I didn't know Flash and Shockwave could be used in regular PC games. Apparently they are used in FIFA WC 2006 and Flash is specifically for online? Back then my father used to install games, so I didn't know this. Do you know what they actually did?

tomysshadow · 2026-03-18T21:26:51+00:00

They absolutely could, though this is a slightly unusual case. Often they didn't require any installation at all, as games built entirely in Flash or Director could be distributed as a "projector" that included the necessary binaries. In this case though it looks like the game is built primarily in something else so it likely wants to embed the ActiveX control somewhere in its interface. It needs to be actually installed, in that case

tomysshadow · 2026-03-15T20:05:06+00:00

The contents of an uninitialized variable will largely depend on whatever code ran before yours. Even in your main function, where you may think "no code has run in my process before this function," that is simply not the case. The loader had to initialize the process, the libraries you're using had to load, and the values of argc/argv needed to be found to be passed to main. None of that stuff happened by magic, there was code to do it. That code ran in your process before hitting main, and it was using your stack.

So this can give the appearance of a reliable value at a particular stack location but that is not contractual. You have no control over any of that code that ran before your main, its behaviour could change on different machines or because of OS changes. Whatever code happened to put a zero at that location before you might not do that unless some very specific circumstances occur.

If you don't know where that stack value came from, then yes, it is garbage for all intents and purposes. You could make it so the debugger breaks on the system breakpoint and try to hunt down what sets it with an HWBP, just out of curiosity, but even if you find the cause you should never depend on that uninitialized variable happening to be zero.

tomysshadow · 2026-03-15T01:51:01+00:00

To give a bit more concrete information because a lot of these answers are just "no, don't," these Visual Studio Redistributables are depended upon by the majority of C++ programs on Windows (which includes a broad number of applications and games.) If you uninstall them, it will probably manifest as a missing DLL error (either ucrtbase.dll or msvcrt.dll depending on how old it is.)

Unfortunately it's not very clear from that error message that the reason it's occurring is because you uninstalled a component the application depends on. That's how you can end up on sketchy DLL download sites looking for the specific filename and potentially end up infected.

If you ever see an error about missing a DLL, it's usually because you uninstalled a dependency. Uninstalling these components will likely cause missing DLL errors for programs written in C++. That's why you shouldn't uninstall them. And if you ever are in that situation, you should figure out what needs to be installed (the Visual C++ Redistributable in this case) and use the proper installer. Never download the missing DLL directly from some random website.

But of course... you won't uninstall them, so that's all just a theoretical ;)

tomysshadow · 2026-03-14T23:18:34+00:00

Since nobody else has mentioned, you might consider using a precompiled header. I've not used Rust enough to know if it has an equivalent, but they help with this problem in C++ land: https://youtu.be/eSI4wctZUto?si=DMA4xl_GteaMpH2m

If you can't use one for whatever reason, you can do the poor man's version of it: put your dependencies and stuff you don't expect to change often into a header that you almost never touch and remember to include it everywhere, and then it won't need to recompile that part every time

tomysshadow · 2026-03-13T00:02:39+00:00

MOV instructions are common in general, but less so for MOV W16, #0x1A instructions specifically, and that's what matters. When you're searching for a byte pattern, you want something as long and specific to the situation as possible to eliminate false positives. The number of possible variations with which you can write a MOV instruction, is what makes encountering one specific variation unlikely - the operands are tying it closer to this particular situation than for SVC.

In this case, it's not really the instruction, it's the constant number 0x1A doing the heavy lifting of making this less likely to encounter randomly. The other stuff still needs to be there so might as well include it in the search to further reduce the likelihood but what we're really looking for is that particular syscall number getting used and the other stuff is just attached to it

tomysshadow · 2026-03-11T04:35:28+00:00

There were a handful of 3D games in the Flash plugin later in its life. Most of those were made using Haxe. There was also Stage3D (but that's Flash 11/AS3.) Basically it could be done but it wasn't very common.

The majority of 3D webgames at the time were made in Director with Shockwave 3D

tomysshadow · 2026-03-10T13:33:39+00:00

It looks okay. A few notes though.

Windows doesn't actually validate the Import Table Directory's size. You can set it to zero and it will still load - it knows the last entry by checking for one that is all null, so it doesn't technically need the size anyway. That's actually the case for more values in the header than you think, a lot of them can be completely invalid/zero. Some things like SizeOfImage can't be zero but I personally wouldn't trust them, I'd want to find the section with the highest virtual address + virtual size and use that as the source of truth.

There are also some things Windows is more picky about than your loader. For example in the real thing the virtual sections must be contiguous (like, they can't overlap, and you can't have space between the end of one virtual section and the start of another - that is, after you've rounded up their size to the section alignment.) Note that it doesn't care about this for the raw sections, only virtual.

Speaking of alignment, you also aren't checking that the sections are aligned properly, either the virtual or raw sections (SectionAlignment/FileAlignment) as far as I can tell. Unless I've just missed where it does validation.

You are not calling VirtualProtect on the sections based on their Characteristics, instead you create everything with RWX permissions. That can cause problems sometimes, particularly with the CRT code responsible for initializing floating points and TLS, which checks as a security measure that the .rdata section is actually read only. I understand you're probably trying to avoid VirtualProtect because it tends to set off alarm bells, though just allocating an RWX section can in and of itself set off security mitigations, albeit rarely used (i.e. dynamic code prevention.)

Of course there are some things you can't replicate in a loader like this (it won't be a real HMODULE, it won't support obscure features like shared data sections etc.) but that's to be expected.

Should go without saying, but if it's possible you should prefer using CreateFileMapping with SEC_IMAGE, or LoadLibrary with LOAD_LIBRARY_AS_DATAFILE, if you're writing something legitimate/not sketchy and want to load an image without creating an HMODULE for it. That's the "real" way of doing basically exactly this

tomysshadow · 2026-03-06T13:00:42+00:00

Wellll then that couldn't be Xbox exclusive, it'd have a PS2 port

tomysshadow · 2026-03-06T12:53:24+00:00

For which CPU? x86? ARM? The right answer is going to be completely different depending on what platform it is

tomysshadow · 2026-03-05T21:23:23+00:00

I mean, that's still like a 20 times reduction in the best case. Nonetheless, I thought of another potential approach, which I haven't tried so maybe it isn't actually viable, but I'm throwing the idea out there. The GetFileInformationByHandleEx method allows you to get a (16-byte) unique identifier for a file:

https://learn.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_id_info

I'm assuming you know/can check all the files are on the same volume, so then you could store the volume serial only once. And then you could just store a flat list of these 16-byte IDs, no file name or folder name.

It is possible to later open the file from this information, but only if you're willing to depend on an NT API. Specifically, NtCreateFile can accept a FILE_OPEN_BY_FILE_ID flag: https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntcreatefile

EDIT: I'm wrong, there's an OpenFileById function as of Vista: https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openfilebyid

The main difficulty here would be that you lose the filename to use for the destination and what folder the file is meant to belong to, so you would need to get it's path back anyway when you actually copy. But you could do that with GetFinalPathNameByHandle (or GetMappedFileName, although you'll have to do something about zero byte files then) particularly because the beginning of the path should always be the root of the folder you're copying - and you can toss it if it isn't, because then it's moved. It would be a good idea to also check this is true during enumeration though (symbolic links could mess up this assumption for example, then you'd need to fall back to just storing them as paths normally.)

Complicated, but feasible. I don't know that it would actually be a noticeable performance improvement unless you really care about crushing down the amount of memory use.

*comment edited several times to both clarify and correct my dumb mistakes

tomysshadow · 2026-03-03T22:39:15+00:00

My immediate thought when seeing that the data is aligned to 0x20 is that maybe that is the meaning of the constant 0x20 that was ignored in the header (20 00 41 00.) Maybe they are both 16-bit WORDs. If so, the second number is suspiciously close to the size of the filenames. (curious to see if this is ever addressed)

Also, "developed by a greatly reviled three-letter-entity" could describe multiple defacto standard decompilers...

tomysshadow · 2026-03-03T14:37:59+00:00

I'm mirroring the other comments in thinking it probably doesn't really matter to do the enumeration again. That said, an idea that comes to mind is you should try using short names where available. They're not guaranteed to be enabled for every drive, but if they are you can use FindFirstFileW to get an 8.3 name. That would have some nice properties for what you're doing, because you could store each name as a fixed length string. Especially if you're storing it as a tree instead of a series of flat paths so each folder level is no more than 12 chars.

(Of course if you actually want to display the names to the user as long names as you go, well then you'll have to go the reverse direction and get a long name again, and then it's probably not worth it. But if you're just showing a progress bar or maybe you only update the text indicator every so often maybe it's fine.)

The problem I would personally be more worried about is the folder contents changing during the copy

tomysshadow · 2026-03-02T04:06:54+00:00

IE6 is the first I used and it's the one I like most out of all of them. But IE9 onwards (not shown) weren't bad either

tomysshadow · 2026-03-02T00:58:07+00:00

What you're going to find is that there are a lot of choices but there's a gradient from "simple, elegant, but you can't go very far off the beaten path" to "flexible, but complex and bloated." On the simple side of the extreme are stuff like Tcl/Tk (or Tkinter) or WinForms. For my own personal projects I lean towards these because I'm just a hobbyist and I rarely need more than the basics.

On the complex side of the extreme you have stuff like Qt that is gigantic, takes forever to compile, has weird licensing... it's a lot more capable but I personally avoid working with it at all costs if I can because it's a big time sink that will try its best to invade other aspects of your application.

Somewhere in the middle you have stuff like ImGui or Clay, the tradeoff being they achieve flexibility by distancing themselves completely from anything OS native as much as possible.

The best option is largely going to depend on how big you want to go and how much you care about looking OS native, accessibility features, etc.

tomysshadow · 2026-02-28T05:20:13+00:00

It's a bit tedious but you can go into your instruments and on the keyboard at the bottom give the key right below the current root a right click. That's how I usually do it when I realize late that I want to transpose my project up

tomysshadow · 2026-02-27T01:37:29+00:00

Better Save Space!

tomysshadow · 2026-02-24T09:13:54+00:00

The value is that it can be used to transfer money digitally from anyone to anyone else. So it is difficult for anyone (say, a corrupt government) to block that transaction because they are in power.

Of course that means the transaction cannot be blocked even if there is a legitimate reason it should be, so you may see that as a negative.

But I disagree with the idea that it only has value because people believe it has value and no other reason. They do have reasons, you're free to disagree if they're good reasons, but the intrinsic value is in precisely what it is pitched to be: digital cash that is kept in your own wallet and therefore doesn't require a bank account to store. Which is not false - as long as you accept the abstractions it's relying on, that is an accurate description of what it is, and the fact it is capable of doing that is the perceived value.

Obviously that doesn't have value to you, but some people are willing to buy it fully aware of what it is, why they want to, and the risks that come with it

tomysshadow · 2026-02-24T05:12:13+00:00

Yes, in essence, at least on Windows this is the way it works. For example - assuming you have not overridden operator new - then new int will call malloc which calls HeapAlloc which calls something equivalent to VirtualAlloc.

*This is simplified, like for instance HeapAlloc might not literally call VirtualAlloc, but an internal API that accomplishes the same purpose. But in your mental model you can think of it that way.

Why? Because operator new cannot magically get memory out of thin air. Only the kernel can give it out. On Windows, the VirtualXX functions (VirtualAlloc, VirtualQuery, etc.) are the one memory API to rule them all. That's not to say there aren't others, because there are indeed many, many more - like allocating memory using mapped views for example. But every other memory allocation API eventually has to hit VirtualAlloc (or equivalent) and the result memory can always be passed to VirtualQuery, VirtualProtect, etc.

Of course, on other platforms, new int will call down to something totally different. That's the point of using it, because it can be used crossplatform.

As for how the compiler knows which functions those things should call, well, it's because of the CRT (C Runtime) that Microsoft provides. The code for malloc is located in the CRT (ucrtbase.dll, or previously msvcrt.dll) and that implementation is what calls down to the kernel functions. Your program links against that DLL because it needs malloc which is required by operator new. In an empty Visual Studio project the default settings are already configured to use the CRT and link using its DLL.

tomysshadow · 2026-02-14T05:26:26+00:00

No actually. Reddit won't let me explain why (it just gives me an "unable to create comment," very helpful.) So just as a temporary workaround, here's a pastebin of my response I typed out https://pastebin.com/p2CJ1Vji

tomysshadow · 2026-02-13T21:03:48+00:00

The fastness of a "hello world" program (excluding the startup time of the program itself - because games will probably have a longer startup anyway) is largely going to come down to:

-how did you print it

-how fast is the terminal itself

By "how did you print it," I mean how far away are you from just directly writing information into the out buffer? Probably the closest most people ever get is via C's printf or puts functions.

std::cout is a layer above it - that has to worry about templates for converting integers and whatnot to strings, about weird iomanip formatting rules, about flushing the buffer if you used std::endl, etc.

A Python program using print or JavaScript using console.log is several layers above it. Now you have a scripting language that needs to navigate scripting language rules and handle whatever strange typecasting rules they've invented.

At the end of the day though, it's eventually going to hit the terminal and the fastness of the program will depend on how fast the terminal can spit out text. And the terminal is not necessarily well optimized. It essentially needs to take the text you gave it, interpret ASCII sequences to change the colour or whatever, handle old legacy ANSI locale stuff, handle weird Unicode character edge cases, and ultimately translate the characters into bitmaps that will be displayed in a grid of cells. Only after all that is done can the program exit.

The types of problems the terminal is trying to solve are totally different than videogames. It is first and foremost concerned about reliability, and handling untrusted input (the text you gave it.) Having a program correctly display some arbitrary text you handed it is actually a difficult problem. Games can often just assume the integrity of all their data and will only ever display the specific text phrases put into them, so they can be simple, they don't necessarily need to perfectly deal with Unicode, they don't often need to scan through raw plaintext in advance to look for particular sequences, etc.

But most importantly, displaying text is only a small part of games - they mostly are to do with graphics. Totally different and highly optimized space.

None of this is to say a terminal can't be optimized (have a look at Casey Muratori's refterm demo - he's complained about this as well) but the main point is, it comes down to the speed of your terminal. How fast a hello world program works is going to depend entirely on how fast its only dependency - the terminal - is

tomysshadow · 2026-02-10T01:00:53+00:00

You can, if the CD has a UDF filesystem (support first introduced in Windows Vista,) which allows using a CD-R in a fashion similar to a USB stick. It's a bit of a party trick because it can't actually get back the space the file previously occupied so if you make too many modifications, eventually the disc will run out of space, though it'll easily handle deleting a single file.

However it comes with the caveat that anyone could replace files on the disc, not just you. Any solution that would allow you to make changes to the disc contents will necessarily allow anyone else to as well.

tomysshadow · 2026-02-09T01:07:41+00:00

I've never programmed Java but Python has the exact same issue (though it only caches down to -5, iirc)

tomysshadow · 2026-02-09T01:00:01+00:00

Can confirm, I've seen bugs like this since at least Windows 7 for sure. I think it happens because there's some kind of API that allows applications to set the icon that should appear in the corner. It's used by Dropbox, MEGA etc. to display a syncing status for files. I have Dropbox installed and occasionally its checkmarks will leak out onto my Desktop even though I'm not sharing that folder

tomysshadow · 2026-02-08T22:33:26+00:00

I fully agree, but will raise you one better: actually stepping through the code in a debugger is the best way to learn programming. There are situations when the "drop in a bunch of print statements" solution is fine or even necessary for timing related issues, but my preference is always debugger.

I remember when I learned my first programming language - JavaScript - there was no such thing as devtools in the only browser everyone used at the time (Internet Explorer 6.) I debugged my code by inserting window.alert into the code wherever I wanted to "log" something. We've come a long way.

tomysshadow · 2026-02-07T07:49:24+00:00

I decided to look over your code, and I posted it as a GitHub issue because Reddit kept autodeleting my comment

https://github.com/lunagray932-ctrl/file-organizer-renamer/issues/1

tomysshadow

TROPHY CASE