TONT 35853 当人们要将安全漏洞作为功能的时候:在资源管理器中隐藏文件


By default, Explorer does not show files that have the FILE_ATTRIBUTE_HIDDEN flag, since somebody went out of their way to hide those files from view.

通常情况下,资源管理器不会显示带有 FILE_ATTRIBUTE_HIDDEN 标签的文件,因为有人特意将这些文件在视图中隐藏了。

You can, of course, ask that such files be shown anyway by going to Folder Options and selecting “Show hidden files and folders”. This shows files and folders even if they are marked as FILE_ATTRIBUTE_HIDDEN.

当然,你也可以刻意要求将这些文件显示出来,方法是在『文件夹选项』中勾选『显示隐藏的文件和文件夹』。这样即便被标记了 FILE_ATTRIBUTE_HIDDEN 标签的文件和文件夹也会被显示出来。

On the other hand, files that are marked as both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM remain hidden from view. These are typically files that involved in the plumbing of the operating system, messing with which can cause various types of “excitement”. Files like the page file, folder configuration files, and the System Volume Information folder.

另一方面,同时具有 FILE_ATTRIBUTE_HIDDEN  和 FILE_ATTRIBUTE_SYSTEM 标签的文件在视图中仍然是隐藏的,这类文件通常是对系统来说至关重要的,对这些文件乱来会造成各种各样『激动人心』的事情,例如页面文件(译注:虚拟内存)、文件夹的配置文件、以及卷信息(System Volumn Information)文件夹。

If you want to see those files, too, then you can uncheck “Hide protected operating system files”.


Let’s look at how far this game of hide/show ping-pong has gone:


Show(显示) Hide(隐藏)
1. Normal file(普通文件)
2. Hidden file(带有隐藏属性的文件)
3. “Show hidden files”(『显示隐藏的文件(和文件夹)』)
4. Hidden + System(带有隐藏+系统属性的文件(和文件夹))
5. “Show protected
operating system files”(『显示受保护的系统文件』)

You’d think this would be the end of the hide/show arms race, but apparently some people want to add a sixth level and make something invisible to Explorer, overriding the five existing levels.


At some point this back-and-forth has to stop, and for now, it has stopped at level five. Adding just a sixth level would create a security hole, because it would allow a file to hide from the user. As a matter of security, a sufficiently-privileged user must always have a way of seeing what is there or at least know that there is something there that can’t be seen. Nothing can be undetectably invisible.


If you add a sixth level that lets a file hide from level five, then there must be a level seven that reveals it.


TONT 36053 程序向你抛出了一个问题,但如果作答的话就会爆炸


JeffDav’s story of a program that didn’t like it when he told it where to install reminded me of another program that we dealt with during Windows 95 development.

JeffDav 上那篇关于某个不喜欢被用户指定安装位置的程序的故事,让我想起我们在 Windows 95 开发过程中曾经面对的另一个程序。

This was a big-name program developed by one of the biggest-of-the-big name software companies. Let’s give this program the imaginary name “LitWare”. Its setup program asked you where you wanted the program to be installed, and it suggested “C:\LITWARE”. If you accepted the default, then everything proceeded normally.

那个程序是某个顶尖有名的大公司开发的某个大品牌,这里我们先给它起个虚构的名字,叫 LitWare。这个应用的安装程序会询问你要将其安装到哪个位置,并顺带建议安装到『C:\LITWARE』。如果你直接采纳这个默认值,那么一切都会很顺利。

However, if you changed the default to anything else, the setup program ran to completion, but the program itself wouldn’t run.


Because the program contained the hard-coded path “C:\LITWARE” and insisted that it find its support files in that directory.


At least Jeff’s program realized that it was about to be installed into a directory where it would fail to work!

至少 Jeff 提到的那个程序还晓得自己要被安装到会造成它没法工作的目录里去呢!


附:文章开头提到的 JeffDav 上的文章:《安装的麻烦》(Installation woes)


After successfully getting Windows XP SP2 installed on my laptop, I started installing other software.

在成功把 Windows XP SP2 安装到我笔记本上之后,我开始安装其它的程序。

This post has nothing to do with IE, but I need to vent.

这篇博文跟 IE 没什么关系,但我还是得发泄一下。

Nameless 3rd Party App: Where do you want to install me? How about c:\nameless?

某第三方应用:你要把我安装到什么地方?C:\nameless 这个路径怎么样?

Jeffdav: How about c:\program files\nameless?

Jeffdav:C:\Program Files\nameless 怎么样?

Nameless 3rd Party App: It is a bad idea to install me somewhere with spaces in the path. Continue anyway?


Jeffdav: No. Lame. At least it knows it is lame and told me while I still have a chance to do something about it.


Jeffdav: Okay, fine, c:\nameless.



Nameless Microsoft App: Installing…


Nameless Microsoft App: Installing… <30 minutes later>


Microsoft Windows: You have lost your connection to the wireless LAN! (I was walking to a meeting.)


Nameless Microsoft App: Internal Error 3452. [OK]


Microsoft Windows: You have reconnected to the wireless LAN!


Jeffdav: <clicks OK>


Nameless Microsoft App: Uninstalling…


Nameless Microsoft App: Thanks for playing. Please start from the beginning again.


Of course I did have success stories. Windows was easy to install off the slipstream CD. Putty, as always, was easy to install since setup for putty is simply xcopy.

当然我也成功安装过其它的程序。Windows 从整合好的光盘上安装很简单。Putty 则是一如既往的简单,毕竟只是一行 xcopy 的事。

The moral of this story, I guess, is that Setup is Hard.


TONT 36183 窗体不是便宜的对象



Although Windows is centered around, well, windows, a window itself is not a cheap object. What’s more, the tight memory constraints of systems of 1985 forced various design decisions.

尽管 Windows 是围绕着窗体(windows)设计的,不过窗体并不是便宜大把的对象。此外,1985年硬件配置中紧俏的内存限制催生了很多被迫的设计决定。

Let’s take for example the design of the list box control. In a modern design, you might design the list box control as accepting a list of child windows, each of which represents an entry in the list. A list box with 20,000 items would have 20,000 child windows.

以 Listbox 控件的设计为例。在如今的设计理念中,你可能会将其设计为包含一列子窗体的控件,每个子窗体代表列表中的一个条目。一个拥有20000项条目的 Listbox 就会有20000个子窗体。

That would have been completely laughable in 1985.


Recall that Windows was built around a 16-bit processor. Window handles were 16-bit values and internally were just near pointers into a 64K heap. A window object was 88 bytes (I counted), which means that you could squeeze in a maximum of 700 or so before you ran out of memory. What’s more, menus hung out in this same 64K heap, so the actual limit was much lower.

回忆一下,当时 Windows 是围绕16位处理器设计的。窗体句柄是一系列16位的值,在内部则表现为一个 64K 堆中相邻的指针。一个窗体对象要用掉88个字节(我数过了),这就意味着你最多能在内存里塞下700个窗体,再塞就要内存溢出了。另外,菜单也在同一个 64K 堆中,故而实际的上限可能会更低。

Even if the window manager internally used a heap larger than 64K (which Windows 95 did), 20,000 windows comes out to over 1.5MB. Since the 8086 had a maximum address space of 1MB, even if you devoted every single byte of memory to window objects, you’d still not have enough memory.

即便窗体管理器在内部使用的是一个大于 64K 的堆(Windows 95即是如此),20000个窗体也要消耗将近 1.5MB 的空间。由于 8086 处理器的地址空间上限是 1MB,就算你将内存的每一个字节都贡献给窗体对象使用,还是没有足够的内存可以用。

Furthermore, making each list box item a window means that every list box would be a variable-height list box, which carries with it the complexity of managing a container with variable-height items. This goes against two general principles of API design: (1) simple things should be simple, and (2) “pay-for-play”, that if you are doing the simple thing, you shouldn’t have to pay the cost of the complex thing.

除此之外,让每一个 Listbox 的项目都作为一个窗体,意味着每个 Listbox 都会是高度可变的,这就带来了管理包含着可变高度项目的容器的复杂性。如此的设计违背了 API 设计的两项基本原则:(1)简单的事物就应该简单,以及(2)『办多少事花多少钱』,也就是如果事情本身就很简单,便不应当为复杂的事情付出代价。

Filling a list box with actual windows also would have made the “virtual list box” design significantly trickier. With the current design, you can say, “There are a million items” without actually having to create them.

将一个 Listbox 填满事实意义上的窗体,也会将这个『虚拟 Listbox』的设计变得陡然复杂起来。按照其目前的设计,你可以声明『列表中有一百万项』,但不必实际去创建这么多项目。

(This is also why the window space is divided into “client” and “non-client” areas rather than making the non-client area consist of little child windows.)


To maintain compatibility with 16-bit Windows programs (which still run on Windows XP thanks to the WOW layer), there cannot be more than 65536 window handles in the system, because any more than that would prevent 16-bit programs from being able to talk meaningfully about windows. (Once you create your 65537’th window, there will be two windows with the same 16-bit handle value, thanks to the pigeonhole principle.)

为了维持与16位Windows应用程序的兼容性(鉴于WOW(译注:Windows-On-Windows,在新版Windows上为面向旧版系统设计的应用程序提供有限兼容性的兼容层,此处为32位系统兼容16位应用程序)层,这些程序在 Windows XP 上仍然可用),系统中的窗体句柄不能超过65536个,因为超过这个限制会阻止16位应用程序与系统对窗体进行有意义的沟通。(一旦创建了第65537个窗体,就会出现具有相同句柄值的两个窗体——感谢鸽巢原理(译注:又叫抽屉原理,指如果尝试将n+1个元素放进n个集合中,那么必然有一个集合中包含2个元素)的存在。)

(And yes, 16/32-bit interoperability is still important even today.)


With a limit of 65536 window handles, your directory with 100,000 files in it would be in serious trouble.


The cost of a window object has grown over time, as new features get added to the window manager. Today it’s even heftier than the svelte 88 bytes of yesteryear. It is to your advantage not to create more windows than necessary.


If your application design has you creating thousands of windows for sub-objects, you should consider moving to a windowless model, like Internet Explorer, Word, list boxes, treeview, listview, and even our scrollbar sample program. By going windowless, you shed the system overhead of a full window handle, with all the baggage that comes with it. Since window handles are visible to all processes, there is a lot of overhead associated with centrally managing the window list. If you go windowless, then the only program that can access your content is you. You don’t have to worry about marshalling, cross-process synchronization, Unicode/ANSI translation, external subclassing, hooks… And you can use a gigabyte of memory to keep track of your windowless data if that’s what you want, since your windowless controls don’t affect any other processes. The fact that window handles are accessible to other processes imposes a practical limit on how many of them can be created without impacting the system as a whole.

如果你的程序设计需要你创建成千上万个用于内部对象的窗体,你应当考虑迁移到无窗体的模型,就像 Internet Explorer、Word、Listbox、TreeView、ListView,甚至我们的滚动条示例程序那样。通过使用无窗体设计,你的程序向系统展示的就只有一个完整的窗体句柄,里面包含着所有大大小小的元素。由于窗体句柄是对所有进程可见的,对于集中管理的窗体列表来说负担是很重的。如果采用无窗体设计,那么唯一可以访问窗体中内容的就是你自己。你不必担心 Marshalling、跨进程同步、Unicode/ANSI 转换、外部子类、钩子…… 等等的麻烦事。另外如果你愿意,动用一个G的内存来跟踪你的无窗体模型下的内容也是刻意的,因为你的无窗体模型中的控件不会影响其它进程。由于窗体句柄对其他进程是可见的,也就对可以创建多少个窗体句柄而不会对系统整体产生重大影响这一事实施加了影响。

I believe that WinFX uses the “everything on the screen is an element” model. It is my understanding that they’ve built a windowless framework so you don’t have to. (I’m not sure about this, though, not being a WinFX person myself.)

我相信 WinFX 利用了『屏幕上的一切都是元素』这种模型,我的理解是他们构建了一个无窗体框架,以便你不用再从头造一遍轮子。(尽管对此我并不确定,毕竟我不是相关人士。)

TONT 36363 两则有关 Windows XP 的『Comments?』按钮的回忆


In beta versions of Windows XP, there was special code in the window manager to give every window a link in the upper right corner called “Comments?” which if clicked on displayed a dialog that allowed you to submit feedback to Microsoft about that window.

在 Windows XP 的beta 版本中,窗口管理器里有一段特别设计的代码,用来给每个窗口的右上角添加一个写作『Comments?』(有意见?)的链接,点击它会显示一个对话框,用于向微软提交关于那个窗口的反馈意见。

Since this was a beta release, there was no anonymity when you submitted feedback. (You signed away your anonymity when you agreed to the special beta license agreement and typed in your beta ID number.) Yet we got more than one feedback submission that begin, “Hi, I pirated this copy of Windows XP, and here’s some feedback.”

鉴于这是 beta 版,提交反馈时是没有什么匿名性可言的。(当你签署那张特别的 beta 授权协议并录入了你的 beta ID 时,你就已经让出让了你的匿名权。)不过我们还是收到了不止一份反馈,开头就是:『嗨,我这份 Windows XP 是盗版的,以下是我的反馈。』

In its initial incarnation, the word in the title bar was “Lame”, but people with a weaker sense of humor changed it to the less confrontational “Comments?”. The name “Lame” came from a recurring sketch on local comedy show Almost Live! called “The Lame List, or What’s Weak This Week (brought to you with the help of Seattle’s Heavy Metal community)”.


TONT 36483 为什么最小化的窗口具有形式上的160×31的尺寸?


We discussed a few months ago the issue of where windows minimized to before the taskbar was invented. In the modern taskbar world, why do minimized windows have an apparent size of 160×31?


The size isn’t just apparent. That’s really their size. You can see them, for example, if you fire up a program that uses the Multiple Document Interface.



Observe the appearance of the window “Book1”. This is a minimized window (though minimized to its MDI host rather than to the desktop). With the introduction of Windows Explorer, which put files on the desktop in the form of icons, it became necessary to change the appearance of minimized windows in order to avoid confusing a minimized program icon from a desktop icon. A minimized program, therefore, took the form of a miniature title bar.

观察这个叫『Book1』的窗口的外观。这是一个最小化的窗口(尽管是最小化到其MDI顶层窗口而不是桌面)。在引入了Windows资源管理器之后,桌面上允许以图标的形式放置文件了,修改最小化窗口的形式便变得有必要起来,以防人们将最小化的程序图标与文件图标相混淆(译注:Windows 95之前版本的Windows没有任务栏,最小化的程序会缩小为『桌面』上的一个图标,这里的桌面指的是『程序管理器』背后的整个屏幕空间,与Windows 95之后的『桌面』并不是同一个概念)。由此,最小化的程序使用了缩小的标题栏的形式。

The programming interface to minimized windows remained the same, for compatibility reasons. (And please let’s just agree to disagree on whether backwards compatibility is a good thing or not.) That’s why the function to tell whether a window is minimized continues to be called IsIconic, the message you receive when someone tries to restore a minimized program is still called WM_QUERYOPEN, and the OpenIcon function can still be used to “open” a minimized “icon”. All even though minimized windows haven’t looked like icons for nearly ten years.

面向最小化窗口的编程接口(与旧版Windows)保持了一致,这是出于兼容性的考虑。(至于向下兼容是一件好事还是坏事,请保持见仁见智的态度。)这就是为什么用来判断一个窗口是否最小化的方法名延续了 IsIconic 的称呼:当用户尝试复原最小化的程序时,程序获得信息仍然叫 WM_QUERYOPEN,而 OpenIcon 方法仍然可以用来『打开』一个最小化的『图标』,尽管保留了上述这些特性的同时,最小化的窗口已经跟图标的长相大相径庭将近十年了。

The OpenIcon function is just an old-fashioned way of saying ShowWindow(hwnd, SW_NORMAL), in the same way that the CloseWindow function (dating back to Windows 1.0) is an extremely old-fashioned way of saying ShowWindow(hwnd, SW_MINIMIZE).

OpenIcon 方法不过是 ShowWindow(hwnd, SW_NORMAL) 的一种旧式叫法,与此相同的还有 CloseWindow(可以追溯到 Windows 1.0)也只是 ShowWindow(hwnd, SW_MINIMIZE) 相对应的超级老的一种叫法而已。