These all used to have hyperlinks. MSDN's web site has changed their URLs around so many times that I've given up trying to keep with them.
Given the date, It's easy enough to locate them on MSDN's site.
An overview of the new symbol and type APIs in DBGHELP 5.1 which ships with Windows XP. Includes WheatyExceptionReport, which is an update version of my MSJExceptionHandler code from a few years back. Basically, this is a class that you just drop into your C++ based program. When an exception occurs, the code gets control, and writes out a report. The report includes the names and values of each parameter and local variable in the faulting thread's stack. The report also includes the names and values of all global variables.
An overview of the .NET profiling APIs. These APIs aren't just for profilers! They provide an incredible level of detail about the .NET runtime as it operates. At the end, I present a sample profiler (DNProfiler) that logs the workings of a .NET process as it executes.
TypeRefViewer: A WinForms program that mixes the reflection and unmanaged .NET metadata APIs to show the "imported APIs" of a .NET executable. Also shows VC.NET calling COM interfaces without using TlbImb.
Vectored Exception Handling. Windows XP has a cool new feature that lets you handle exceptions differently than Structured Exception Handling (try/catch) blocks.
Part II of my overview of IA64 (Itanium) parameter passing and calling conventions.
First of a two part overview of IA64 (Itanium) parameter passing and calling conventions.
MetaViewer: A C# application that uses WinForms and the System.Reflection classes to show the metadata in an assembly graphically. Shows some things that ILDasm doesn't.
LIBCTINY, take II. Awhile back, I presented the code for a stripped down version of the Visual C++ runtime library that allowed you to create very small (~2KB) executables. Since then, I've updated the code to handle some additional cases. Specifically, using LIBCTINY with DLLs, and basic support for C++ static constructors/destructors. Also in this column, I describe why the default executables produced by VC++ are so large, and a linker switch that can help create smaller executables.
An introduction to the Global Pointer on Win64/IA64. Load module global pointers and the associated PLABEL_DESCRIPTOR data structures are an area where Win64 differs significantly from Win32 on the x86 architecture. Knowing about the global pointer now will help you design and implement code today that will port more easily to the IA64.
How I started out in Visual Interdev and ended up in SoftIce. This was not supposed to happen! This column recounts my saga in trying to get a simple web based program up and running. Along the way, I highlight mistakes I made and ways I could have improved the debugging process in retrospect. Also points out the "gotchas" I encountered in various Visual Studio tools and Windows 2000.
Happy 10th Birthday, Windows! This month is the 10 year anniversary of Windows 3.0 hitting the scene. This column compares the state of windows programming then and now.
LoadTimeTest. An in-depth measurement of exactly how much basing, binding, and other techniques can improve your load time. A sample program (DelayLoadTest) puts a decent load on the Win32 loader. A separate program (DelayLoadTimer) uses precision measuring techniques to show you how much of an improvement you can expect from basing, binding, and importing by ordinal.
DelayLoadProfile. Another look at /DELAYLOAD and its benefits. DelayLoadProfile is the associated tool that helps find candidate DLLs to use /DELAYLOAD with. Includes the CDebugInjector class which uses a debug loop to inject a DLL into the address space of another process.
MemDiff. A library for helping to determine where your process is using memory. Snapshots let you see what changed between arbitrary points in your code. Covers working sets in Windows NT, and PSAPI.DLL.
An in-depth investigation of the Windows NT loader code that invokes the entry points of DLLs. Includes pseudocode for LdrpRunInitializeRoutines, and hints for how to use this knowledge when debugging. Also covers the NT GlobalFlag.
Under the Hood of client database layers. There's many different technologies for accessing enterprise databases: ODBC, RDO, DAO, ODBCDirect, OleDB, ADO, and so on. This column explains how these technologies relate to and are often built atop one another.
CoClassSyms CodeView generation DLL. This column accompanies an article "Improve Your Debugging by Generating Symbols from COM Type Libraries" which appears in the same issue. The code in this colum shows how to write a simple .DBG file with CodeView symbols.
An overview of the DelayLoad implementation from the Visual C++ 6.0 linker. This feature lets you link against APIs in a DLL, but not have the operating system resolve the reference until you actually use the function. Great for use when calling APIs that may not be supported on all Win32 platforms.
ModuleList: A program that displays all DLLs loaded in the system, matched up with the executables that have loaded the DLLs. This program works under both Windows NT and Windows 95/98. Separate DLL enumeration functions which use the TOOLHELP32 and PSAPI APIs show how to code for multiple Win32 platforms.
An investigation into VDMDBG.DLL, along with an overview of NTVDM and 16 bit applications. VDMDBG.DLL allows a Win32 program to see inside the virtual machines that 16 bit programs run in under NT. A sample program, VDMDBGDemo shows some of the VDMDBG.DLL APIs, including how to list the running 16 bit task in an NTVDM session (like Task Manager does).
An overview of C++ data types in relation to the upcoming 64 bit Windows NT.
Part II of "Matt's Just Enough Assembly Language To Get By" column. In this column, I cover some instructions that I missed in my February 1998 column. I also explain some instructions that commonly fault, and what to look for while in a debugger. This column builds heavily upon the contents of the February 1998 column.
In this column, I describe the fundamentals of PDH.DLL (Performance Data Helper) from a C++ perspective. This DLL from Microsoft provides an API for getting at NT performance data very easily. It builds upon my overview of PDH.DLL from the March 1998 column (see below.)
LibDump: A tool for intelligently displaying the contents of COFF format .LIB files (which are what Microsoft tools use). The column begins with a discussion of contents and structures of .LIB files. Along the way, you'll see how import libraries allow a DLL's APIs to be imported by name, or by ordinal. GUID import libraries (such as UUID.LIB) are also covered.
PDH_VBDemo: In this column, I describe the fundamentals of PDH.DLL (Performance Data Helper). This DLL from Microsoft provides an API for getting at NT performance data very easily. PDH.DLL even provides APIs that are easily callable from Visual Basic. The sample program, PDH_VBDemo is written in VB 5.0, and continuously updates a display with selected and predefined counter values.
"Matt's Just Enough Assembly Language To Get By" column. Think of it as a cram course in Intel x86 assembly language, with all of the esoteric stuff omitted. At the end, I present the assembler code for a typical C++ procedure, and show how its operations can be inferred by the instructions covered previously.
DlgDump: A program that detects dialog controls that are intentionally hidden or invisible. Along the way, I develop a set of useful classes for easily accessing resources in PE files. The code also shows how to navigate through the twisted mess of a dialog template.
An in-depth look at how Windows NT supports ANSI, in addition to it's native Unicode. (You've probably thought about it the other way: that NT supports Unicode.) After showing the system code that implements ANSI support, several examples of APIs using ANSI strings are dissected. Finally, a program to benchmark the ANSI APIs vs. their Unicode equivalents is presented. The results are shocking, and may convince you that Unicode is the way to go.
PEDIFF: A program that lets you easily compare the exported functions from two different PE files. Also demonstrates some additional IMAGEHLP APIs that I haven't previously covered. This utility was originally written for my use in researching NT 5.0 for my November 1997 article.
A discussion of exceptions under Win32. How the Intel CPU exception codes (e.g., exception 0Dh) map to Win32 exception numbers (e.g., 0xC0000005). A small program to generate nearly all Win32 exceptions (including the hard to reproduce floating point exceptions) is included.
WinInetSpy: A replacement WININET.DLL that lets you monitor internet transactions made by users of WININET.DLL. The underlying purpose is to see how Internet Explorer 3.0 communicates with sites such as stock quote servers. The spy monitor program is written in VB5, and demonstrates using Win32 mailslots for interprocess communication.
EZPE: A program that demonstrates easy access to information about a PE executable and its symbols. The program shows how to use the IMAGEHLP APIs to easily acesss data structures in an executable, as well as enumerate through its debug symbols. Also describes the IMAGEHLP C++ name undecoration APIs.
An overview of how linkers work. Goes over what's in an OBJ file, and the rules that the linkers use to create executables from a collection of OBJs. Also describes where .LIB files fit into the picture. Finally, discusses how the imports and exports sections of an executable are created by the linker
MouseWheel: A look at programming the Microsoft Intellimouse (highly recommended!), and a utility that adapts it to existing programs (such as your editor, IDE, online help etc...)
A look at common types of debug information and symbol table formats. Also, using the IMAGEHLP.DLL functions to walk the stack and access symbol tables. A continuation of the previous month's column on catching and writing a report for an unhandled exception.
MSJExceptionHandler: A framework for catching and generating reports when an unhandled exception occurs. Also shows how to directly walk an Intel CPU based call stack. The framework is extended in the next month's column.
An in-depth look at the Windows NT implementation of DispatchMessage. Also, describes how the WM_TIMER message is handled specially, and quirks with timers.
DEPENDS: A Win32 DLL dependency file listing program. Given an executable file, it lists all DLLs that will also be required to load it. Also gives version information and time/date information for a file. Describes the TimeDateStamp field that occurs throughout PE files.
An examination of the semi-undocumented NtQueryInformationProcess API, found in NT. This API provides a wealth of information about a running process. A sample program that uses the API in its various permuations is included.
Back to Wheaty.NET Main Page