Wow, who knew. Well, apparently everyone else. Sigh…
Archive for the ‘Windows’ Category
Windows 7 Server == Windows Server 2008 R2
Tuesday, September 30th, 2008Interesting peek at Win7
Tuesday, October 23rd, 2007I’ve been hearing little anecdotes about Win7 for months now, but Ars has one of the better articles I’ve seen so far. Interesting:
Traut runs a team of about 200 software engineers at Microsoft that is responsible for the core kernel scheduling, memory management, boot sequence, and virtualization technology such as Virtual PC and Virtual Server. The latter technologies are becoming more and more important as servers get more powerful and gain more and more CPU cores, and it was clear from the demonstration that Microsoft is placing significant effort into integrating virtual machine technology into everything that they do.
As I’ve written before, I think a focus on (high-scale) multi-core will be a key to the OS’s success going forward. Anyway, check out the video linked from the article.
The return of err.exe
Tuesday, October 9th, 2007I’ve been working with Karin Meier-Magruder from the SDK team at Microsoft to get everyone’s favorite tool, err.exe, [re-]added to the PSDK. She’s working on getting it done, but meanwhile, as a special treat for Kernel Mustard readers, I have a newly updated err.exe ready for download. There’s a EULA inside the .zip that governs the tool’s use.
For those that haven’t used it before, the current err.exe indexes 22,851 error codes from 171 sources. Pass it a magic number from somewhere and it’ll make sense out of it!
Enjoy!
Please at least Authenticode-sign your drivers
Friday, June 15th, 2007I am a happy user of Parallels Desktop, which, for those that don’t keep up with this sort of thing, is virtual machine software for Mac. It’s a great product overall, although it has a few rough edges.
One of the rougher edges is the fact that their drivers are unsigned. I suspect they’re probably doing some unsignable things, but for Vista, there’s still a partial solution: Authenticode signing.
I’ve covered signing on this blog in the recent past, so I won’t re-hash the technical details again. But from the perspective of an end-user, I hate clicking all of those blood-red boxes. I even missed a click once and had to figure out how to fix it manually.
Authenticode doesn’t do much for downlevel platforms, but it can make a big, positive difference to end users on Vista and beyond.
Be careful with MmGetSystemRoutineAddress
Thursday, May 31st, 2007Bill McKenzie reported on NTDEV that he re-discovered a nasty crash bug in MmGetSystemRoutineAddress. Apparently, all versions of Windows XP and everything before Windows Server 2003 SP1 will bugcheck if they’re passed an invalid system routine name.
This bug is fixed in Vista and is scheduled for fix in XP SP3.
Meanwhile, Peter Viscarola from OSR offers this advice:
The work-around is to always call MmGetSystemRoutineAddress from within a try/except block. If you get the exception, I guess you can assume the routine you’re seeking isn’t there…
UPDATE from Doron Holan:
FYI, using SEH to recover from this bug is *NOT* recommended. SEH is not a formal contract for this API and as such, we (MSFT) cannot guarantee that the OS is still in a stable state after you have caught the exception. I am working on a better solution, but for now, SEH is not the answer.
Microsoft discusses a redesigned OS
Tuesday, May 29th, 2007I’ve had a long-running argument with anyone that will listen that multi-core computing will require a fundamentally different programming model. Of course, I’m remotely the only person saying this, but it seems to be a bit of a contentious topic regardless.
I just ran across an article on ArsTechnica in which a Microsoft exec discusses a future version of Windows that deals with massively multi-core computers. There is some interesting stuff in the article. I’d heard through the grapevine that this was underway, and if I weren’t so busy with PhoneFactor, I’d love to code on it!
I worked up a lock-free doubly-linked list last summer, and had intended to try it out in a couple of drivers, but predictably enough, I ran out of time. That, and Doron Holan promised me that it was a waste of time, and who am I to argue with him. 
This stuff is going to have a massive impact on usermode software when it eventually happens. For more on the topic, there is a good list of podcasts over at Xerox PARC on the topic, including one by Herb Sutter of Microsoft.
Windows Server 2008
Friday, May 25th, 2007It looks like Longhorn Server is officially going to be Windows Server 2008. Beta 3 is avialable at connect.microsoft.com.
I haven’t had time to download it yet, but hopefully I’ll have some time over this extended weekend. Maybe!
Subverting Patchguard v2
Monday, January 15th, 2007It looks like Ken got bored again recently, which is always bad news for Patchguard. His Subverting Patchguard v2 paper is fantastic, again. In case you missed it, his (and Matt’s) Bypassing Patchguard on Windows x64, covering v1, is a fantastic read.
If you’re lost, this knowledge base article has the background.
Why can’t you un-pend an IRP?
Thursday, November 30th, 2006I was playing around with SDV and the pending bit the other day, and tried setting and clearing it in back-to-back lines in a dispatch routine. Having CSQ mark the IRP pending (which is automatic, if it succeeds at queuing the IRP) caused SDV to blow up with a very confusing error.
According to a PowerPoint slide by Adrian Oney, here’s the reason:
There is no IoUnmarkIrpPending because a driver above you can legally mark your stack location pending and return STATUS_PENDING
He goes on to say that PoCallDriver does this. News to me! I had always wondered why it was illegal (as opposed to simply immoral) to mark and un-mark an IRP as pending; it’s because in so doing, you would destroy the state of the driver above you who was depending on this.
More on Passthru
Monday, November 20th, 2006Speaking of recent Passthru changes, there’s a not-so-recent set of changes to the Passthru INFs in the XP+ DDKs. If you originally did your IM INFs before that time, it’s time to re-check them. In particular, there were changes around the CopyInf directive.
Speaking of which, I mailed Johan Marien at Microsoft today to let him know that I think the Passthru sample should be made redistributiable, since so many IM drivers are based on it directly. If you agree, you might want to drop him a note in support. Or, leave a comment here and I’ll forward everything on to him.
UPDATE: Thomas Divine points out in the comments that there are known bugs in 3790 Passthru, and also that there is a redistributable version available at wd-3.com. See his comment for details.