Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like


Fun with asm

Today just some fun stuff with ASM, probably not the most recommended way to do things but for sure the most geeky way πŸ˜›

Get the Current Session Id:

Get the Current Console Session Id:

And… if we can read it we can also write it?


You can safely try it since it of course affects the current process only, so don’t worry.

And perhaps more usefull


I needed to obtain the Fully Qualified Domain Name (FQDN) for a given NetBios domain name. Eg from MYDOMAIN to dc=mydomain,dc=local.

I did some tests with the TranslateName API and if you append a \ to the domain name it returns the FQDN.

Here is a short example:

Read the rest of this entry »


If you look into the registry in the key HKLM\System\CurrentControlSet\ProductOptions you will find several licensing related Values.

The ProductType and ProductSuite keys contain the OS Suite and Edition, but the ProductPolicy key is much more interesting. So let’s have a closer look at it, open RegEdit and DoubleClick the key, you will something like the screenshot below, a Binary Value:


As you can see the license names are there as a Unicode string and later on I will show you how we can read the values. But because I didn’t want to extract all the names manually I decided to see if I could reverse the used structure because it didn’t look very complicated. Using a Hex Editor I could determine the important part of the structure.

Read the rest of this entry »


Again a about post about using the Virtual TreeView component (did I mention it’s brilliant?), this time I will talk about memory leaks.

I often use Records to hold the treedata, and usually the record holds some string data (eg a caption) and an (a reference to) an Interface or Object(List) that holds more data.

If you are familiar with Virtual Tree then you know that you must can the NodeData in the OnFreeNode event.

Read the rest of this entry »


When working with the Virtual TreeView component the most optimized way of adding (or removing child nodes is by changing the ChildCount.

I often make the mistake of change the ChildCount of a Node using:

If you look into the source you will see why this will not work, the proper way is:

This is mainly a note to self since I tend to forget it all the time πŸ˜‰


Previously I discussed IDirectoryObject, today I will show how to change a user’s password with IDirectoryObject.

I didn’t find any documentation except a kb article describing how to use pure ldap to do it. Of course I could have used IADsUser::SetPassword but I decided not to because of the following reasons:

  • IADs interfaces are terribly slow (although for one use you probably wouldn’t really notice).
  • IADsUser::SetPassword tries 3 different methods to set the password (ldap over ssl, kerberos and finally NetUserSetInfo) which makes it even slower (most domain controllers do not have an ssl certificate) and unpredictable.

All example code I found was .NET based using the .NET wrappers for Active Directory and seemed to be meant for use in Adam rather than full Active Directory (it set port number to 389 and password mode to cleartext).

In the end it’s not very difficult but nonetheless it took me a while before I got it right.

We can write to the unicodePwd attribute which wants the password as a double quoted unicode string. If you look at this attribute with AdsiEdit you’ll see that the type is Octet String and that it can be written only.

I was tricked with Delphi’s QuotedStr function for a while because it doesn’t return a double but single quoted string πŸ˜‰

Below a small snippet from the upcoming JwsclActiveDirectory that shows how to use it: Read the rest of this entry »


A few days ago I wrote about Using Windows Dialogs in your own programs, wouldn’t it be nice to be able to use Windows Resource Strings for the same reasons?

Loading a resource string is not difficult, let’s look at some examples:

This uses the LoadString api to load a Resource String from an Executable or Dll by it’s resource Id. An Example might call might be:

This loads the string with ResourceId 226 from dsadmin.dll(.mui):

As you can see in this example, some resource strings have identifiers such as %1 and %2 which are used in the FormatMessage Api. How can we use that from Delphi?

I wrote a very simple wrapper for it:

And here is a usage example:

The Result of this is:

Windows cannot complete the password change for John Doe because:
the password doesn’t meet complexity requirements


Today I reused a unit I wrote a long time ago for TSAdminEx that shows Resource Dialogs from DLL’s or Executables. I wrote it for a couple of reasons:

  • Reusing existing dialogs is conventient since the user already knows it.
  • Windows takes care of translating it into the user’s language.
  • I am too lazy to recreate them πŸ˜‰

The code is hardly rocket science and could probably be improved and made more sophisticated but it works for me. I decided to share it since you may find it usefull.

Here is a small usage example that shows the Reset Password dialog from Active Directory Users & Computers. This dialog is in dsadmin.dll (on Windows Vista/7 you will find it in ds.admin.dll.mui in the language subfolder eg %systemroot%\system32\en-US but you can load it using just the dll name).

It looks like this:

Read the rest of this entry »


Last time I talked briefly about IDirectoryObject and IDirectorySearch, let’s go into a little more detail today.

IDirectoryObject is an Interface that we can use to query anything in Active Directory, users, groups, organizational units, containers and so on.

I thought the best explanation would be to build a very small sample project, so let’s do that!

First we need some units, so please add the following units to your uses clause:

  • ComObj (for EOleException and it calls CoInitialize for us)
  • JwaWindows for the proper Adsi declarations

Next declare the following types:

Read the rest of this entry »


If you have ever used Adsi you have probably used the IADs interface or derived interfaces such as IADsUser or IADsGroup (maybe even without realising this).

What you need to know is that these interfaces were created to support scripting languages such as VBScript. The reason is that these scripting language have no support at all for structures such as ADSVALUE and don’t work with Pointers.

A typical use of IADs interface would look like this (in Delphi and using Jwa):

The IADs interfaces are fine when you are working with a single object but they are very, very slow, when working with many objects. I also find them a pain to work with as only a few AD attributes are present as properties. For other attributes you need to call the Get method which doesn’t always work, in which case you probably need to call the GetEx method. Even the GetEx method doesn’t always return the desired result as the property might not be in the Cache in which case we need to call the GetInfoEx method first and then Get or GetEx.

Active Directory has the nasty habit of failing when a an attribute is not set, so if you are reading a eg string attribute you probably expect an empty string but Active Directory returns a failure in such a case. And since Delphi declares Get(Ex) as SafeCall it will raise an Exception so you need to wrap it in try..except.

If we have obtained a value it will always be a variant that we probably need to convert to another type such as a string, datetime or an integer.

My results with implementing IADs interfaces in my Active Directory unit were bad: I wrote a test program that mimics Active Directory Users & Computer and enumerating a Container or OU with about 70 users takes 2-3 seconds. If you need to wait that long when expaning a Tree Node this in simply not acceptable. So I decided to completely drop the IADs interfaces and used the interfaces that are meant for higher level languages such as IDirectoryObject and IDirectorySearch. And guess what? Now my Delphi program, even when running in the debugger, is actually much faster than Active Directory Users & Computers!

To be fair to Microsoft, in the documentation of IDirectoryObject is the following note: The IDirectorySearch interface is a pure COM interface that provides a low overhead method that non-Automation clients can use to perform queries in the underlying directory.

In the next posts I will talk about IDirectoryObject and IDirectorySearch.