Showing archive results for 2013

No threading, just return addresses.

This question was inspired by an actual customer question, but I changed a lot of it around to make for a more interesting story. (Trust me, the original story was even more boring.) A customer's background thread posted a message to the main UI thread to signal something (details not important). They found that the posted message was never rece...

From Windows XP to Windows 7, the Start menu showed the programs it thinks you've run most frequently, by employing a conceptually simple but complicated-in-practice algorithm. You can right-click an item on the menu and select Remove from this list. What exactly does this option do? Does it reset the points back to zero, or does it ban...

A friend of mine told me about a project he worked on two decades (and three employers) ago. Let's call it Project Nosebleed. Their project used a client-managed database: You have a central file server that houses the database files, which were in a proprietary file format that only the clients understood. All the client applications open the data...

Today, I'm turning it around: This is a dream that one of my friends had about me! She dreamed that she took her camera to school to take some pictures, possibly for the yearbook. She was somewhat surprised to discover that I was the new preschool teacher. When she popped in to my classroom to get a couple of pictures of me, she wasn't able to ta...

The most popular work visa in the United States is the H1-B visa. But have you looked at its official name? H-1B Specialty Occupations, DOD Cooperative Research and Development Project Workers, and Fashion Models (Today is Labor Day, a holiday in the United States which celebrates the end of summer. Not really, but that's what it has turned int...

We saw some time ago that the x64 calling convention in Windows reserves space for the register parameters on the stack, in case the called function wants to spill them. But can the called function use the memory for other purposes, too? You sort of already know the answer to this question. Consider this function: How would a naïve comp...

A customer wanted to know how to detect that the user has opened Notepad to view a particular file. They had come up with method based on polling and sniffing the Notepad title bar, but they found that it consumed a lot of CPU. (They hadn't noticed yet that it doesn't localize, and that it can trigger false positives since Notepad shows only the fi...

Continuing the highly-sporadic series of Win32 resource formats, today we'll look at the format of resources, which are declared in resource files as . Also the format of custom resources, which are declared in resource files by just giving the custom resource name or ordinal as the second word on the declaration. The format is very simple: It's ...

When troubleshooting a problem, you may discover that a file is being modified that shouldn't, and you figure out would be nice if there were some way of finding out which process is modifying the file (so you can get it to stop). Enter the security auditing system. Every securable object has an associated system access control list (SACL) which ...