C++ | words

What Exactly Are ATL’s BEGIN_COM_MAP, END_COM_MAP, and COM_INTERFACE_ENTRY Macros?

Posted on December 20, 2011 by Jeff Fitzsimons

There are many places where ATL’s COM_MAP macros are documented, but I haven’t seen it plainly stated what they actually mean.

Simply put, BEGIN_COM_MAP implements _InternalQueryInterface. COM_INTERFACE_ENTRY indicates that your class supports the specified interface. END_COM_MAP finishes the _InternalQueryInterface implementation.

Note: A QueryInterface implementation which calls this _InternalQueryInterface method must either be hand-coded, or supplied by CComObject, CComAggObject, etc.

For example:

class MyClass :
    public CComObjectRoot,
    public ISomeInterface
{
public:
    BEGIN_COM_MAP(MyClass)
        COM_INTERFACE_ENTRY(ISomeInterface)
    END_COM_MAP()
};

CComClass myInstance = new CComClass;

The COM_INTERFACE_ENTRY line indicates that MyClass implements ISomeInterface. If QueryInterface is called to requests an ISomeInterface pointer, the call will succeed. Without the COM_INTERFACE_ENTRY line, the QueryInterface call would fail.

Posted in C++, COM, Technology, Windows | Leave a comment

Alternate Data Streams (Metadata) on Files in NTFS

Posted on January 1, 2011 by Jeff Fitzsimons

Introduction

Alternate Data Streams (ADS) allow arbitrary metadata to be associated with files and directories on Windows NTFS. Alternate data streams are the Windows implementation of forks. The apparent size of the file will be unchanged, and most applications and users are unaware of their existence. If a file is moved, any alternate data stream will move along with it, as long as the destination is on an NTFS drive.

The command line can access alternate data streams using redirection operators. Streams are specified on the command line as filename:stream name.

Creating an Alternate Data Stream

As an example, a string is written into an ADS named hidden, which is associated with file test.txt:

C:\test>echo Hidden text > test.txt:hidden

The file appears to be empty, though as detailed below, the metadata is intact and associated with the file:

C:\test>dir test.txt

06/24/2010  01:33 PM                 0 test.txt

Viewing an Alternate Data Stream

The metadata can be viewed by redirecting from it to more:

C:\test>more < test.txt:hidden
Hidden text

The name and content of the ADS can be anything (see 'Details' below for restrictions):

C:\test>echo Arbitrary string > test.txt:arbitraryName

C:\test>more < test.txt:arbitraryName
Arbitrary string

Listing Files With Alternate Data Streams

On Windows Vista and later, a list of alternate data streams can be obtained using DIR /R:

C:\test>dir test.txt /R

06/24/2010  01:33 PM                 0 test.txt
                                    38 test.txt:arbitraryName:$DATA
                                    28 test.txt:hidden:$DATA

On earlier operating systems, the SysInternals utility Streams can be used:

C:\test>c:\tools\SysInternals\streams.exe test.txt

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\test\test.txt:
   :arbitraryName:$DATA 38
          :hidden:$DATA 28

Alternate Data Streams on Directories

Metadata can be added to directories the same way it's added to files:

C:\test>mkdir test2

C:\test>echo ADS on a directory > test2:someText

C:\test>dir /r

06/25/2010  11:27 PM    <DIR>          .
06/25/2010  11:27 PM    <DIR>          ..
06/25/2010  11:27 PM    <DIR>          test2
                                    42 test2:someText:$DATA

C:\test>more < test2:someText
ADS on a directory

Details

Stream Naming

To be more accurate, streams are specified as filename:stream name:stream type. It appears that the only stream type accessible from the command line is $DATA, which is why it's optional. All of the stream types are listed in the WIN32_STREAM_ID structure documentation. The default data stream is unnamed, so filename::$DATA will contain the file's data:

C:\test>echo This is the file > file.txt

C:\test>echo This is the stream > file.txt:stream

C:\test>more < file.txt::$DATA
This is the file

C:\test>more < file.txt:stream:$DATA
This is the stream

Stream names are generally held to the same requirements as any filename. One interesting difference is that stream names can contain characters whose integer representations are in the range from 1 through 31. Refer to Naming Files, Paths, and Namespaces (MSDN) for details.

Note that when using streams with files having a single letter name, the filename should be prefixed with a period and backslash. The reason for this is Windows drive names. For example, does "echo hello > c:test" refer to a stream named test on file c, or does it refer to a file test on drive c?

Executing Streams

As of Windows Vista, it is no longer possible to execute directly from an alternate data stream. On Windows XP and earlier, the Start command was used, similar to start somefile.ext:hiddenExecutable.

Editing with Notepad

Notepad can be used to create and edit alternate data streams. The File Open dialog doesn't recognize stream syntax, however, so the file must be created and opened using command line parameters. Notepad will insist on appending .txt to the stream name.

Programmatic Access

Microsoft provides a sample program in C++, demonstrating how to open and write to an alternate data stream.

Real-World Applications

Downloaded Executables

Since Windows XP SP2, when a file is downloaded from the Internet and executed (assuming a zone-aware browser), this warning is displayed:

Windows displays this warning because the web browser tagged the executable with a alternate data stream named Zone.Identifier:

C:\test>dir /r setup.exe

06/25/2010  12:10 PM           680,467 setup.exe
                                    26 setup.exe:Zone.Identifier:$DATA

By redirecting this stream to more, we can see its contents:

C:\test>more < setup.exe:Zone.Identifier
[ZoneTransfer]
ZoneId=3

The PowerShell blog has more information on zone identifiers.

Viruses

The W2K.Stream virus used alternate data streams.

Additional Resources

~~A Programmer's Perspective on NTFS 2000 Part 1: Stream and Hard Link~~ (MSDN, article removed)
~~A Programmer's Perspective on NTFS 2000 Part 2: Encryption, Sparseness, and Reparse Points~~ (MSDN, article removed)
File Streams (MSDN)
Visual browsing of alternative data-streams in Windows Explorer (CodeProject)
NTFS Alternate Data Streams (Alex Ionescu)

Posted in C++, Scripting, Technology, Windows | Leave a comment

Queue Implemented Using Stacks

Posted on February 9, 2009 by Jeff Fitzsimons

Here are two solutions for using stacks to emulate a queue. The first always keeps one or both stacks empty, shifts the set of values back and forth as the caller switches between enqueuing and dequeueing. The second maintains an input stack and an output stack. All enqueued data goes directly onto the input stack. When dequeue is called, if the output stack has anything on it, it takes the topmost value, otherwise it transfers the entire input stack into the output stack.

The latter implementation is more efficient — transfer between the two stacks occurs only when dequeue is called and the output stack is already empty — as well as more compact and readable.

Stack-Swapping Implementation

This version keeps one stack empty, and swaps all content between the two each time we switch between enqueue and dequeue operations.

#include <stdio.h>
#include <stack>

// This implementation uses two stacks.  It keeps one empty, and swaps content
// whenever we switch between eprforming enqueues and dequeues.
class FakeQueue
{
    std::stack<int> s1;
    std::stack<int> s2;

	// We need to keep track of the last operation (push vs. pop) so that we can
    // resorder our stack whenever we switch between enqueue and dequeue.
	typedef enum { PUSH = 0, POP } STACK_OPS;
	STACK_OPS last_op;

	void SwapStacks();

public:
	void enqueue(int i);
	bool dequeue(int &i);

	FakeQueue() : last_op(PUSH)
	{ /* empty constructor */ }
};

// SwapStacks swaps the stack between s1 and s2.
void FakeQueue::SwapStacks()
{
	if (s1.empty())
	{
		while (!s2.empty())
		{
			s1.push(s2.top());
			s2.pop();
   		}
	}
	else
	{
        while (!s1.empty())
        {
            s2.push(s1.top());
            s1.pop();
        }
    }
}

void FakeQueue::enqueue(int i)
{
	if (last_op == POP)
	{
		SwapStacks();
		last_op = PUSH;
	}

	if (s1.empty())
        s2.push(i);
	else
        s1.push(i);
}

// Retrieves the oldest item in the virtual queue.  If the queue is empty, sets i to
// -1 and returns false.  Otherwise, it returns true.
bool FakeQueue::dequeue(int &i)
{
    if (last_op == PUSH)
    {
        SwapStacks();
        last_op = POP;
    }

    if (!s1.empty())
    {
        i = s1.top();
        s1.pop();
        return true;
    }
    else if (!s2.empty())
    {
        i = s2.top();
        s2.pop();
        return true;
    }
    else
    {
        // Queue is empty.
        i = -1;
        return false;
    }
}

int main(int /*argc*/, char ** /*argv*/)
{
    FakeQueue queue;
    int i;

    // Perform a variety of queues and dequeues to show that the queue order is
    // always maintained.

    queue.enqueue(1);
    queue.enqueue(2); // contains { 1, 2 }

    queue.dequeue(i);
    printf("Dequeued %d\n", i);

    queue.enqueue(3);
    queue.enqueue(4); // contains { 2, 3, 4 }

    queue.dequeue(i);
    printf("Dequeued %d\n", i);

    queue.enqueue(5); // contains { 3, 4, 5 }

    while (queue.dequeue(i))
    {
        printf("Dequeued %d\n", i);
    }

    return 0;
}

Input-Output Stack Implementation

This version uses dedicated input and output stacks. All input goes on the input stack. When dequeue is called, if the output stack has anything on it, it takes the topmost value, otherwise it transfers the entire input stack into the output stack.


#include <stdio.h>
#include <stack>

// The second implementation uses dedicated input and output stacks.
class FakeQueue
{
    std::stack<int> in;
    std::stack<int> out;

public:
    void enqueue(int i);
    bool dequeue(int &i);
};

void FakeQueue::enqueue(int i)
{
    in.push(i);
}

bool FakeQueue::dequeue(int &i)
{
    // Abort if our queue is empty.
    if (in.empty() && out.empty())
    {
        i = -1;
        return false;
    }

    // If the "out" stack is empty, shift the contents of the "in" stack into
    // it...
    if (out.empty())
    {
        while (!in.empty())
        {
            out.push(in.top());
            in.pop();
        }
    }

    // Pop the return value from the "out" stack:
    i = out.top();
    out.pop();

    return true;
}

int main(int /*argc*/, char ** /*argv*/)
{
    FakeQueue queue;
    int i;

    // Perform a variety of queues and dequeues to show that the queue order is
    // always maintained.

    queue.enqueue(1);
    queue.enqueue(2); // contains { 1, 2 }

    queue.dequeue(i);
    printf("Dequeued %d\n", i);

    queue.enqueue(3);
    queue.enqueue(4); // contains { 2, 3, 4 }

    queue.dequeue(i);
    printf("Dequeued %d\n", i);

    queue.enqueue(5); // contains { 3, 4, 5 }

    while (queue.dequeue(i))
    {
        printf("Dequeued %d\n", i);
    }

    return 0;
}

Posted in Algorithms, C++ | Tagged interview question | Leave a comment