0xbadfca11

1. Add kernel32.lib to Ignore Specific Default Libraries.
   But don't remove kernel32.lib from Additional Dependencies.
2. Set Additional Dependencies to fileextd.lib;ntdll.lib;%(AdditionalDependencies).
   Order is important. fileextd.lib must come before kernel32.lib.
3. FileExtd.lib was not created with __declspec(dllimport) in mind. Need to take precautions against the _imp__ symbol.
   Do either.
   • #define WINBASEAPI before #include <windows.h>. Although this is easy, keep in mind that it affects the entire source file.

• Override __imp__SetFileInformationByHandle@16 using assembly.

0xbadfca11

TL;DR Don’t use GetImageConfigInformation.

GetImageConfigInformation bug

GetImageConfigInformation is hard coded that the Image Config Directory is 64 bytes.
It will not work in most environments.
Don’t use GetImageConfigInformation. This API is waste.

GetImageConfigInformation Implementation

0xbadfca11

EXPORTS
	WslLaunch

0xbadfca11

Summary

Windows Server 2016 ReFS driver crashes when trying to mount ReFS 3.4 that disguised ReFS 3.1.

Affect

• Windows Server 2016
  Tested with KB4483229 applied

Not affect

• Windows 10 v1809
• Windows Server 2019

How to crash

1. Boot from Install media of Windows 10 v1809.

0xbadfca11

char a = <...>;
2130466 >> a & 1;
とは

ネタ元

https://twitter.com/kumagi/status/1014953960237436928

必要前提知識

x86のシフト命令は下位5ビットしか見ない

The count operand can be an immediate value or the CL register. The count is masked to 5 bits (or 6 bits if in 64-bit mode and REX.W is used). The count range is limited to 0 to 31 (or 63 if 64-bit mode and REX.W is used).

0xbadfca11

TLDR IsWow64Process2()使え。

WowA64ではIsWow64Process()やGetNativeSystemInfo()を使うとx86版Windowsと誤認するようになっている。 バグではなく意図的な仕様と考えられる。（理由考察は省略）

しかしそれらのAPIで得られる値やIsWow64Process2()以外のAPIでも一部の挙動がx86版Windowsと違う。

			AMD64	x86	Arm64
IsWow64Process()	*Wow64Process		TRUE	0	0

0xbadfca11

begin 644 Flash Player eicar.docx 
M4$L#!!0`!@`(````(0`EQW`>Z@$``-\#```0``@!9&]C4')O<',O87!P+GAM
M;""B!`$HH``!````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````````````````````````)R32V[;
M,!"&]P5Z!X'[F';JO@R:0>&@R*)M#%A)UBPULHE2)$%.C+C+9-.#=-=#]#"^
M2(=2K,AI5]7JG^%P],V#XNRNL<468C+>S=ED-&8%..TKX]9S=E5^/'G'BH3*

0xbadfca11

#define WIN32_LEAN_AND_MEAN
#define _ATL_NO_AUTOMATIC_NAMESPACE
#include <windows.h>
#include <atlbase.h>
#include <winternl.h>
#include <cstdio>
#include <cstdlib>
#pragma comment(lib, "ntdll")

#ifndef FILE_CS_FLAG_CASE_SENSITIVE_DIR

0xbadfca11

#include <fenv.h>
#include <stdint.h>
#include <stdio.h>

extern "C" int64_t fto132proc(/* Passing by ST(0) */);

int main()
{
	double f = UINT32_MAX + 0.9;
	uint32_t h, l;

0xbadfca11

#define WIN32_LEAN_AND_MEAN
#define _ATL_NO_AUTOMATIC_NAMESPACE
#include <windows.h>
#include <atlbase.h>
#include <wslapi.h>

int main()
{
	if (auto WslLaunchInteractivePtr = AtlGetProcAddressFn(LoadLibraryExW(L"wslapi", nullptr, LOAD_LIBRARY_SEARCH_SYSTEM32), WslLaunchInteractive))
	{