Monday, March 16, 2009

ScienceFair storytime

The Captain Hook Story

Since this Saturday is the 2009 Kiwanis Regional Science Fair in Medicine Hat, I thought that I'd declare this week to be "Science Fair Week" on the OhmsBlog. I'm starting on a Monday because I'd like to conclude the week next Sunday with a post-mortem of Saturday's events.

I've been programming computers for a long time, and I've been using computers for even longer. When I started writing code I was about seven years old. By the time I was thirteen years old I had switched from BASIC to C and C++. I had a desire to learn how to write software with a GUI, and I wanted to use a "grown up" language to do it. Our home computer in 1995 was a 486 box that was running MS-DOS 6.0 and Windows 3.1, so I decided to write Windows programs in C and C++. As time progressed the technology changed as fast as I grew. I soon found myself hacking away at a Pentium 120 running Windows 95. My mind absorbed books by Windows spelunkers Andrew Schulman and Matt Pietrek.

As a student in high school in the spring of 1997, I had observed my peers cleverly discovering ways to bypass the system policies on our school computer systems. For example, there was a system policy in Windows 95 that would block the "display settings" control panel applet, thus preventing students from being able to modify the desktop wallpaper.

Or so the teachers thought...

It turns out that, right around that time, web browsers started shipping with a little feature that, when invoked, would set the desktop wallpaper to an image that the user selected from a web page. The system policies blocked the control panel applet, but not the underlying API function, which I knew by that time to be SystemParametersInfo(). "Would it be possible to intercept and block API calls?" I asked myself. That sounded hardcore to me. I had been doing science fair projects since the seventh grade, and I decided to make that question the focus of my 1998 science fair entry.

My favourite time of the year has always been the span of time from the last week of June to the third week of July. I'd relax and enjoy my summer for that duration, but I had made it a habit of commencing my science fair projects after that final week had concluded. I would do research and take plenty of notes over the summer, but I still had plenty of time for golf, cycling, Slurpees, and whatever shenanigans I could take part in.

The summer of 1997 was slightly different. I would be spending two weeks at a summer computer camp offered by the University of Calgary to brush up on my C++ skills. When I wasn't in class, I spent quite a bit of time researching. I studied in the university library. I spent countless hours browsing the aisles in computer book stores. I scoured software shops looking to score an educational pricing deal on a new 32-bit C++ compiler for Windows.

I spent several months searching for the best way to implement my elusive goal: To globally intercept calls to Windows API functions and block them if they did not conform to an administrator's security policy.

By December 1997 I had found something that almost worked. Several programs crashed, but at least I could successfully intercept an API call that was made by any 32-bit process that was running on the system. 16-bit processes in particular did not fare so well (there's another story about that, but that one will have to wait).

Science Fair Tip:
Sometimes things don't work as expected. That's OK if you can figure out why. If you can use this knowledge to find a solution to the problem, that's even better.
Unfortunately the very program that seeded my idea did not work. Netscape would crash when I ran my software. It turns out that several of the Netscape executable's sections were marked read-only, causing a general protection fault when my software tried to intercept its API calls. Fortunately my diagnosis allowed me to add some additional code to fix the permissions so that my program could run properly.

By the time I presented Advanced Windows 95 Security Techniques at the Southeast Alberta Regional Science Fair, my program worked but it had a very simple user interface. It had a one line static text field that displayed the program's status and a single button to toggle its enabling. This rudimentary GUI was good enough for the regional science fair, but it needed beefing up to look good at the Canada-Wide Science Fair.

In the months between the regional and national science fairs, I completed a fully-featured GUI that placed an icon in the taskbar notification area. Selecting that icon would prompt the user for an administrative password. A successful password entry would cause a configuration screen to be displayed that would allow for fine-grained control over which API calls would be intercepted under which conditions. I called this program "Captain Hook."

The 1998 Canada-Wide Science Fair in Timmins, Ontario had its ups and downs (there'll be more blogging to come about those), but my week peaked when I won the gold medal for Intermediate (grades 9-10) Computer Technology. One of the other highlights was when I met the Governor-General. I also met several interesting people during the day that the fair was open to the public. The people that came to talk to me about my work included a school district IT manager and an employee of the Communications Security Establishment.

The schedule for the week at the CWSF was very busy, to say the least. Even worse was the travelling involved to get to Timmins from Medicine Hat. I got back in the early hours of Monday morning (Victoria Day 1998), and I had to return to school on the Tuesday. Unfortunately the sleep that I needed so badly was denied: my family's phone started ringing off the hook at 9:00 AM. The culprits? Media organizations. Needless to say, I was more or less incoherent for the next week at school.


Release 7.0; Copyright © 1996-2012 Aaron Klotz. All Rights Reserved.