What are these ghost drivers named dump_diskdump.sys and other dump_*.sys...
Run Process Explorer with administrative privileges, select Options, Verify Signatures, pick the System process, then open the DLL view. In that view, you'll find some drivers with names like...
View ArticleWhat exactly does the msWindowLength parameter to SetThreadpoolTimer mean?
A customer was looking for clarification on the msWindowLength parameter to the SetThreadpoolTimer function. msWindowLength [in, optional] The maximum amount of time the system can delay before...
View ArticleDecoding the parameters of a thrown C++ exception (0xE06D7363), revisited
When I explained hwo to decode the parameters of a thrown C++ exception, I noted that the mysterious second parameter at index 1 "is a pointer to the object being thrown (sort of)." I've since learned...
View ArticleDoes the page table entry really have a sad-face for pages that are reserved?
Commenter Mc asked whether the memory manager really uses the Unicode sad face emoticon to represent not-present pages, or whether it just uses some boring sentinel value like −1. This is actually an...
View ArticleIt’s an unfortunate choice of data type for the file system redirection cookie
If you want to disable 64-bit file system redirection, you call the Wow64DisableWow64FsRedirection function. This function gives you a cookie. When you are finished, you call...
View ArticleThe social skills of a thermonuclear device: Ruining a conversation
On an internal distribution list that a bunch of Microsoft bloggers hang out on, somebody asked a question about how to accomplish X, and another person suggested using the Y plug-in. I replied to the...
View ArticleThe case of the system() call that returned before finishing
A customer was having trouble with some code that copies a bunch of files and then processes the copy. Here's the code they shared (suitably redacted): // copy the files char command[512] = {NULL};...
View ArticleDither me this
For some reason, the Internet got all excited about dithering a few months ago, linking primarily to this article about elevent dithering algorithms. (Here's another article about dithering.) Which...
View ArticleWhen you break into a user-mode application in the kernel debugger, how do...
If you need to transfer control from one user-mode debugger to another, you can use a non-invasive debugger as a bridge. But what if you are broken into the kernel debugger, and you want to connect a...
View ArticleClik here to view.
It says that I should use USB usage page 1 and usage 6 to get raw keyboard...
Some time ago, I wrote about raw input and noted that if you want to receive raw keyboard input, you set the usage page to 1 and the usage to 6, noting that these numbers come from the USB HID...
View ArticleWhat’s up with Windows developer tools being written in perl?
Worf noticed that a number of developer tools are written in perl and wonders what's up with that. Simple: Perl is a socially-acceptable form of Visual Basic. In other words, just like how Visual...
View ArticleWhen can you free the memory backing the HSTRING you created with...
A little while back, I posted my complete guide to HSTRING semantics (a rip-off of Eric's complete guide to BSTR semantics). A discussion of security descriptor lifetime somehow triggered the question...
View ArticleThe lackey catastrophe
We encountered a real problem with global object destruction in Explorer. The object in question was an RAII container for a graphics object, so its destructor destroyed the graphics object. But the...
View ArticleWhen are global objects constructed and destructed by Visual C++?, redux
Today we're going to make some clarifications to this table, which came from an earlier article: When does it run? Constructor Destructor Global object in EXE C runtime startup code C runtime DLL...
View ArticleYou can register your child’s name in any language providing you use any...
As late as 2015, the rules in Northern Ireland regarding registering the birth of a baby [when the site asks, say you want the Mobile version] specify that "You can register your child's name in any...
View ArticleWow, that’s amazing. You got Picabo Street and Alberto Tomba to autograph the...
I've written about my colleague Danny some time ago. Danny is an accomplished skier, and for a time, he had a poster in his office that was a split-screen of Picabo Street and Alberto Tomba, and...
View ArticleClik here to view.
Why doesn’t my custom-drawn trackbar get a paint notification when the...
A customer reported that under certain conditions, their custom-drawn trackbar does not generate a NM_CUSTOMDRAW message. We have found that the trackbar control in the shell common controls library...
View ArticleHow do I cancel autoplay from a wizard page?
A customer wanted to suppress autoplay from their wizard. They looked at the documentation and followed the dialog procedure example in their own wizard page dialog procedure: // ... in the dialog...
View ArticleHow can I get the default code page for a locale?
A customer had an LCID and wanted to know what the code page is for that locale. For example, given locale 1033 (US-English), it should report that the code page is 1252 (Windows Latin 1). They need...
View ArticleClik here to view.
A Little Program to fix one particular type of mojibake
Has this ever happened to you? You're downloading your daughter's Chinese homework assignment, but the file name gets all up in your mojibake, and the results are nonsense. Time to do some...
View Article