惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
B
Blog RSS Feed
N
News and Events Feed by Topic
GbyAI
GbyAI
I
InfoQ
P
Privacy & Cybersecurity Law Blog
AWS News Blog
AWS News Blog
Cisco Talos Blog
Cisco Talos Blog
C
Check Point Blog
Recent Announcements
Recent Announcements
D
Darknet – Hacking Tools, Hacker News & Cyber Security
D
Docker
P
Proofpoint News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Scott Helme
Scott Helme
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
N
News and Events Feed by Topic
C
CXSECURITY Database RSS Feed - CXSecurity.com
Microsoft Security Blog
Microsoft Security Blog
L
LangChain Blog
W
WeLiveSecurity
S
Securelist
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
www.infosecurity-magazine.com
www.infosecurity-magazine.com
K
Kaspersky official blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
Stack Overflow Blog
Stack Overflow Blog
S
Security Affairs
NISL@THU
NISL@THU
O
OpenAI News
Vercel News
Vercel News
C
Cyber Attacks, Cyber Crime and Cyber Security
Y
Y Combinator Blog
T
Tor Project blog
G
GRAHAM CLULEY
T
Tailwind CSS Blog
博客园 - Franky
Webroot Blog
Webroot Blog
Simon Willison's Weblog
Simon Willison's Weblog
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
V2EX - 技术
V2EX - 技术
H
Help Net Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
F
Full Disclosure

The Old New Thing

The evolution of window and class extra bytes in Windows - The Old New Thing The case of the DLL that was not present in memory despite not being formally unloaded, part 2 - The Old New Thing Raymond's hot take on Hainanese chicken - The Old New Thing The case of the DLL that was not present in memory despite not being formally unloaded, part 1 - The Old New Thing Cancellation of Windows Runtime activities is asynchronous - The Old New Thing Microspeak elaborated: Isn't escrow just a release candidate by another name? - The Old New Thing In memory of the man who put red and green squiggles under words - The Old New Thing What does it mean when the bottom bit of my HMODULE is set? - The Old New Thing Why doesn't Get­Last­Input­Info() return info for the user I'm impersonating? - The Old New Thing Windows stack limit checking retrospective, follow-up - The Old New Thing Retrofitting the WM_COPY­DATA message onto Windows 3.1 - The Old New Thing The time the x86 emulator team found code so bad that they fixed it during emulation - The Old New Thing How can I schedule work on a thread pool with low latency? Understanding the rationale behind a rule when trying to circumvent it What’s the opposite of Clip­Cursor that lets me exclude the cursor from a region? The Microsoft Company Party where everybody played name tag swap Rotation revisited: Shuffling more than three blocks, and other small notes The back cover of C++: The Programming Language also raises questions not answered by the front cover Rotation revisited: Avoiding having to calculate the gcd when doing cycle decomposition Rotation revisited: Cycle decomposition in clang’s libcxx Rotation revisited: A shocking discovery about gcc’s unidirectional rotation algorithm Rotation revisited: Another unidirectional algorithm The placeholder name for the Windows 8 experience was “modern” Sharing the result of a single Windows Runtime IAsyncOperation among multiple coroutines, part 3 Sharing the result of a single Windows Runtime IAsyncOperation among multiple coroutines, part 2 Sharing the result of a single Windows Runtime IAsyncOperation among multiple coroutines, part 1 If C# and JavaScript lets me await a Windows Runtime asynchronous operation more than once, why not C++/WinRT? A hypothetical redesign of System.Diagnostics.Process to avoid confusion over properties that are valid only when you are the one who called Start Why do you say that a COM STA thread must pump messages if I see sample code creating STA threads and not pumping messages? How do I use Win32 structures from the Windows Runtime? What is the history of the ERROR_ARENA_TRASHED error code? The classic TreeView control lets me sort by name or by lParam, but why not both? Just shows that nobody cares about debugging the parity flag any more The case of the Create­File­Mapping that always reported ERROR_ALREADY_EXISTS
A compatibility note on the abuse of Windows window class extra bytes - The Old New Thing
Raymond Chen · 2026-06-30 · via The Old New Thing

June 30th, 2026

like1 reaction

During my discussion of the evolution of system-windows window and class extra bytes, I noted that even though IDs are typically small integers, people liked to stash pointers there, so we had to expand the ID field to a pointer-sized integer.

One thing I’ve learned is that anywhere it’s possible to hide a pointer, people will hide a pointer there. This is true even for small integers.

As I was digging up the history of the extra bytes, I saw a special note in the 16-bit code for SetClassWord: It says that there’s an app that expects to be able to modify the value of GWW_CBCLSEXTRA.

Now, modifying this value has no practical effect because the memory for the class was allocated when you called RegisterClass. You can’t go back in time and change the allocation size.

But one program realized that it could use this value as a place to store some private data, so they did. Sure, that’s not the purpose of the GWW_CBCLSEXTRA, but that never stopped them.

For compatibility, Windows lets 16-bit programs modify GWW_CBCLSEXTRA. But at least it blocks it for 32-bit and 64-bit programs. One loophole closed. Countless more to go.

Category

Topics

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

Read next

Stay informed

Get notified when new posts are published.

Follow this blog

  • youtube