Within Windows

Get the latest Flash Player to see this player.

Back in May, I was invited out to the Microsoft campus to join Garrett Serack and a hand-selected crew of astronauts in the kick-start and development of CoApp. While we all have a fuzzy understanding of what CoApp is, it’s admittedly hard to explain to normal people. Thankfully, we don’t have to work at explaining anymore! We now we have an awesome video Garrett put together, using clean audio from his recent OSCON presentation. Warning: This isn’t your usual boring WinHEC video.

From time to time, Long Zheng asks me to augment MetroTwit with some obscure low-level Windows feature. Given that’s where I like to dwell, it’s a good fit for me. My latest task was to implement smarts into the MetroTwit header pane that picked up the user’s current Aero Glass color. DwmGetColorizationColor immediately popped into mind and I was done an hour later. Of course, things weren’t working very well…

According to MSDN, DwmGetColorizationColor returns a color “used for Desktop Window Manager glass composition” and a boolean that simply indicates whether or not transparency is involved. The notable keyword here is composition. In the simplest scenario, a user uses a non-transparent color. This value simply gets passed to your application and everything Just Works™. In the real world, however (where transparency is turned on), things get a little trickier. The transparency toggle dutifully instructs the Desktop Window Manager to do all kinds of glass-like math-heavy nerd stuff to the base color. In this scenario, the returned color value is less useful.

Figure – Example function output, with and without transparency enabled

So, it boils down to – DwmGetColorizationColor is completely unusable for applications attempting to apply the current color onto an opaque surface. To workaround this, you have two options:

1. Retrieve the safe stored ColorizationColor value located at HKEY_CURRENT_USER\Software\Microsoft\Windows\DWM
2. Use undocumented (but stable) dwmapi.dll function to retrieve these values for you

Both solutions suck, really. Microsoft could, at any time, rename these registry values, move the entire branch somewhere else, and/or change the ordinal numbers for their private API in dwmapi.dll. But, because I like to reverse engineer things, I elected to implement option 2. (I’m curious to hear your thoughts on this.)

Figure – Disassembled chunk DwmpGetColorizationParameters function

In opening up dwmapi.dll, IDA easily applied the private function names derived from the debugging symbols downloaded from Microsoft public debugging symbol server. One of the exported (by number, not name) undocumented functions was a _DwmpGetColorizationParameters (which I will call DwmGetColorizationParameters henceforth). The function was pretty small, it simply requested for and moved some information – seven values to be exact – into a structured block of memory you provide. I was able to quickly figure out what each value was by creating a dummy structure in .NET and looking at the values with my eyeballs; the values matched what was stored in the registry (see solution #1 above).

Translating that into C#, I came up with the following:

struct DWMCOLORIZATIONPARAMS
{
    public UInt32 ColorizationColor;
    public UInt32 ColorizationAfterglow;
    public UInt32 ColorizationColorBalance;
    public UInt32 ColorizationAfterglowBalance;
    public UInt32 ColorizationBlurBalance;
    public UInt32 ColorizationGlassReflectionIntensity;
    public UInt32 ColorizationOpaqueBlend;
}

[DllImport("dwmapi.dll", EntryPoint="#127")]
static extern void DwmGetColorizationParameters(ref DWMCOLORIZATIONPARAMS dp);

I wouldn’t (and didn’t) use the DllImport above in multi-platform production code. For applications that run on Windows XP, you’ll fail to bind to dwmapi.dll (because it doesn’t exist) and cause the Earth to tilt. Instead, you should import and make use of GetProcAddress, LoadLibrary, and Marshal.GetDelegateForFunctionPointer. Or just read the registry instead.

Look for Aero Glass colorization support in MetroTwit soon.

One of the more hush-hush changes to Windows Live Messenger Wave 4 is the tie in of Internet Explorer’s SmartScreen Filter technology. Basically, links you receive will be transformed in such a way that upon clicking them you’ll be pushed through a redirector controlled by Microsoft before reaching your end result… if Microsoft deems it safe. To be a little more specific, you’re sent to the ominous appearing http://rdir.us with some undocumented parameters tacked onto the end. A full URL may appear as such:

http://rdir.us/?l=http%3a%2f%2fyoutube.com&h=unknown_base64ed_value&p=number&u=sixteen_hex_digits

If it’s safe to proceed, this redirect shuffle takes only a second or two to complete. If things look a little bit fishy, Microsoft will throw up an interstitial page similar to Google and Facebook (below). I’m not sure what this page looks like when things are real bad, but I’m sure it involves varying shades of red and the acronym GTFO.

Figure: Windows Live making sure I don’t give my password to the Chinese.

While I can appreciate Windows Live’s efforts to reduce malware proliferation and increase overall safety of its users online, the following issues come to mind:

• My links are cataloged by some black box in the cloud, ready for hacker attack or spillage. (Think AT&T iPad fiasco.)
• Rather than use http://link.smartscreen.live.com as a basis for my link, http://rdir.us was used. Which looks safer to you?
• The warning page treats me like a dummy.
• The privacy policy didn’t appear until I landed on the interstitial page. What are the odds of people ever seeing this page? How about the odds of finding anything related to SmartScreen in that policy? (It was last updated May 2008.)
• I can’t turn the damn thing off.

What do you think? Would you leave this on or turn it off (if you had the chance)?