popup - Windows 10 : naming programs main.exe cause them to show pop up -

-

on windows 10 when create program named main.exe or rename program main.exe, program show pop seen here :

some pop in notepad++ how wonderfull that?

there 2 different pop can shown :

-the game bar 1 (french , english version):

appuyer sur win + g pour ouvrir la barre jeu

press win + g open game bar

-the screenshot 1 :

appuyer sur win + alt +impr.écran pour prendre une capture d'écran

(in english: press win + alt + printscreen take screenshot)

i discovered problem while using python , cx_freeze,

i have tested on multiple programs, including (as seen above) renaming notepad++.exe main.exe, , each time, 1 of pop there,

we can note pop appears alternatively (one game pop up, 1 sreenshot pop up, 1 game pop up...)

i run windows10 via virtual box, described below, problem happend on physical machines.

any idea on how happend?

note : boltclock tested (on physical machine) , found that, on machine behavior happening "main.exe" while, on machine behavior happened whatever may uppercase/lowercase distribution of "main" (ie: works main.exe,main.exe or main.exe)

i've done digging on weekend , have found on 2000 special exe names trigger same behaviour, not main.exe.

explorer has component called broadcastdvr (located in twinui dll) which, upon process creation, compare executable properties against "store" of games , launch gamelauncher.exe if there match.

i've not managed pinpoint comparison done since it's hidden behind rpc call, pita reverse.

anyway, explorer.exe has handle on following file c:\users\your_username\appdata\local\microsoft\gamesdvr\knowngamelist.bin (there copy in c:\windows\broadcastdvr) list special executables triggers xbox recorder popup. can see main.exe entry here (entry #1007):

enter image description here

i've written 010 template file parse entry list , comes 2089 entries on computer. i've seen reversing binary file, there 3 types of entry:

  • the "simple" 1 there match on executable name. example : main.exe or ai.exe

  • the more complex 1 there match on executable name , path exe stored must contains strings. example : acu.exe must located in subfolder of assassin's creed unity.

  • some entries have additionals strings match, haven't found how trigger game dvr popup them.

nb : win32 subsystem case-insensitive makes sense executable name's case not matter.

here template (you can install 010 editor here, there evaluation period think) :

typedef struct  {    byte reserved[0x300]; }header;  typedef struct  {     word bytelen;     byte rawstring[bytelen];     //local string sname=readwstring(rawstring); } game_wstr <read=readgame>;  typedef struct {     dword reserved;     dword bytelen;     byte rawstring[bytelen] <fgcolor=cltred>; } option_str  <read=readoption>;  typedef struct  {    local int startaddr = ftell();    dword entrysize;     // executable game name    game_wstr gamename <fgcolor=cltblue>;     // optional magic    if (readushort() == 0xca54)         word optreserved;     // optional structs based on switch values    word additionalnamescount;    word switchoption2;     // additional names (probably hint).    local int =0;    (i = 0; <  additionalnamescount; i++){         option_str option;         if (readushort() == 0xca54)             word optreserved;    }     // magic    local int find20h = 0;    while(!find20h){         find20h = (0x20 == readbyte());         byte res;    }     game_wstr gameid;    word reserved;     // there additionnal name    // not. check current entry    // @ less entrysize declared.    if (ftell()-startaddr < entrysize)    {        switch (switchoption2)        {        case 3:             option_str option3;             break;        case 2:              option_str option2;        case 1:             break;        }     }  } entry <read=readgamename>;  string readoption(option_str &game) {     local wstring gamename = l"";     local int ;     (i= 0; 2*i < game.bytelen; i++){         wstrcat(gamename, game.rawstring[2*i]);     }     return wstringtostring(gamename); }  string readgame(game_wstr &game) {     local wstring gamename = l"";     local int ;     (i= 0; 2*i < game.bytelen; i++){         wstrcat(gamename, game.rawstring[2*i]);     }     return wstringtostring(gamename); }  string readgamename(entry &entry) {     local string gamename = readgame(entry.gamename);     local string optiongamename = "";     if (entry.additionalnamescount)         optiongamename = " : "+readoption(entry.option);      return gamename + optiongamename; }  //------------------------------------------ littleendian(); printf("parse knowngamelist.bin begin.\n"); header unkwownheader <bgcolor=cltgray>; while(1) {     entry entry <bgcolor=cltpurple>;     //printf("entry : %s -> %d.\n",readgamename(entry) ,entry.additionalnamescount); } printf("parse knowngamelist.bin end.\n");

if behavior annoy you, can globally disable setting showstartup registry key 0. located in hkey_current_user\software\microsoft\gamebar.

i haven't found how disable executable triggering it, might possible looking @ machine code in twinui.

security matter

we have situation can launch process changing name of executable. might dangerous.

the game launcher command line located in hkey_local_machine\software\microsoft\gameoverlay needs admin level write into, there not uac or integrity level bypass possible here.

(i did not found authorative link msdn, here answer confirming : what registry access can without administrator privleges?)


Comments

Post a Comment

Popular posts from this blog

Ansible - ERROR! the field 'hosts' is required but was not set -

-
i've error when launch playbook don't found why.... error! field 'hosts' required not set there main.yml : --- - hosts: hosts - vars: - elasticsearch_java_home: /usr/lib/jmv/jre-1.7.0 - elasticsearch_http_port: 8443 - tasks: - include: tasks/main.yml - handlers: - include: handlers/main.yml and /etc/ansible/hosts : [hosts] 10.23.108.182 10.23.108.183 10.23.108.184 10.23.108.185 when test ping, : [root@poste08-08-00 elasticsearch]# ansible hosts -m ping 10.23.108.183 | success => { "changed": false, "ping": "pong" } 10.23.108.182 | success => { "changed": false, "ping": "pong" } 10.23.108.185 | success => { "changed": false, "ping": "pong" } 10.23.108.184 | success => { "changed": false, "ping": "pong" } please, me :) regards, you have syntax error in playbook.
Read more

customize file_field button ruby on rails -

-
i'm trying rid of ugly button rails has default file upload. want add glyphicon <%= f.file_field :image_url, class:"glyphicon glyphicon-camera" %> this didn't work , have tried other things in different post saw on page, don't attach file. as suggested here bootstrap filestyle , can use bootstrap's filestyle style file upload buttons. step-1: add layout application.html.erb i have added bootstrap filestyle library cdn. should make sure have both jquery , boostrap loaded. <script type="text/javascript" src="https://cdn.jsdelivr.net/bootstrap.filestyle/1.1.0/js/bootstrap-filestyle.min.js"> </script> step-2: add corresponding js file: $(":file").filestyle({input: false}); step-3: image_url file field follows: <%= f.file_field :image_url,class: "filestyle", "data-input" => false %>
Read more

SoapUI on windows 10 - high DPI/4K scaling issue -

-
Image
soapui doesn't seem dpi-aware , displays small on high dpi screen (tiny text , buttons). other applications running fine (screen resolution 3840 x 2160). version : soapui 5.1.2 os : windows 10 i have tried: configure soapui run "disable display scaling on high dpi settings" - parts of soapui looking bigger , don't display (image) changing resolution changing font size (preferences > editor settings > select font...) therefore assume, soapui pretends dpi-aware, not scale itself. have same issue? this workaround until developers round making version dpi-aware. step 1: add registry key hkey_local_machine\software\microsoft\windows\currentversion\sidebyside\preferexternalmanifest (dword) 1 step 2: add manifest file 'soapui-5.2.1.exe.manifest' in same directory 'soapui-5.2.1.exe' content of manifest file: <?xml version="1.0" encoding="utf-8" standalone="yes"?> <assembly xml
Read more