MS Solitaire Meanderings

Discuss Autohotkey related topics here. Not a place to share code.
Forum rules
Discuss Autohotkey related topics here. Not a place to share code.
User avatar
lmstearn
Posts: 688
Joined: 11 Aug 2016, 02:32
Contact:

MS Solitaire Meanderings

Post by lmstearn » 19 Mar 2023, 01:35

If you have ever played the Solitaire that comes with Windows, the more seasoned of you may well remember the occasion of Klondike bundled with Windows 3.0 in 1990. How, and what it has evolved to is the focus of yet another ramble for anyone in general, or MS Solitaire tragics in particular...

The MS Solitaire Collection presents with a nice and easy interface for instant card relief for those so inclined, and of late, I enjoy regular participation in Solitaire Events. Every day there is a new Solitaire Event, best described as a timed card challenge against other players, so not to be construed so much as a "Solitaire" experience in the traditional sense. MS Solitaire Events was first introduced in 2016 along with the monetization of the MS Solitaire Collection.
As we all might know, even though the Microsoft Ad Monetization platform shut down as of June 2020, the monetization of many (or all) of their products such as MS Teams is done in a different way, for example using OEM code in the monetization of the Solitaire card games, it seems.

If, like me, you enjoy playing Events, then you get the ads, provided that you have not signed up to their monthly or yearly subscription offer. This impacts on the game experience, because the ad playing time affects your position in the tournament results.
To mitigate the effects of the ads, MS could, of course, implement a separate database of game stats for non-premium players,- the consequences of this more "level" playing field may not turn out to be desirable either for the company or the subscribers. (Although no problem with it here. :) )

So, on a typical rig, most of the usual ad blocking methods found via Google search- particularly host file modifications either don't work, or only partially work. "Partially work" is when the ad windows "launch", but then stall, sometimes to such a degree it freezes the entire game, the effects of which still consume your most valuable tournament time.

The proposition here then, is that there is an exploit used by many seasoned tournament players to block the ads, as evidenced by most of them not being listed in the stat pages as premium subscribers.
If not an exploit, then what? Using apps like Adguard still cost money, understandable, as sharp coding is required for any kind of MS Solitaire gui interaction.
The only hope for this thread is that there is some tweakage in Windows security having some indirect effect. But what?


Now, as to the real reason of posting this thread: here's a thing, while not being a paying, or "premium" subscriber, yet I do indeed bear witness to the ads not playing on this Home Edition rig at all. Why so?
No ad videos play, yet there is a "Remove ads" jump link in the gui, and the still banners are (still) displayed in the game gui, of course a much less worrisome, imposing or even "game-breaking" feature.

Because no actions on this rig by me were pro-actively taken in an attempt to stop the ads from playing, can we ever pinpoint the conditions as to precisely why?
Once the reasons of ad no-play are determined, the aim is to apply them in a new "Mr. Fixit" script, which in turn can be deployed to other "Ad" rigs. Yes, there is more than one rig at this abode, and "Mr. Fixit" you ask? Probably one of the best user focused ideas MS have dreamt up in all of their Win32 days, and now that they have retired him, AHK must step up to the plate, take over the reins and raise up the cudgel, so to speak!

And a "Mr. Fixit" with a little help from WinRT discussed here. :)


Turning to the investigation on this rig - first thing to not is that any additions or deletions to the Host file here make no difference to Solitaire ad play.

Looking at the security options, Defender Firewall has "Solitaire & Casual Games" with just one Inbound rule. On its property forms, there is the statement, as with many other rules, that it
is a predefined rule, and some of its properties cannot be modified.
Can that be checked programmatically, given that we can verify that it is configured with Block Edge Traversal permissions?

Firing up explorer to navigate to C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_VERSION_NUMBER_x64__8wekyb3d8bbwe (current VERSION_NUMBER and admin required), find the obligatory ThirdPartyNotices.txt that contains a link onto 3rdpartysources:
This archive provides you with the notices and source code for certain third party components shipped with Microsoft products
Let's open the property pages for the file Solitaire.exe, and note the first entry in the ACL permissions list is Users (MyComputerName\Users). The condition on this entry is the following SYSAPPID condition:

Code: Select all

WIN://SYSAPPID contains  "MICROSOFT.MICROSOFTSOLITAIRECOLLECTION__8WEKYB3D8BBWE"
It so occurs a defunct account Account Unknown(S-1-15-abc...xyz) has a Read/Execute on Solitaire.exe (as well as on other items in the file system.)

There is also a problem with an account bearing the name Users (MyComputerName\Users) which has (only) Read access to the file. The account info form has this warning:
This access control entry is corrupt. Delete it and create a new one.
Gremlins are active, as there is a separate entry for the same account name which shows Read/Execute access on Solitaire.exe, and no warnings on the account info form.

In C:\Program Files\WindowsApps, there is also a folder Microsoft.MicrosoftSolitaireCollection_VERSION_NUMBER_neutral_~_8wekyb3d8bbwe, (vendor neutral?) possibly temporary folder, and containing package block map & hashing references.

Update to above: After a version update, the Read only entry is removed for Users (MyComputerName\Users), and now just the Read/Execute entry is corrupt. An improvement of sorts.



Next, in taking Solitaire for a walk through registry, we turn up more questions than answers:

Take this key referencing Activatable Classes, for example:

Code: Select all

HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.MicrosoftSolitaireCollection_VERSION_NUMBER_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX<some_32_hex>.mca
mca? A Minecraft file or what? The next milestone is Minecraft Solitaire Collection perhaps?


Keys like the following are for the Visual Studio package resource index file, obviously a requirement for the compiler, and of zero interest to the end-user:

Code: Select all

HKEY_CLASSES_ROOT\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftSolitaireCollection_3.12.10310.0_x64__8wekyb3d8bbwe%5CMicrosoft.System.Package.Metadata%5CS-1-15-abc...xyz-MergedResources-5.pri
HKEY_CLASSES_ROOT\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MicrosoftSolitaireCollection_VERSION_NUMBER_x64__8wekyb3d8bbwe%5Cresources.pri
The following key is part of a collection of keys containing a subkey with the name of ACID:

Code: Select all

HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\microsoftsolitairecollection\AppX1yprbth8spa55n2rc6zbh6tc1kr1tf5h
ACID:
A term that refers to the four properties that any database system must achieve in order to
be considered transactional: Atomicity, Consistency, Isolation, and Durability [Jim Gray].
A quick digression for a quote by Jim Gray:
Personal memex: Record everything a person sees and hears and quickly retrieve any item on request.
World memex: Build a system that given a text corpus, can answer questions about the text and summarize
the text as precisely and quickly as a human expert in that field. Do the same for music, images, art and
cinema.
Perhaps Memex is a start. (scratches head)

This key has a subkey "HAM". If it isn't HAM radio playing while one is quietly Solitairing, what?

Code: Select all

HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe
It also has another subkey, PersistedStorageItemTable\System\<some_SID>.Response.0 with value:

Code: Select all

\\?\Volume{<some_SID>}\Users\New\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\Tournament.zip
This is presumably the daily download of Solitaire Events data.


Code: Select all

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\<some_32_hex>_0{<some_SID>}
has a value containing descriptors of sound devices on this rig

Code: Select all

2}.\\?\hdaudio#func_01&ven_1102&dev_0011&subsys_11020027&rev_1009#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\lineoutextopo/00010001|\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe\Solitaire.exe%b{00000000-0000-0000-0000-000000000000}
The "\\?\" string means "disable all string parsing and to send the string that follows it straight to the file system."


The following group of keys:

Code: Select all

HKEY_USERS\S-1-15-abc...xyz\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\000340019E4ED1FE\Registrar\Data\Registered\packagestate-microsoft.microsoftedge_8wekyb3d8bbwe-0
HKEY_USERS\S-1-15-abc...xyz\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData\SubscribedCollections\windowspackagesettings-notifications-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe
HKEY_USERS\S-1-15-abc...xyz\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData\SubscribedCollections\windowspackagesettings-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe
HKEY_USERS\S-1-15-abc...xyz\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData\SubscribedCollections\packagestate-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe-0
Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\000340019E4ED1FE\Registrar\Data\Registered\packagestate-microsoft.microsoftedge_8wekyb3d8bbwe-0
Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData\SubscribedCollections\windowspackagesettings-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe
Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData\SubscribedCollections\packagestate-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe-0
All have subkeys like: ChannelSettingsWLSSubscriptionId with value WLS_SubscriptionId_<my-subscription-id> and ChannelSettingsWLSSubscriptionUri with value:

Code: Select all

https://bn1304.storage.live.com/mydata/windows/settings/packagestate-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe-0?NotificationSubscriptions(WLS_SubscriptionId_<my-subscription-id>)
More about this bn1304 domain here.



Checking out the "App" suffix with the bang next, when the key was first added to the registry, was the literal "App" intended as the value for the key?

Code: Select all

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App
HKEY_USERS\S-1-15-abc...xyz\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App
"Mr. BreakIt" up to his tricks again as the channelID and channelUri subkeys have "Chinese" character fields, as is the case with other keys like

Code: Select all

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!<some_24_hex> edrop_service
etc.
Of interest is that every sequence of Chinese characters is unique to each set of keys allocated per App. How so? By searching the registry for binary character strings- a frequent pastime.

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\50
Caching by the little known SRS.

Not much to be gleaned from the following values of the subkey of _IndexKeys:
Application\833\50
UserAndApplication\2^833
UserAndApplicationUserModelId\2^Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App\50

The following key ends with a dynamic three digit reference: REF, and the values of subkey _IndexKeys contain another 4 digit hex ref: REF4
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Protocol\Data\REF
Extension\REF4\REF
Name\microsoftsolitairecollection\REF
NameAndExtension\microsoftsolitairecollection^REF4
ProgID\AppX1yprbth8spa55n2rc6zbh6tc1kr1tf5h\REF
The above, and all the keys in here are have the "^"REF4 suffix:

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Protocol\Index\NameAndExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Protocol\Index\NameAndExtension\microsoftsolitairecollection^REF4 
The "^" usually precedes a REG_EXPAND_SZ string, was it ever escaped in the implementation?

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache
This key contains a numerical subkey with the following value:
{"FulfillmentData":"{\"ProductId\":\"9WZDNCRFHWD2\",\"SkuId\":\"0010\",\"PackageFamilyName\":\"Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\",\"WuCategoryId\":\"1a36fd17-5161-4651-ae2d-13384e427ea8\"}"}
FulfillmentData? A fulfillmemento and a mystery.



Decompiling Microsoft.Advertising.dll with ILSpy and ildasm (with Visual Studio).

The response from ILSpy: "PE file does not contain any managed metadata," from ildasm: "no valid clr header"

Same responses when decompiling Microsoft.Apps.Stubs.Handoff.dll

For the winmd files, the output from this command is attached to this post:

Code: Select all

ildasm "C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_VERSION_NUMBER_x64__8wekyb3d8bbwe\Microsoft.Apps.Stubs.Handoff.winmd" /out="c:\users\new\desktop\Handoff_winmd.rtf" /rtf

[The extension rtf has been deactivated and can no longer be displayed.]

Hmmm is that bot handoff? From Transition Conversations, "A handoff status event is sent to the bot by the agent hub"
What's the deal? Get a bot chat in MS Solitaire over a bad deal, with a distant prospect of human interaction. Great!

As it is still a stub, the attached output doesn't present anything like what one would term directly usable, for example, the content in this enum_class.

Find a similar attachment to this post for solitaire_winmd.

[The extension rtf has been deactivated and can no longer be displayed.]

And the log for ILSpy:
IlSpy_Solitaire.log
(33.67 KiB) Downloaded 23 times

Extra info relating to WinRT (Lexikos has covered the most relevant areas linked above):
Getting started with XLang and WinRT
"This winmd parser powers C++/WinRT"
Microsoft Interface Definition Language 3.0

A recent update before posting introduced more files to the folders, mainly of the winmd type.

Go to the Microsoft.Advertising subfolder to find javascript files containing code that looks as if it directs the streaming of the ads, ormma features large.
The file vpaid.js contains code that links with up with the ADSDK of renown, there's a forum for that.

The file VungleSDK.winmd indicates Microsoft's relations with the "vungle" ad network. (You know, when it comes to learn@Microsoft, it's a blackboard vungle out there!)

Prior to the cessation of the exploring, navigated to C:\Users\New\AppData\Local\Microsoft Games\Solitaire, to catch up with some old file relics, SolitaireSettings.xml and windowprefs.xml.
Given the age of the rig, there was no shortage of opportunity for MS updates to remove the files from the location. In the meantime, they are quietly waiting for the opportunity to be submitted to a museum of old files.


Having journeyed through the system to uncover the mysteries of Solitaire ads, we have only ended up with a very incomplete set of pieces to the jigsaw puzzle. The reasons why the ads don't play might be found somewhere above, if not, related to something mentioned above, if not, they are yet to be uncovered!

Perhaps the answers are in the cards themselves, who knows? More the reason to hit the start button for Solitaire and deal 'em up once again! :monkeysee:
:arrow: itros "ylbbub eht tuO kaerB" a ni kcuts m'I pleH

Return to “General Discussion”