Matt Pietrek - Recent MSDN Magazine Columns

These all used to have hyperlinks. MSDN's web site has changed their URLs around so many times that I've given up trying to keep with them.

Given the date, It's easy enough to locate them on MSDN's site.

March 2002

An overview of the new symbol and type APIs in DBGHELP 5.1 which ships with Windows XP.  Includes WheatyExceptionReport, which is an update version of my MSJExceptionHandler code from a few years back.  Basically, this is a class that you just drop into your C++ based program.  When an exception occurs, the code gets control, and writes out a report.  The report includes the names and values of each parameter and local variable in the faulting thread's stack.  The report also includes the names and values of all global variables.

December 2001

An overview of the .NET profiling APIs.  These APIs aren't just for profilers!   They provide an incredible level of detail about the .NET runtime as it operates.   At the end, I present a sample profiler (DNProfiler) that logs the workings of a .NET process as it executes.

November 2001

TypeRefViewer: A WinForms program that mixes the reflection and unmanaged .NET metadata APIs to show the "imported APIs" of a .NET executable.  Also shows VC.NET calling COM interfaces without using TlbImb.

September 2001

Vectored Exception Handling.  Windows XP has a cool new feature that lets you handle exceptions differently than Structured Exception Handling (try/catch) blocks.

July 2001

Part II of my overview of IA64 (Itanium) parameter passing and calling conventions.

June 2001

First of a two part overview of IA64 (Itanium) parameter passing and calling conventions.

March 2001

MetaViewer: A C# application that uses WinForms and the System.Reflection classes to show the metadata in an assembly graphically.  Shows some things that ILDasm doesn't.

January 2001

LIBCTINY, take II.  Awhile back, I presented the code for a stripped down version of the Visual C++ runtime library that allowed you to create very small (~2KB) executables.  Since then, I've updated the code to handle some additional cases.  Specifically, using LIBCTINY with DLLs, and basic support for C++ static constructors/destructors.   Also in this column, I describe why the default executables produced by VC++ are so large, and a linker switch that can help create smaller executables.

November 2000

An introduction to the Global Pointer on Win64/IA64.  Load module global pointers and the associated PLABEL_DESCRIPTOR data structures are an area where Win64 differs significantly from Win32 on the x86 architecture.  Knowing about the global pointer now will help you design and implement code today that will port more easily to the IA64.

September 2000

How I started out in Visual Interdev and ended up in SoftIce.  This was not supposed to happen!  This column recounts my saga in trying to get a simple web based program up and running.  Along the way, I highlight mistakes I made and ways I could have improved the debugging process in retrospect.  Also points out the "gotchas" I encountered in various Visual Studio tools and Windows 2000.

July 2000

Happy 10th Birthday, Windows!  This month is the 10 year anniversary of Windows 3.0 hitting the scene.  This column compares the state of windows programming then and now.

May 2000

LoadTimeTest.  An in-depth measurement of exactly how much basing, binding, and other techniques can improve your load time.  A sample program (DelayLoadTest) puts a decent load on the Win32 loader.  A separate program (DelayLoadTimer) uses precision measuring techniques to show you how much of an improvement you can expect from basing, binding, and importing by ordinal.

February 2000

DelayLoadProfile.  Another look at /DELAYLOAD and its benefits.  DelayLoadProfile is the associated tool that helps find candidate DLLs to use  /DELAYLOAD with.  Includes the CDebugInjector class which uses a debug loop to inject a DLL into the address space of another process.

November 1999

MemDiff.  A library for helping to determine where your process is using memory.  Snapshots let you see what changed between arbitrary points in your code.  Covers working sets in Windows NT, and PSAPI.DLL.

September 1999

An in-depth investigation of the Windows NT loader code that invokes the entry points of DLLs.  Includes pseudocode for LdrpRunInitializeRoutines, and hints for how to use this knowledge when debugging.  Also covers the NT GlobalFlag.

June 1999

Under the Hood of client database layers. There's many different technologies for accessing enterprise databases: ODBC, RDO, DAO, ODBCDirect, OleDB, ADO, and so on. This column explains how these technologies relate to and are often built atop one another.

March 1999

CoClassSyms CodeView generation DLL. This column accompanies an article "Improve Your Debugging by Generating Symbols from COM Type Libraries" which appears in the same issue. The code in this colum shows how to write a simple .DBG file with CodeView symbols.

December 1998

An overview of the DelayLoad implementation from the Visual C++ 6.0 linker. This feature lets you link against APIs in a DLL, but not have the operating system resolve the reference until you actually use the function. Great for use when calling APIs that may not be supported on all Win32 platforms.

September 1998

ModuleList: A program that displays all DLLs loaded in the system, matched up with the executables that have loaded the DLLs. This program works under both Windows NT and Windows 95/98. Separate DLL enumeration functions which use the TOOLHELP32 and PSAPI APIs show how to code for multiple Win32 platforms.

August 1998

An investigation into VDMDBG.DLL, along with an overview of NTVDM and 16 bit applications. VDMDBG.DLL allows a Win32 program to see inside the virtual machines that 16 bit programs run in under NT. A sample program, VDMDBGDemo shows some of the VDMDBG.DLL APIs, including how to list the running 16 bit task in an NTVDM session (like Task Manager does).

July 1998

An overview of C++ data types in relation to the upcoming 64 bit Windows NT.

June 1998

Part II of "Matt's Just Enough Assembly Language To Get By" column. In this column, I cover some instructions that I missed in my February 1998 column. I also explain some instructions that commonly fault, and what to look for while in a debugger. This column builds heavily upon the contents of the February 1998 column.

 May 1998

In this column, I describe the fundamentals of PDH.DLL (Performance Data Helper) from a C++ perspective. This DLL from Microsoft provides an API for getting at NT performance data very easily. It builds upon my overview of PDH.DLL from the March 1998 column (see below.)

April 1998

LibDump: A tool for intelligently displaying the contents of COFF format .LIB files (which are what Microsoft tools use). The column begins with a discussion of contents and structures of .LIB files. Along the way, you'll see how import libraries allow a DLL's APIs to be imported by name, or by ordinal. GUID import libraries (such as UUID.LIB) are also covered.

March 1998

PDH_VBDemo: In this column, I describe the fundamentals of PDH.DLL (Performance Data Helper). This DLL from Microsoft provides an API for getting at NT performance data very easily. PDH.DLL even provides APIs that are easily callable from Visual Basic. The sample program, PDH_VBDemo is written in VB 5.0, and continuously updates a display with selected and predefined counter values.

February 1998

"Matt's Just Enough Assembly Language To Get By" column. Think of it as a cram course in Intel x86 assembly language, with all of the esoteric stuff omitted. At the end, I present the assembler code for a typical C++ procedure, and show how its operations can be inferred by the instructions covered previously.

January 1998

DlgDump: A program that detects dialog controls that are intentionally hidden or invisible. Along the way, I develop a set of useful classes for easily accessing resources in PE files. The code also shows how to navigate through the twisted mess of a dialog template.

December 1997

An in-depth look at how Windows NT supports ANSI, in addition to it's native Unicode. (You've probably thought about it the other way: that NT supports Unicode.) After showing the system code that implements ANSI support, several examples of APIs using ANSI strings are dissected. Finally, a program to benchmark the ANSI APIs vs. their Unicode equivalents is presented. The results are shocking, and may convince you that Unicode is the way to go.

November 1997

PEDIFF: A program that lets you easily compare the exported functions from two different PE files. Also demonstrates some additional IMAGEHLP APIs that I haven't previously covered. This utility was originally written for my use in researching NT 5.0 for my November 1997 article.

October 1997

A discussion of exceptions under Win32. How the Intel CPU exception codes (e.g., exception 0Dh) map to Win32 exception numbers (e.g., 0xC0000005). A small program to generate nearly all Win32 exceptions (including the hard to reproduce floating point exceptions) is included.

September 1997

WinInetSpy: A replacement WININET.DLL that lets you monitor internet transactions made by users of WININET.DLL. The underlying purpose is to see how Internet Explorer 3.0 communicates with sites such as stock quote servers. The spy monitor program is written in VB5, and demonstrates using Win32 mailslots for interprocess communication.

August 1997

EZPE: A program that demonstrates easy access to information about a PE executable and its symbols. The program shows how to use the IMAGEHLP APIs to easily acesss data structures in an executable, as well as enumerate through its debug symbols. Also describes the IMAGEHLP C++ name undecoration APIs.

July 1997

An overview of how linkers work. Goes over what's in an OBJ file, and the rules that the linkers use to create executables from a collection of OBJs. Also describes where .LIB files fit into the picture. Finally, discusses how the imports and exports sections of an executable are created by the linker

June 1997

MouseWheel: A look at programming the Microsoft Intellimouse (highly recommended!), and a utility that adapts it to existing programs (such as your editor, IDE, online help etc...)

May 1997

A look at common types of debug information and symbol table formats. Also, using the IMAGEHLP.DLL functions to walk the stack and access symbol tables. A continuation of the previous month's column on catching and writing a report for an unhandled exception.

April 1997

MSJExceptionHandler: A framework for catching and generating reports when an unhandled exception occurs. Also shows how to directly walk an Intel CPU based call stack. The framework is extended in the next month's column.

March 1997

An in-depth look at the Windows NT implementation of DispatchMessage. Also, describes how the WM_TIMER message is handled specially, and quirks with timers.

February 1997

DEPENDS: A Win32 DLL dependency file listing program. Given an executable file, it lists all DLLs that will also be required to load it. Also gives version information and time/date information for a file. Describes the TimeDateStamp field that occurs throughout PE files.

January 1997

An examination of the semi-undocumented NtQueryInformationProcess API, found in NT. This API provides a wealth of information about a running process. A sample program that uses the API in its various permuations is included.

Back to Wheaty.NET Main Page