Five Things I Learned from “Hacking Windows XP”

We had our annual local library sale earlier this month! If you’re curious what all I got (it was an especially good haul for weird alternative CDs), you can go read the journal post I wrote on cammy.somnol about it. One of the books everyone, including myself, was most interested in though was a book called Hacking Windows XP, written by Steve Sinchak, the maintainer of tweaks.com to this day, and published by Wiley in their ExtremeTech range. (Wiley, if you don’t know, are the folks that publish those For Dummies books that were the main way I got into retrocomputing as a very small child. I had another of their ExtremeTech books on building an arcade cabinet as well.) What’s especially fun about my copy is the CompUSA price tag on the front that says it was marked down to half off in December of 2004. History!

I’m a long-time XP power user. I had my own XP computer from about when I was 7. I used it every day at school. I now have an XP box on my floor to my left as I write this! (I mostly use it to chat on Aftersleep.) I like to think I know a lot about it, so I was curious how much this book could teach me. Indeed, a lot of especially the early part of the book is about stuff like customizing the Start Menu, changing system icons, and dinking with msconfig. Useful information, but stuff I’ve already got filed away in the brain box and mostly don’t bother with.

That said, I didn’t walk away completely unenlightened! Here’s a handful of stuff from this book that even a grizzled, old-school, daily XP user walked away having learned–either from it just somehow getting by me or because it’s properly nerdy. Also, there’s a CD. I’ll unseal it and we’ll get to that after the main course.

1. Adding things to the “Send To” menu

Let’s start with one that’s probably not all that obscure, but I found extremely useful. To this day, Windows has a Send To option on its context menu. This is meant for copying and opening files to specific folders and in specific applications. Uncustomized, I’ve only found it marginally useful, but then the book told me I could actually add to this menu myself, and I knew the perfect application for it.

You know how Windows comes with those Shared Documents folders that nobody uses? I actually found a really great use for the one on the eMachines Box, which is to pass files to and from my Windows 10 machine. This is a really convenient way to get screenshots and data off of it and installers onto it. Problem is, for whatever reason, this folder is buried away in My Computer, and I have to open the damn thing to copy anything into it. That’s a lot of clicking! I put a shortcut to it on my desktop (and never used it), and I’ve since made My Computer a menu in the Start Menu (and it’s faster, but more of a Band-Aid solution), but this is kinda exactly what the Send To menu is made for.

You can add to this menu per-user by going to C:\Documents and Settings\[username]\SendTo, replacing [username] with your user account name, of course. (The modern Windows equivalent is C:\Users\[username]\AppData\Roaming\Microsoft\Windows\SendTo. If you don’t know how to get to these paths, WinKey+R will pop open the Run box, and then you can put the path in there.) Make a shortcut to the folder in there, and it’ll immediately add it to the Send To menu, and right-clicking a file and selecting your new folder will copy it in there, no questions asked. Sadly, this doesn’t seem to work for network shares, but I don’t mind that since I’ve always got my shared folder pinned to my Explorer Quick Access menu anyway.

Already, I can think of a bunch of other applications for this trick. I can copy my newly-built Guitar Hero II testing ISOs directly to my PCSX2 folder. I can copy any newly-built DocBook stories to the includes folder in my mari.somnol AutoSite project and save myself some major folder navigation. Instant copy, right from a right-click.

2. The exciting world of custom visual themes

I’m cheating slightly by including this, because I actually started digging into this stuff slightly before I bought the book, but Hacking Windows XP covers it in a lot of detail, so I’m jumping on the opportunity. I’ve never given a damn about ricing and theming computers, with one sole exception. When I was a little kid, being prescribed twenty different medications and being bounced around hospitals and special behavioral schools, I thought Macs were the fucking coolest thing. They were premium! I’d never used one! They were so glossy, like Windows only started to be, and that was boring old Windows. This? Was a whole new world to me.

Mac OS and I now have a custody agreement and my next computer will certainly not be a Mac, but still, oh, I wanted to use one as a little kid. I was very happy to download Mac OS wallpapers and use freeware dock programs like RKLauncher and RocketDock to get a hint of the feeling of a Mac without actually owning one, at least not for another 2-4 years. To this day, I still put my taskbar at the top of the screen, partially because I like having more application than application switcher at eye level, but back then, it was entirely because the Menu Bar on OS X was up there, and that was cool.

All that said, I missed out on the most important part of the whole “making Windows look like Mac” thing, and that was the custom themes. XP included a new theming engine that allowed Microsoft to quickly visually overhaul the OS with a few files. Themes originally required a digital signature from Microsoft themselves to work, but you bet people patched that signature check out quick and started making their own and reconstructing other OSes UIs for use as XP themes, different flavors of OS X chief among them. A Reddit post piqued my curiosity about custom XP themes, and I realized that now, with the eMachines Box, would be the perfect time to try some out. Man cannot live on Energy Blue and Embedded alone.

I used a program called UltraUXThemePatcher to enable custom themes and got to grabbing a few from DeviantART. Yes kids, DA was once good for more than Sonic OC foot porn and disappointing Caby, with a gigantic base of ricers and optimistic future UX designers creating millions of custom icon sets and themes for various OSes, XP right up at the front. (It’s even mentioned in the book, URLs included!) I’ve been especially partial to these themes from StudioTwentyEight, aka Javier Ocasio, who still works for The Skins Factory doing UI design stuff to this day. (Working download links, again courtesy of DeviantART.)

3. The XP Performance Monitor

Now we get into the “um ackshully” thick frames chess club type shit. It turns out that XP has quite an in-depth system profiler to determine performance bottlenecks with. You can access it by pulling up the Run box (again, WinKey+R) and typing perfmon.msc. (Works on 10 and 11 as well! You will see a different Performance Monitor, however.)

The Performance Monitor is mostly a constantly-updating line graph of various system metrics. By default, you get the memory pages/second, average disk queue length, and percent of processor time utilized. You can remove those and add less (and more) esoteric metrics out of a gigantic list of them–for processor alone, you can see the number of interrupts per second and percents of the processor time spent in various levels of idle, servicing interrupts, or executing code with elevated privileges or in userland. Alongside processor, memory, and disk, you can track TCP performance, IP performance, pagefile statistics, print queue, telephony services, and activity of the system kernel itself–plus like two dozen other performance objects, as they’re called.

It’s all very intensive and, frankly, unless there’s a problem with your computer, there’s not much of a reason to stare at the line graphs. Unless you want to! I learned from the Performance Monitor that, after having K-Meleon open for the aforementioned Aftersleep chatting, I have ~80MB of physical memory left over. I can play Unreal Tournament 99 with that.

Too short to get their own sections, but I discovered you can actually turn off the file accessed timestamps to reduce the amount of disk writes by adding an NtscDisableLastAccessUpdate DWORD value to the registry (set it in HKEY_CURRENT_MACHINE/SYSTEM/CurrentControlSet/Control/Filesystem). I also took the time to disable some of the Windows services that weren’t of much use to me, like the Print Spooler. Will they make a difference in boot or operation? Not that I’ve noticed so far, but they make me feel cool doing it.

4. Prefetcher (and what it isn’t)

As with any immutable, printed work, you can imagine that not everything in Hacking Windows XP is 100% accurate or proofread. I found an “alread1y” in one chapter and a “defiantly” instead of “definitely” in another. It’s not all that shoddy, but certainly a reminder that the guy who wrote it is not an author by trade. (His editors have less of an excuse.)

On the accuracy front, the only true inaccuracy I noticed comes by way of the section on the XP Prefetcher in chapter 11. Admittedly, the book does say that the Prefetcher’s actual functionality is shrouded in mystery, right down to telling of the time system hackers discovered a mysterious /prefetch:1 switch in a Windows Media Player shortcut as though it was Jesus’ tomb:

How the prefetch system operates is often mysterious. Much about the technology is undocumented, so the general public does not know much about it. Sometimes the only way we find out about features of the operating system is when Microsoft uses them. One example of this is with the release of Windows Media Player 9.0. On top of all of the new multimedia technologies that this release brought to Windows was an insight into the unknown world of the Prefetcher. Hidden away in the shortcut to the application in the Start Menu was an application flag that appears to be an option flag for the Windows Prefetcher system.

What does the shortcut look like? "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

The book them goes on to ascribe different meanings to the /prefetch: launch option. Of course I was interested in a mysterious “instant speedup” flag I could add to my K-Meleon shortcut–but not so quick. For one thing, it didn’t work–K-Meleon just opened with an error as it parsed the flag as a URL to open. More interestingly, though, apparently this /prefetch:1 was a notorious Internet myth in the early 2000s, so it’s no great surprise that the book includes it as well.

How notorious, you ask? So notorious that a Windows developer chimed in to debunk it. Microsoft employees used to fastidiously keep blogs, most notably The Old New Thing from perpetual old man (though highly amusing in his crotchetiness) Raymond Chen. Ryan Meyers wrote one of these, called Funny, It Worked Last Time, and he took on Prefetcher myths in a very enlightening post about eight months after the book was published.

XP systems have a Prefetch directory underneath the windows root directory, full of .pf files — these are lists of pages to load. The file names are generated from hashing the EXE to load — whenever you load the EXE, we hash, see if there’s a matching (exename) -(hash).pf file in the prefetch directory, and if so we load those pages. […] So, first off, it is a bad idea to periodically clean out that folder as some tech sites suggest. For one thing, XP will just re-create that data anyways; secondly, it trims the files anyways if there’s ever more than 128 of them so that it doesn’t needlessly consume space. So not only is deleting the directory totally unnecessary, but you’re also putting a temporary dent in your PC’s performance.

[…]

Some sites have guessed that this switch turns on prefetching, and suggest that you add that to every executable you care about — this has appeared on so many, many, many sites to be urban legend. Other sites write this off as garbage and guess that it’s a switch specific to Media Player, guessing from references to prefetching in the Windows driver subsystem. Both guesses are incorrect.

The /prefetch:# flag is looked at by the OS when we create the process — however, it has one (and only one) purpose. We add the passed number to the hash. Why? WMP is a multipurpose application and may do many different things. The DLLs and code that it touches will be very different when playing a WMV than when playing a DVD, or when ripping a CD, or when listening to a Shoutcast stream, or any of the other things that WMP can do. If we only had one hash for WMP, then the prefetch would only be correct for one such use. Having incorrect prefetch data would not be a fatal error — it’d just load pages into memory that’d never get used, and then get swapped back out to disk as soon as possible. Still, it’s counterproductive. By specifying a /prefetch:# flag with a different number for each “mode” that WMP can do, each mode gets its own separate hash file, and thus we properly prefetch.

I always love when these retro tech rabbit holes bring me the urban legends of yesterday.

5. How much different security concerns were in 2004

The last section of the book is all about securing XP. Keep in mind the time period. Service Pack 2 was released a month before this book was published in August 2004. SP3 wouldn’t be until 2008. Vista was also not out yet. XP was the hot target for malware, and XP’s security faults were already well-documented. There were two major ones, the lack of a pack-in firewall with OEM and SP1 XP, and disregarding the principle of least privilege by automatically running all apps at the current user’s access level, administrator or not. Internet Explorer 6 was already well long in the tooth by 2004, easy to exploit and lagging Firefox and Opera severely in Web standards, and IE7 wouldn’t be out for another two years.

As such, you get a lot of information on installing your own third-party firewall, running classic apps like Spybot: Search & Destroy, disabling commonly-exploited and underutilized portions of the OS like DCOM, uPnP, and ActiveX controls, and probably the most adorably anchronistic of the bunch, safeguarding your privacy by clearing out all the ways that XP keeps track of what you’re doing. There is some talk of data harvesting, mostly in the realm of email spam, but in 2004, you were more concerned about what the people around you with physical access to your computer could see than you were what someone online could harvest from you.

It’s great! You get lots of info on clearing the recently viewed documents pane, your IE autocomplete, your cookies and caches, and downloaded encrypted Web pages (which is something I had no idea Windows once did). No mention of adblockers, VPNs, changing passwords in the case of data breaches on their end, and the endless lust every site now has for building a browsing profile on you that they can sell to the highest bidder en masse. Just making sure that your wife doesn’t know you were on that site again.

Ah, less dystopian times.

Appendix A: what all’s on the CD

Let’s close out with what’s on that CD-ROM. It’s a lovely collection of software mentioned in the book, trialware and freeware (AVG, O&O Defrag, PCMark04, Spybot, and Style Builder, to name a few prominent ones), .reg files created by Steve himself for tweaking and reversing tweaks described in the book, a big grabbag of random extra software from screen savers to little power tools, and get this–a PDF copy of Hacking Windows XP. For 2004, I’m impressed! It’s also what’s allowed me to give you guys such clean images of the pages.

I would dump this online, if not for the PDF. I guess–call me if you want it? I dunno. Does Wiley give a shit? Does anyone still use XP?