The Old New Thing
Practical development throughout the evolution of Windows.
Latest posts
There's also a large object heap for unmanaged code, but it's inside the regular heap
Occasionally, a customer will ask for assistance explaining some strange heap behavior, or at least heap behavior that appears to be strange if you assume that the heap behaves purely classically. I need to understand the heap behavior we're seeing. I have a sample program which allocates five blocks of memory from the process heap, each of size 100 bytes. When we dump the heap blocks with the command, we find that all of them belong to the same heap segment, and when we do a , we find that they all live on the same page. On the other hand, if we allocate five blocks of size 512KB, then we find that each one...
Appearing to succeed is a valid form of undefined behavior, but it's still undefined
A customer requested a clarification on the MSDN documentation for the function. The MSDN documentation says that if the parameter is , then the behavior is undefined. Is this true? As explicitly stated in MSDN, the behavior is undefined. Observe that the annotation on the parameter is , which means that the parameter must be a non- value provided by the caller. (If were permitted, the annotation would have been .) Undefined behavior means that anything can happen. The program might crash immediately. It might crash five minutes later. It might send email to your boss saying that you screwed up and t...
Does this operation work when impersonating? The default answer is NO
Impersonation requires end-to-end support.
Ah, the exciting world of cross-forest dogfood
The Windows group has its own domain (known as for historical reasons) which operates separately from the domain forest operated by the Microsoft IT department. Various trust relationships need to be set up between them so that people on the Windows team can connect to resources managed by the Microsoft IT department and vice versa, but it generally works out okay. There are some glitches, but that's the price of dogfood. What better way to make sure that Windows works well in a cross-forest environment than by putting the entire Windows division in its own domain separate from the rest of the company? ...
Sending a window a WM_DESTROY message is like prank calling somebody pretending to be the police
A customer was trying to track down a memory leak in their program. Their leak tracking tool produced the stacks which allocated memory that was never freed, and they all seemed to come from , which is a DLL that comes with Windows. The customer naturally contacted Microsoft to report what appeared to be a memory leak in Windows. I was one of the people who investigated this case, and the customer was able to narrow down the scenario which was triggering the leak. Eventually, I tracked it down. First, here's the thread that caused the leak: This thread creates an invisible window whose job is to do somethin...
Why does my asynchronous I/O complete synchronously?
A customer was creating a large file and found that, even though the file was opened with and the call was being made with an structure, the I/O was nevertheless completing synchronously. Knowledge Base article 156932 covers some cases in which asynchronous I/O will be converted to synchronous I/O. And in this case, it was scenario number three in that document. The reason the customer's asynchronous writes were completing synchronously is that all of the writes were to the end of the file. It so happens that in the current implementation of NTFS, writes which extend the length of the file always complete s...
Why does my single-byte write take forever?
A customer found that a single-byte write was taking several seconds, even though the write was to a file on the local hard drive that was fully spun-up. Here's the pseudocode: The customer experimented with using asynchronous I/O, but it didn't help. The write still took a long time. Even using (and writing full sectors, naturally) didn't help. The reason is that on NTFS, extending a file reserves disk space but does not zero out the data. Instead, NTFS keeps track of the "last byte written", technically known as the valid data length, and only zeroes out up to that point. The data past the valid data le...
Why do Windows functions all begin with a pointless MOV EDI, EDI instruction?
For future use.
Random notes from //build/ 2011
Here are some random notes from //build/ 2011, information of no consequence whatesoever. A game we played while walking to and from the convention center was spot the geek. "Hey, there's a guy walking down the street. He's wearing a collared shirt and khakis, with a black bag over his shoulder, staring into his phone. I call geek." One of the stores on Harbor Boulevard has the direct-and-to-the-point name Brand Name Mart, or as it was known at night (due to burnt-out lights) Bra d N Mart. In the room where the prototype devices were being han...