Geoff Chappell

@geoffchappell

No photo. Just the website. That really is all there is to me!

Manhattan
Vrijeme pridruživanja: travanj 2018.

Tweetovi

Blokirali ste korisnika/cu @geoffchappell

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @geoffchappell

  1. 3. velj

    To get into this and other dusty old mysteries, I've broken my rule about pre-release software and looked at NT 3.1 betas. The Internet is dark and full of terrors, but its shadows hide junkyards that are invaluable if our technology's early history is to be accurately preserved.

    Prikaži ovu nit
    Poništi
  2. 3. velj

    Things I somehow never realised... Everyone who cares knows Windows NT 4.0 needs a BIOS option to run on too new a CPU else it crashes. They also know it crashes even on old CPUs from vendors that Microsoft didn't recognise as supporting cmpxchg8b. These crashes are one, not two.

    Prikaži ovu nit
    Poništi
  3. 12. sij

    Also in progress is , not easily connected with the other material. I haven't yet worked out how or where to present the kernel's own feature bits from the KPRCB. This topic sprawls everywhere. Writing up is never easy but this topic is unusually difficult.

    Prikaži ovu nit
    Poništi
  4. 12. sij

    The minefield of CPU feature detection by Windows re-attracted my attention. I've got barely further than staking the ground and now must stop for paid work. Some is old. Some is new. Some may even be news. All is uneven. If only I had more time! Start at .

    Prikaži ovu nit
    Poništi
  5. 3. stu 2019.

    As distraction from pulling together hundreds of pages on Windows memory management, I revisited some of the hundreds on system information. I wish I had the resources to do both thoroughly, but archaeology is oddly cathartic and must suffice for now. See .

    Poništi
  6. 15. lis 2019.

    For New Yorkers... The only way I see at to ask the MTA about the OMNY card's provisions for paying in cash and travelling anonymously is to "register an OMNY account" which requires agreement to the Privacy Policy. Am I alone to think this unsatisfactory?

    Poništi
  7. 13. lis 2019.

    Some months ago, in part because of a CFG bitmap bug (whose resolution I still haven't checked on), I got it into my head to tackle the fundamentals of Windows memory management yet again. Whatever it leads to, today's product perhaps stakes some ground: .

    Poništi
  8. 17. ruj 2019.

    Whenever I look over kernel code from old Windows versions, I'm fascinated by the programming style that has each exit from a function do whatever is thought necessary at that stage to clean up on the way out. Did the programmers really not see this style as begging for mistakes?

    Poništi
  9. 10. kol 2019.

    An immediate consequence is false positives because even if you the programmer do not use EncodePointer, the C Run Time (CRT) initialisation does, notably to support atexit. I don't say that EncodePointer is the only cause of false positives, just that it's a surprising omission.

    Prikaži ovu nit
    Poništi
  10. 10. kol 2019.

    That these leftovers are "potentially unreachable" seems a fair claim but there are caveats. A big one comes from the EncodePointer function. Microsoft presents this as "another layer of protection for pointer values" but evidently didn't bother to have "!heap -l" account for it.

    Prikaži ovu nit
    Poništi
  11. 10. kol 2019.

    It maps the heaps and scans all the process's other writable pages of virtual memory for pointers into heap blocks. It scans these "busy" blocks, which may discover more to scan, and so on. Leftover blocks may point among themselves but aren't pointed to from anywhere meaningful.

    Prikaži ovu nit
    Poništi
  12. 10. kol 2019.

    If it's your misfortune to debug a program whose heap use grows mysteriously, then it's some sort of start to look for heap blocks that the program seems to have lost track of and won't ever free. If that's what you're reduced to, then the "!heap -l" command is not without merit.

    Prikaži ovu nit
    Poništi
  13. 4. kol 2019.

    Yet I am surprised at my surprise that a bug check in a user-mode call to NtSetSystemInformation has as its ultimate cause that a kernel routine uses xmm6 (preserving on entry and exit) and a third-party driver cuts in and clears xmm6. The driver exists for "security", of course.

    Prikaži ovu nit
    Poništi
  14. 4. kol 2019.

    Hands up all you low-level Windows programmers who knew that 64-bit (amd64) code that changes xmm6 must restore it before returning? Of course that's all of you. We take it as granted. My own note on it, at the end of , leaves it as the compiler's business.

    Prikaži ovu nit
    Poništi
  15. 7. srp 2019.

    For better or worse, I've moved on to the User Server in WINSRV. Now, there's an interesting test of what a catalogue is worth. Listing these API numbers is at best marginal - not quite as pointless as for Nt/Zw calls - yet if done at all, it must of course do the early versions.

    Prikaži ovu nit
    Poništi
  16. 7. srp 2019.

    Better uses exist for a Sunday afternoon, but I have drafted lists of API routines, with API numbers and applicable versions, for three CSRSS servers, e.g., for BASESRV. Trouble is, there are discrepancies with 's lists from years ago. So, who knows?

    Prikaži ovu nit
    Poništi
  17. 4. srp 2019.

    Or I could care less. I've never understood what good ReactOS is for. If it's built with clean-room techniques, then why suppose its implementation is relevant to a study of Windows? If it's built by decompilation, then it exposes reverse engineering to the charge of stealing IP.

    Prikaži ovu nit
    Poništi
  18. 4. srp 2019.

    I too don't believe the claims of clean-room technique. But when I look at the ReactOS source code, e.g., because it turns up in a literature search, it doesn't scream "leaked source code". It's much more readily explained as de-compilation. We could devise some tests, of course.

    Prikaži ovu nit
    Poništi
  19. 4. srp 2019.

    Relatively recent kerfuffle, even. But also ignorant kerfuffle. Working with source code perhaps induces as natural thinking that source code is the one font of all knowledge, but this misses how much Microsoft leaves in the plain sight of binaries and (even public) symbol files.

    Prikaži ovu nit
    Poništi
  20. 30. lip 2019.

    Where my recent foray into CSRSS is headed, I don't know but starts pulling together some notes on the basic mechanism. I think it's already the Internet's most thorough description of CSR_CAPTURE_HEADER, though someone may soon tell me ReactOS has it all.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·