Geoff Chappell - Software Analyst
This site had 21,240 visits in January 2017, from 15,003 unique visitors. The list below is of pages that were each viewed at least 100 times in January 2017.
The stand-out new performer is not what I’d most like to be known for. I don’t look for security vulnerabilities, but when I document API functions I do of course note what errors I’m aware of in the implementation. One such was immediately obvious as letting even a low-integrity user-mode program crash Windows. Almost as obvious was that the coding error has survived unchanged from even the oldest Windows version that I ever received on MSDN discs (now over 20 years ago). I reported it to the Microsoft Security Research Center at the end of December and asked for guidance about how the error could be kept unpublished without compromising my documentation of the relevant functionality. A few weeks later, wanting to move on and not knowing when Microsoft’s timetable might prompt me to return to the subject, I wrote up the details anyway. As I finished, having been ignored for weeks, I published. Within two hours of my linking the published page from any other in the site (so that it could be found), Microsoft asked for removal. Apparently, Microsoft had only just that day got round to examining my report and thus noticed the newly published details. Accept this as coincidence. The point to so-called co-ordinated disclosure is not that it buys the vendor a few weeks in which to do little or nothing. So, I left the page in plain view. Within a day the page had hundreds of visits. So now I know that at least some handful of people follow what I write, and then get the word around if what I write has security implications. I don’t complain of the attention, and I even hope good may come of it, yet it’s not an obvious fit with my vision of this site as an information resource for Windows programming. There’s more than a little for me to think from this. The business model for research into Windows as an aid to Windows programming is tenuous. That it gets attention for the wrong reasons may be a sign that it actually is wrong-headed of me to pursue it.
Nothing else that’s truly new from the preceding year’s revival of research and writing has yet made the cut. The page on Native API Functions, with 130 visits, is new as its own page, but a lot of its text is nearly 10 years old. It was merely assembled into this new page to explain to user-mode programmers why my documentation of NTDLL exports whose names begin with Nt or Zw is in the Kernel section even if the functions aren’t exported for kernel-mode use. Still, there are encouraging signs that what documentation I have yet written of those functions is getting read.
Bubbling under this list, at 99 visits each, are two pages that genuinely are new from last year. One is a practical Demonstration of Self-Profiling, in which a program gets to sample the execution of selected routines in the program’s own code by using otherwise undocumented functions such as NtCreateProfile (only 64 visits, despite being vital to the crash described above). The other is my documentation of the KUSER_SHARED_DATA structure. Microsoft has always semi-documented this structure, in the sense of providing C-language definitions in header files, but from me you get at least the beginnings of some curation, by which I mean not just commentary on the members but also on their changes between versions.
On a personal note, I find myself intrigued by the visits to two old, casually written pages about bugs in Expression Web, as noticed in everyday use. Expression Web is the editor I use for all pages at this site. To a large extent, I seem to be stuck with it from my arguably naive decision to use Front Page when it handily came with other Office programs all the way back in 1997. Front Page was not without its occasional crash, but its development into Expression Web produced what is easily the most bug-ridden commercial software I have ever used. What always astonished me most, however, was not Microsoft’s lack of care but that books and blogs were written about this software and described in some detail this and that feature without ever hinting at the sort of ridiculous misbehaviour that I saw as easily established just from an hour or two of casual observation. Whenever I think of what’s wrong with the software industry, all that writing about Expression Web reminds me that defects in software and the consequent abuses of consumers are not just problems of manufacturing. We who write about software have responsibilities too.
The faded titles are just index pages which I presume are viewed only or mainly on the way to others, especially while moving from one Table of Contents (TOC) to another. One of those index pages is just the skimpiest of placeholders, pending my writing an introduction, which I likely never will get round to. The TOCs are omitted entirely. The rank in brackets is from the previous month.