Skip to content

Instantly share code, notes, and snippets.

View 0xbadfca11's full-sized avatar
💭
I'm currently depressed.

0xbadfca11

💭
I'm currently depressed.
36 followers · 0 following
View GitHub Profile
@0xbadfca11
0xbadfca11 / .md
Last active September 3, 2025 09:53
Windows ReFS bug

Summary

FSCTL_QUERY_FILE_REGIONS stuck on sparse file on ReFS(v2) with 64KB cluster size.

Affect

  • Windows Server 2025 (26100.3194)

Not affect

How to stuck

Do Format E: /FS:ReFS /A:64K /Q.
Run below code.

@0xbadfca11
0xbadfca11 / 0.md
Created March 19, 2024 11:12
Using FileExtd.lib with newer Windows SDK
  1. Add kernel32.lib to Ignore Specific Default Libraries.
    But don't remove kernel32.lib from Additional Dependencies.
  2. Set Additional Dependencies to fileextd.lib;ntdll.lib;%(AdditionalDependencies).
    Order is important. fileextd.lib must come before kernel32.lib.
  3. FileExtd.lib was not created with __declspec(dllimport) in mind. Need to take precautions against the _imp__ symbol.
    Do either.
    • #define WINBASEAPI before #include <windows.h>. Although this is easy, keep in mind that it affects the entire source file.
  • Override __imp__SetFileInformationByHandle@16 using assembly.
@0xbadfca11
0xbadfca11 / .md
Last active February 13, 2025 09:35
Don't use GetImageConfigInformation

Don't use GetImageConfigInformation.

GetImageConfigInformation bug

GetImageConfigInformation is hard coded that the Image Config Directory is 64 bytes.
It will not work in most environments.
Don't use GetImageConfigInformation. This API is waste.

@0xbadfca11
0xbadfca11 / .md
Created December 21, 2018 11:30
Windows ReFS bug

Summary

Windows Server 2016 ReFS driver crashes when trying to mount ReFS 3.4 that disguised ReFS 3.1.

Affect

  • Windows Server 2016
    Tested with KB4483229 applied

Not affect

  • Windows 10 v1809
  • Windows Server 2019

How to crash

  1. Boot from Install media of Windows 10 v1809.
@0xbadfca11
0xbadfca11 / 頭の体操.md
Created July 7, 2018 05:51
母音の判定

char a = <...>;
2130466 >> a & 1;
とは

ネタ元

https://twitter.com/kumagi/status/1014953960237436928

必要前提知識

x86のシフト命令は下位5ビットしか見ない

The count operand can be an immediate value or the CL register. The count is masked to 5 bits (or 6 bits if in 64-bit mode and REX.W is used). The count range is limited to 0 to 31 (or 63 if 64-bit mode and REX.W is used).

@0xbadfca11
0xbadfca11 / .md
Created June 10, 2018 12:19
IsWow64Process2() を使わずにWowA64を検出する

TLDR IsWow64Process2()使え。

WowA64ではIsWow64Process()GetNativeSystemInfo()を使うとx86版Windowsと誤認するようになっている。 バグではなく意図的な仕様と考えられる。(理由考察は省略)

しかしそれらのAPIで得られる値やIsWow64Process2()以外のAPIでも一部の挙動がx86版Windowsと違う。

AMD64 x86 Arm64
IsWow64Process() *Wow64Process TRUE 0 0
@0xbadfca11
0xbadfca11 / mark_directory_as_case_sensitive_sdk.cpp
Last active September 4, 2025 14:05
#include <windows.h>
#include <cstdio>
#include <cstdlib>
#include <wil/filesystem.h>
#include <wil/resource.h>
int wmain(int, PWSTR argv[])
{
const auto [d, e] = wil::try_open_file(argv[1], FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_FLAG_BACKUP_SEMANTICS);
if (!d)
@0xbadfca11
0xbadfca11 / .cpp
Last active June 20, 2022 09:13
_fto132proc bug
#include <fenv.h>
#include <stdint.h>
#include <stdio.h>
extern "C" int64_t fto132proc(/* Passing by ST(0) */);
int main()
{
double f = UINT32_MAX + 0.9;
uint32_t h, l;
@0xbadfca11
0xbadfca11 / .md
Last active August 22, 2020 09:27
Windows ReFS bug

Summary

Windows ReFS driver crashes when enabling integrity streams of large file.

Affect

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 (with ReFS 1.2)
  • Windows 10 v1703 (with ReFS 1.2)

Not affect

  • Windows Server 2016 (with ReFS 3.1)
@0xbadfca11
0xbadfca11 / .md
Last active June 13, 2017 08:04
Windows exFAT bug

Summary

Windows exFAT driver crashes when making huge file.

Affect

  • Windows XP with KB955704
  • Windows Server 2003 with KB955704
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2