All posts by admin

study note ideas

Pages online are good to read.  when we want to use it, learn it, study it, note it, it’s diffcult to use it as if I own the page as my book.  where i can

put highlight


or even draw something

and it need to be private my version , so it’s easier to read next time for me.


List system Normal user account ONLY

DWORD res, dwRec, i = 0;

do // begin do
// Call the NetQueryDisplayInformation function;
// specify information level 3 (group account information).
res = NetQueryDisplayInformation(NULL, 1, i, 100, MAX_PREFERRED_LENGTH, &dwRec,(PVOID *) &pBuff);
// If the call succeeds,
if((res==ERROR_SUCCESS) || (res==ERROR_MORE_DATA))
p = pBuff;
// Print the retrieved group information.
CW2A name( p->usri1_name );
bool bNormalAccount=false;

if(p->usri1_flags & UF_NORMAL_ACCOUNT&& !(p->usri1_flags & UF_ACCOUNTDISABLE)&& !(p->usri1_flags & UF_PASSWD_NOTREQD))
TRACE(“Normal account %s\n”,name.m_szBuffer);

i = p->usri1_next_index;
// Free the allocated memory.
printf(“Error: %u\n”, res);
// Continue while there is more data.
} while (res==ERROR_MORE_DATA); // end do

AND & Bitwise

A bitwise AND takes two binary representations of equal length and performs the logical AND operation on each pair of corresponding bits. The result in each position is 1 if the first bit is 1 and the second bit is 1; otherwise, the result is 0. In this, we perform the multiplication of two bits; i.e., 1 × 0 = 0 and 1 × 1 = 1. For example:
0101 (decimal 5)
AND 0011 (decimal 3)
= 0001 (decimal 1)
This may be used to determine whether a particular bit is set (1) or clear (0). For example, given a bit pattern 0011 (decimal 3), to determine whether the second bit is set we use a bitwise AND with a bit pattern containing 1 only in the second bit:
0011 (decimal 3)
AND 0010 (decimal 2)
= 0010 (decimal 2)
Because the result 0010 is non-zero, we know the second bit in the original pattern was set. This is often called bit masking. (By analogy, the use of masking tape covers, or masks, portions that should not be altered or portions that are not of interest. In this case, the 0 values mask the bits that are not of interest.)
If we store the result, this may be used to clear selected bits in a register. Given the example 0110 (decimal 6), the second bit may be cleared by using a bitwise AND with the pattern that has a zero only in the second bit:
0110 (decimal 6)
AND 1101 (decimal 13)
= 0100 (decimal 4)
Because of this property, it becomes easy to check the parity of a binary number by checking the value of the lowest valued bit. Using the example above:
0110 (decimal 6)
AND 0001 (decimal 1)
= 0000 (decimal 0)
Therefore 6 is divisible by two and even.


It is not enabled by OS, but by applicaiton level.  Failed to response KEEP ALIVE packet will result windows RST


A TCP keep-alive packet is simply an ACK with the sequence number set to one less than the current sequence number for the connection. A host receiving one of these ACKs will respond with an ACK for the current sequence number. Keep-alives can be used to verify that the computer at the remote end of a connection is still available. TCP keep-alives can be sent once every KeepAliveTime (defaults to 7,200,000 milliseconds or 2 hours), if no other data or higher-level keep-alives have been carried over the TCP connection. If there is no response to a keep-alive, it is repeated once every KeepAliveInterval seconds. KeepAliveInterval defaults to 1 second. NetBT connections, such as those used by many parts of the Microsoft networking functionality, send NetBIOS keep-alives more frequently, so usually no TCP keep-alives will be sent on a NetBIOS connection. TCP keep-alives are disabled by default, but Windows Sockets applications can use the SetSockOpt function to enable them.

How to view wireshark KEEP ALIVE and TCP window packet

Known TCP problem

The retransmission timeout is used to determine when a packet has
been dropped in the network.  When this timeout has expired
without the arrival of an ACK, the segment is retransmitted. Each
time a segment is retransmitted, the timeout is adjusted according
to an exponential backoff algorithm, doubling each time.  If a TCP
fails to receive an ACK after numerous attempts at retransmitting
the same segment, it terminates the connection.  A TCP that fails
to double its retransmission timeout upon repeated timeouts is
said to exhibit “Failure to back off retransmission timeout”.

Backing off the retransmission timer is a cornerstone of network
stability in the presence of congestion.  Consequently, this bug
can have severe adverse affects in congested networks.  It also
affects TCP reliability in congested networks, as discussed in the
next section.

It is possible for the network connection between two TCP peers to
become congested or to exhibit packet loss at the time that a
retransmission is sent on a connection.  If the retransmission
mechanism does not allow sufficient time before dropping


are hardcoded to 10 and could not be adjusted via the registry.

d) Some special considerations

=> Even if TCP KeepaliveTime and TCPKeepAliveInterval registry keys are set to a specific value (TCPIP driver uses the deafult values even if we don’t set these registry keys from the registry), TCPIP driver won’t start sending TCP Keepalives until Keepalives are enabled via various methods at upper layers (layers above TCPIP driver).

=> Native Socket applications can enable TCP keepalives by using anyone of the following methods:

– setsockopt() with SO_KEEPALIVE option – WSAIoctl() with SIO_KEEPALIVE_VALS option (it’s also possible to change Keepalive timers with this API call dynamically on a per-socket basis)


In Windows, as well as many other operating systems, TCP/IP Keep-Alive is not enabled by default. By enabling this, SQL Server can, in a timely manner, detect “orphaned connection” and free up valuable resource associated with each connection, including its session context, locks, kernel TCP buffers and etc., which sometime can become very expensive for a SQL Server running heavy transactions. The major drawbacks, among many others, are (1) Keep-Alive consumes bandwidth on a perfect idle connection; (2) It causes good connection to break during transient network failures. So configuring the keep-alive values too small is not recommended.

The following KB about orphaned connection/session for SQL Server 2000 shares valuable insight on how to configure Keep-Alive for named pipe connections.,

TCP window scaling (Windows)





Windows 2003;en-us;912222

Data type Range Default value
REG_DWORD 0 | 1 | 2 | 3 3


Specifies whether TCP uses the timestamping and window scaling features described in RFC 1323, TCP Extensions for High Performance.

Window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing for a very large TCP receive window of up to 1 GB. The TCP receive window is the amount of data that the sending host can send at one time on a connection.

Timestamps help TCP measure round trip time (RTT) accurately in order to adjust retransmission timeouts. The Timestamps option provides two timestamp fields of 4 bytes each in the TCP header, one to record the time the initial transmission is sent and one to record the time on the remote host.

This entry is a 2-bit bitmask. The lower bit determines whether scaling is enabled; the higher bit determines whether timestamps are enabled. To enable a feature, set the bit representing the feature to 1. To disable a feature, set its bit to 0.

Value Meaning
0 (00) Timestamps and window scaling are disabled.
1 (01) Window scaling is enabled.
2 (10) Timestamps are enabled.
3 (11) Timestamps and window scaling are enabled.