Why is the !locks command called !locks even though it debugs only critical...
Commenter DWalker07 notes that the !locks command is called !locks even though it doesn't actually debug all types of locks, only critical sections. Why the bad name? Because at the time it was...
View ArticleDebugging a GDI resource leak: Case study
I was asked to help debug a problem. A program was leaking GDI bitmaps like crazy, and after a while, the GDI resource handle count reached 9,999, at which point GDI said, "That's it, I'm cutting you...
View ArticleWhy doesn’t searching my Start menu with Cortana find Internet shortcuts in...
A customer had a program that installed a number of shortcuts to the Start menu. Among them were some Internet shortcut files, like "View Contoso User Guide" and "Get Online Support from Contoso". In...
View ArticleClik here to view.
What do these hard drive icons mean?
Here are the different icon adornments for hard drives that may appear in My Computer This PC. Adornment Meaning Windows logo (may be combined with other adornments) System drive. Locked padlock...
View ArticleSome questions about unflushed data and calling FlushFileBuffers on a new...
Consider the following sequence of events: Process A opens a file with CreateFile with attributes that include neither FILE_FLAG_NO_BUFFERING nor FILE_FLAG_WRITE_THROUGH. Process A writes to the file...
View ArticleDiagnosing why you cannot create a stable subkey under a volatile parent key
A customer encountered crashes in their program's initialization code. They weren't able to reproduce the problem in-house, but their failure logs suggested it was coming from here: var settingsKey =...
View ArticleWhy are hidden files with a leading tilde treated as super-hidden?
Open a command prompt and perform the following operations: C:> cd /d %USERPROFILE%\Desktop C:\Users\Bob\Desktop> echo 12345 > ~test.txt C:\Users\Bob\Desktop> attrib +h ~test.txt This...
View ArticleClik here to view.
Does DebugBreak work to launch the debugger, or doesn’t it?
Jorge asked why the DebugBreak function stopped working. Specifically, why it doesn't launch the Visual Studio debugger. Okay, first of all, the primary purpose of the DebugBreak function is not to...
View ArticleWhy isn’t the original window order always preserved when you undo an Aero...
A customer reported that when they used Aero Shake to minimize all the windows on their desktop, and then used it again to restore all the windows, the restored windows didn't always have exactly the...
View ArticleExtending our critical section based on WaitOnAddress to support timeouts
Let's take the critical section we constructed in terms of WaitOnAddress and add two new functions: TryEnterAltCs tries to enter the critical section if it is either available or is already owned...
View ArticleComparing WaitOnAddress with futexes (futexi? futexen?)
Linux has a synchronization primitive called a futex which is similar to Windows's WaitOnAddress in that both let you create a synchronization object out of nothing. (Well, okay, you need to set...
View ArticleHow likely is it that a window will receive a WM_NULL message out of the blue?
A customer discovered a bug in their control that resulted in a crash: LRESULT CALLBACK MyWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { ... default: if (uMsg ==...
View ArticleHow can I register a program to auto-relaunch if it crashes or is terminated?
A customer wanted a program that auto-relaunched itself if it crashes, or even is explicitly terminated by the user. They were wondering if there was a way to register such a program with the system....
View ArticleMicrospeak: ROB and Office Hours
At a team meeting, I was introduced to yet another acronym: ROB. This is spelled out rather than pronounced as a word. (So maybe it's not really an acronym? Whatever.) It was never actually stated in...
View ArticleOn enabling NX and ASLR for a module after the fact
A customer wanted to enable NX (also known as Data Execution Prevention, or DEP) and ASLR for some executables and DLLs. There are two ways of doing this: Enable the options at link time by passing...
View ArticleWhat will GetLastError() return after a failed InitOnceExecuteOnce?
The documentation for InitOnceExecuteOnce says If the function fails, the return value is zero. To get extended error information, call GetLastError. On the other hand, the documentation for the...
View ArticleThe case of the longjmp from nowhere trying to open a registry key
The crash telemetry team brought our attention to a bug a few weeks before the Creators Update was supposed to be released, and based on the high hit count of 3 million crashes in the past 30 days,...
View ArticleCreating a semaphore from WaitOnAddress
Some time ago, we explored creating various types of well-known synchronization objects from WaitOnAddress. Today we'll create a semaphore with no maximum token count. (Believe it not, I'm building...
View ArticleCreating a semaphore with a maximum count from WaitOnAddress
Last time, we created a simple semaphore from WaitOnAddress. That sempahore did not have a maximum token count. Let's add that. struct ALT_MAXSEMAPHORE { LONG TokenCount; LONG MaxTokenCount; }; void...
View ArticleCreating a manual-reset event from WaitOnAddress
Last time, we created a semaphore with a maximum count from WaitOnAddress. Related to semaphores are events, so let's do a manual-reset event. struct ALT_MEVENT { LONG State; }; void...
View Article