 64 bytes.
It will not work in most environments.
Don't use GetImageConfigInformation. This API is waste.

0xbadfca11

Summary

Windows Server 2016 ReFS driver crashes when trying to mount ReFS 3.4 that disguised ReFS 3.1.

Affect

• Windows Server 2016
  Tested with KB4483229 applied

Not affect

• Windows 10 v1809
• Windows Server 2019

How to crash

1. Boot from Install media of Windows 10 v1809.

0xbadfca11

char a = <...>;
2130466 >> a & 1;
とは

ネタ元

https://twitter.com/kumagi/status/1014953960237436928

必要前提知識

x86のシフト命令は下位5ビットしか見ない

The count operand can be an immediate value or the CL register. The count is masked to 5 bits (or 6 bits if in 64-bit mode and REX.W is used). The count range is limited to 0 to 31 (or 63 if 64-bit mode and REX.W is used).

0xbadfca11

TLDR IsWow64Process2()使え。

WowA64ではIsWow64Process()やGetNativeSystemInfo()を使うとx86版Windowsと誤認するようになっている。 バグではなく意図的な仕様と考えられる。（理由考察は省略）

しかしそれらのAPIで得られる値やIsWow64Process2()以外のAPIでも一部の挙動がx86版Windowsと違う。

			AMD64	x86	Arm64
IsWow64Process()	*Wow64Process		TRUE	0	0

0xbadfca11

#define WIN32_LEAN_AND_MEAN
#define WIL_SUPPRESS_EXCEPTIONS
#include <windows.h>
#include <cstdio>
#include <cstdlib>
#include <wil/resource.h>

int wmain(int, PWSTR argv[])
{
	wil::unique_hfile d(CreateFileW(argv[1], FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE, nullptr, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, nullptr));

0xbadfca11

#include <fenv.h>
#include <stdint.h>
#include <stdio.h>

extern "C" int64_t fto132proc(/* Passing by ST(0) */);

int main()
{
	double f = UINT32_MAX + 0.9;
	uint32_t h, l;

0xbadfca11

Summary

Windows ReFS driver crashes when enabling integrity streams of large file.

Affect

• Windows Server 2012
• Windows Server 2012 R2
• Windows Server 2016 (with ReFS 1.2)
• Windows 10 v1703 (with ReFS 1.2)

Not affect

• Windows Server 2016 (with ReFS 3.1)

0xbadfca11

Summary

Windows exFAT driver crashes when making huge file.

Affect

• Windows XP with KB955704
• Windows Server 2003 with KB955704
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2