Browse by Tags
All Tags »
Internals (
RSS)
Microsoft has released an update Windows Driver Kit (WDK) a few days ago, but with a new twist: The Debugging Tools for Windows are now bundled with the WDK and are no longer available as a free (and easy) download. The WDK is only available to MSDN subscribers and via the Microsoft Connect web site. This doesn’t make sense to me. Although WinDbg and friends are essential in the device driver world, they are just as important in the user mode world. I hope Microsoft reverts this decision and will...
Last night I delivered a session entitled “Writing Software Device Drivers on Windows” in the Windows Platform Developers user group . I gave a “crash course” of 1.5 hours on writing a driver that allows me to execute code within the kernel to do things that are not possible from user mode. Thank you all for coming and for the great feedback! I’ve attached the presentation and the demo code, including the driver code, the installer and the client application. Note that to compile successfully with...
The next meeting will be held on March 23rd, at Microsoft Offices. This is the planned agenda: 17:00-17:30 Gathering 17:30-17:40 – MVP Summit impressions 17:40-18:55 Title: Developing connectivity based products (Bluetooth, Wireless-LAN and GPS) in complex environment – Alon Haze Project management and Software development for Bluetooth, Wireless-LAN and GPS for the handsets market is challenging. The environment is built from demanding cellular customers with strict requirements for low cost, low...
The famous CreateProcess function may fail with an access violation. For example, this innocent looking code causes a crash: STARTUPINFO si = { sizeof ( si ) }; PROCESS_INFORMATION pi ; CreateProcess (0, _T ( "notepad" ), 0, 0, FALSE , 0, 0, 0, & si , & pi ); What’s wrong with this code? Apparently nothing. The key here is that CreateProcess is not actually a function at all, but a macro that’s expanded to CreateProcessA or CreateProcessW depending a compile...
Local kernel debugging is the ability to view kernel data structures in a live system (i.e. not connecting to a target system through a null cable modem or USB or other alternatives), and is supported since Windows XP. This is a great way to explore windows on its darker side (the kernel and related subsystems) with all its mysteries and secrets. With Windows XP, starting local kernel debugging is pretty easy. Just fire up WinDbg (or kd for that matter), select from the menu File->Kernel Debug...
When Windows media player (WMP) is open, any attempt to open it again simply reactivates the existing WMP window. WMP is running as a single instance. It uses a relatively well known methods for this, creating a named mutex on startup and seeing if it already exists (by calling GetLastError and comparing with ERROR_ALREADY_EXISTS ). WMP uses a mutex called "Microsoft_WMP_70_CheckForOtherInstanceMutex" and this name seems to be consistent between WMP versions (at least starting from Windows...
When creating threads, we don’t usually think of its stack size. In the native world, the CreateThread function accepts a stack size (second argument) which we usually pass as 0. In the managed world, the Thread class exposes a pair of constructors expecting a stack size argument (which I was reminded by a comment). Why is this important? Creating threads has its costs. This is not only the added work the Windows scheduler must undertake or the data structures that must be allocated in the kernel...
I’ll be teaching next week (starting from the 16th) a five day course (split) entitled “The C# 3.0 programming language” on .NET and C# fundamentals. On the 18th of this month, I’ll do an open house at Microsoft on C# 3.0 and LINQ (same thing I did a few months back at Air Force house, so if you were there, no need to come again – unless you really like the food). You can register here . On March 1st, I’ll be teaching my Windows Internals class (for developers) on the (obviously) internals of the...