This technique had already been used in many Microsoft programs for CP/M, i.e. for Intel 8080 or Zilog Z80 CPUs.
There were two reasons for the use of such jumps in the middle of instructions. One was to obfuscate the program for disassemblers, which were desynchronized with the instruction stream by such jumps. The other reason is that each such jump usually saved one byte of instruction code in comparison with conventional conditional program structures.
When the program size was still measured in kilobytes, saving even only one hundred bytes by this method was important.
The instruction into the middle of which a jump was performed was usually an instruction that loaded a 16-bit register with an immediate value that happened to be the encoding for some other instruction.
The value loaded into the register was not used. Therefore, when the instruction was entered through its start address, no operation was done, but when it was entered through a jump, some extra instruction was executed.
A typical use case would be at the beginning of a loop, which was entered after initializing a control variable, while whenever the loop was repeated later an extra instruction was executed (corresponding to the immediate value of the register load), to update the control variable. This saved one byte upon the standard loop implementation that uses an unconditional jump for entering the body of the loop in its middle, after the loop initialization.
There are exceptions though. Some sequences do encode biologically useful information with sequences which not only overlap but do so with the starting points differing by a number not divisible by 3: https://en.wikipedia.org/wiki/Reading_frame#Multiple_reading...
The opcode will of course perform whatever function it was normally intended for, but it will have been chosen by the programmer to be something that doesn't affect the state of the program in a meaningful way. So it really is just a shorter form of jump, not something beyond the understanding of mere humans - you could always replace it with a regular jump and get the same semantics.
CPUs at the time didn't have branch prediction. The 8086 did prefetch code, but always linearly, and even an unconditional jump would flush that prefetch queue. So having an instruction like "CMP AX,xxxx" (where xxxx=any 16 bit immediate value) would be both shorter and faster than the "proper" jump instruction, while affecting only the flag register.
And on the 8080, there was no short (8 bit relative) jump instruction, so this kind of trick even saved two bytes instead of just one.
Doesn't "jumping into the middle of the instruction" just mean that decoding from the middle is another instruction, then when decoding from the start of it?
E.g.:
IMUL -> 0x0FAF
SCASW -> 0xAF> There’s at least one such utility out there that properly enough validates if their patches would work, or blocklist specific Windows builds known to break from it completely. I wish the other very-obvious-from-your-article software would do so too.
and I can't help but agree.
If you're going to reach into the guts of another process and start flipping bits, it's only Correct to take responsibility for doing so carefully enough you don't blow the entire thing up.
(I have written code that replaced/wrapped other people's function pointers for various reasons (occasionally even -good- ones) and considered any problem caused by an upgrade of the code hosting my cuckoo chick to be my bug - and while it was occasionally bloody annoying, I did this to myself ;)
"Jon Ross, who wrote the original version of SimCity for Windows 3.x, told me that he accidentally left a bug in SimCity where he read memory that he had just freed. Yep. It worked fine on Windows 3.x, because the memory never went anywhere. Here’s the amazing part: On beta versions of Windows 95, SimCity wasn’t working in testing. Microsoft tracked down the bug and added specific code to Windows 95 that looks for SimCity. If it finds SimCity running, it runs the memory allocator in a special mode that doesn’t free memory right away. That’s the kind of obsession with backward compatibility that made people willing to upgrade to Windows 95."
https://www.joelonsoftware.com/2000/05/24/strategy-letter-ii...
Today patches are near constant so a "simcity.exe" might represent hundreds of different versions of the code. It's much harder to maintain exceptions since the list of cases is much larger. Even if your test harness is embarrassingly parallel your results are only as accurate as the latest version available to test.
None of that is impossible but there's additional non-zero costs involved in maintaining compatibility exceptions. At some point they tip over to not being worth the investment.
Jonathan Ross SimCity 2000 (1993) (IBM Programming) https://www.mobygames.com/developer/sheet/view/developerId,7...
Recently someone hacking away at DOS extender code stumbled on the same bug and fixed it independently.
https://www.vogons.org/viewtopic.php?p=1007153#p1007153
"New version 1.7 of DOS32AWE released, the download link is in the first message. Finally Sim City 2000 is supposed to be working flawlessly. The bug is in the game which sometimes overwrites unallocated RAM . A spare buffer is dedicated now which handles such buggy behavior. Could be useful in other games too."
Testing is the responsibility of the 3rd party (in addition to using supported methods). If the 3rd party was part of a preview release program, they could test changes before they are officially released.
Consider that it's money and time that MS spent to get into their position today. They built their empire on "back-compat is king", and betraying that principle gives far less reason for their customers to continue using their software instead of moving to alternatives.
Microsoft has been pushing telemetry for how long? I would think they would have a good idea of what to test so that p99 their software works for their customers.
But it depends on the severity of the security issue fixed. If it's a big deal, you push it and let telemetry dictate your future hotfixes. If it's not a big deal, you do your internal testing, then push it through external testing, and see what telemetry picks up (hey!)
> Just imagine testing every single solitary Windows application that exists, or has every existed, just to see if one of them crashes due to intentionally doing the wrong thing. What are they supposed to do, fix the 3rd party software? Delay fixing the security hole?
Microsoft made its business on "where do you want to go today?" Not "you're holding it wrong"
If windows and the 3rd party software worked before a windows update and doesn't after the windows update, that's Microsoft's problem because it reduces acceptance of updates. One way forward is to fingerprint the broken application and not do the update if it's active, another way is to prevent it from running after the update. Either of those allow unaffected users to get the update and get on with their life. Once the application is identified, Microsoft can work with them to update their software to do things right, and then figure out how to get users updated.
I've been a user of desktops where the OS developer clearly doesn't care about continuity for users, and Windows feels more and more like that. It's not pleasant, and if I can't be assured what works today will work tomorrow, that leads to delaying updates which is bad for business.
Microsoft taking into account this method of modding explorer in its testing would be like asking Apple's design team to take into account the one in a million iPhone user who sticks their phone up their butt. [0] I don't know what it says about Windows or its users that there must be more than one in a million people running this stuff, but still.
I've also made an explorer.exe in-memory patch to disable flashing taskbar buttons in Windows 10, it injected itself to WndProc and set the specific message to zero. In Windows 11 it's now a setting, so I don't need that anymore.
Now I'm investigating an explorer.exe patch for Windows 11 to speed up wallpaper animations. Which cannot be configured at the moment, there is only one setting to turn off all animations but no setting to speed up the wallpaper fade in animation.
Oh geez these are annoying! I've spent hours trying to find a setting to disable the flashing taskbar on the Teams client on my corporate issued Win10 laptop. The best I've found is to keep the Teams client minimized in tray just to avoid this behavior.
It boggles my mind there's no way to disable this feature that is so distracting it almost makes working impossible whenever I forget to kill the Teams client window. And really goes to show why people need to resort to these hacks.
But but... think of their support costs if people accidentally move the taskbar!
They have to remove your options or they'll starve!
All I could get out of the user was "half the screen is grey".
I quickly figured out it was probably the taskbar, and I tried asking if it was the top or bottom half, or left or right. "Half" was the reply...
After a lot of attempts and little progress, I made a breakthrough by asking in which corner the clock was. "Bottom left", aha! And with that I managed to guide the user to dragging the taskbar back and resizing it properly.
Granted this was back in Windows 98 where the taskbar wasn't locked, so was rather easy to do, it was probably their first PC and they were non-native so language barrier.
Sounds like the fade-in between images when you choose a folder with files to set one as wallpaper every 5/10/15 minutes
no sympathy. Chen seems a little irritated (as he should be) at the situation, but he's still missing (or purposely not stating) the real point. the correct response is alluded to by a couple folks in the comments section. i'll be more explicit:
- if microsoft was paying attention, it would simply add the functionality these 3rd party hacky extensions were adding, obviating the need for that extension at all. Like adding a setting for the flashing taskbar buttons you mentioned.
- failing that, simply allow some of those "internal" functions as a public extension points
the fact that a market for such egregious hacks implies significant demand for something.
gad, explorer and windows UI is such a dumpster fire. you don't even need to do any kind of fancy market research, just look at what the most popular extensions are doing to patch over deficiencies and them fix them!
You can see the code here: https://github.com/Ciantic/DisableFlashingTaskbarButtons/tre... (there was also C version but I changed it to AHK)
/s
Why is this allowed? This sounds like a small hell.
I left Windows the moment we shifted from "developers, developers, developers, developers" to "advertisers, advertisers, advertisers, advertisers" and never looked back.
Ubuntu is very pleasant to work with, nowadays.
See also: https://www.hyrumslaw.com/
Just look through the comments on this article to see people pointing out how Microsoft keeps removing options for how people can do this in less risky ways, or even ideas for how Microsoft can improve the safety of these extensions (which aren't all exactly right but I will note that if Microsoft embraced these more and provided an official loader--not one that limited the access but merely coordinated the installation--this is easily solved with the same kind of "safe mode" I designed for shell extensions on jailbroken iOS devices).
To quote one of the comments:
> Not just this article, but far too often when articles such as this are written, about widely used 3rd party tweaks, and the commenting strongly supports the tweak in question, but MS charges forward that “all these enthusiasts are wrong, we will continue our way” is telling of how far out of touch the Win dev team is away from its user base.
> They don’t use the shell extension mechanism to get into the process. They sneak in by nefarious means. Patching is not supported. There is no “correct” way of doing it. Just different levels of bad.
I assume the “nefarious” ways are similar to rootkits in that they exploit vulnerabilities to gain system access they’re not intended to have.
It’s also only really the reason they don’t care that the patcher breaks. The reason I assume they don’t add or retain these features is maintenance and support cost.
IMO if you're doing something that far into "don a rubber glove and root around inside somebody else's rectum" territory then the responsibility rests with the author of the crazy, not the authors of the program being fettled.
(and I'd note that I have written code that was very definitely in that territory, held myself to that standard, and having planned to do so from the start didn't find it overly onerous ... I do have a certain sympathy for people who didn't, though)
That being said, no one forces you to use Windows either - except maybe your employer or the software you are using, but this is getting less and less of a problem fortunately (web apps, Proton etc.).
Most people don't want to learn a whole new shell. They just want the Explorer shell to have the features that it has had since Windows 7. Features that Microsoft inexplicably chose to remove in Windows 11 and that they are only now belatedly adding back.
The fact this is possible is the clowniest thing! Why would a major system component allow "extensions" to run without a sandbox and modify its code?
When most of this code was written, sandboxes didn't exist. Existing security concepts were built around protecting users from hacking each other on a shared multi-user system. Of course a user is allowed to patch their own processes, how else are they going to debug them and why should we stop them from doing so?
Trying to prevent patching in userland code sounds like a nightmare.
Watching that I was just thinking NO NO NO - it worked fine for the last 25 years and there can be absolutely no reason why they had to destroy the taskbar now.
He deserves every headache he gets with these support requests.
Or to quote this comment of the linked article:
> There wouldn’t be as much of a need if the windows shell team was smarter [...] In fact I actively encourage, support, and celebrate efforts like this. Make their life hell and delay them. If they spend more time on investigating issues like this, they’ll have less time to f*k something else up.
Unfortunately, macOS has gone this direction as well and it’s settings have become inscrutable. Simple things like using drag and drop to reorder network interface priorities are luxuries of the past. It seems like those designing have never used them and never plan to.
This may have been fixed in recent versions where they finally added the ability to change the taskbar grouping in the settings, but I haven't felt the need to test it.
Also the new start menu is a pain in the ass as the quick launch area is just an alphabetic list of applications and/or documents with no ability to group them in any other way. In Windows 10 you can group related applications together and have quick access to "secondary" applications that you might want to use. (I pin "primary" applications to the taskbar and pretty much always have them running anyway). To get to all applications there's another click where as in Windows 10 you just start scrolling as they're just there (maybe that's an option I enabled but it works well).
Those are the two general gripes I have with the new taskbar and start menu in Windows 11. Maybe I'm used to my setup in Windows 10 but I didn't see anything wrong with the way things were from a design perspective. So the change seems kind of arbitrary just to make it look more like OSX rather than from any functional perspective.
One point that I think more technical folks should consider is if we are actively harming our desires to have a functional UI design by disabling telemetry. As that tells the people at Microsoft what features people actually use, and if they only get telemetry from non-power users then they're going to prioritise for them and remove "unused" features that us technical folks use all the time.
Besides from being used to it, it is also required for my work to have wide, labeled, ungrouped application buttons instead of icons that are oftentimes barely distinguishable.
To add a bit to this rant, here is a script that mostly solves the problem: https://github.com/CrypticButter/ButteryTaskbar
It isn't 100% reliable but it's good enough for me. Now I hope to find something that prevents Windows 11 from dimming my screen when on battery after a few seconds of inactivity. Pretty please?
Their corporate customers demand that your multi-use computer be turned into a nearly-dumb appliance with no configurability. It sucks for you, but you'll just have to suffer for the "greater good". Power users are not just an endangered species, but rather a dangerous enemy to be wiped out through any means necessary. They hate you, and you either need to be subjugated or forced to use an abacus.
The nice thing on Windows is that the UI can be uniformly manipulated that way.
Do you have a timestamp? I'd rather not watch a 2h long video, even at 2x speed.
00:30:35 Taskbar grouping https://www.youtube.com/watch?v=HDicLHBvQQM&t=1835s
Also, "crippled", "destroyed", quite some heavy words. 99.9% of users don't care.