Geoff Chappell - Software Analyst
This website was more or less frozen in 2011 when I took up full-time employment, which I have now left. It will be a recurring theme for some time yet that five years of neglect has left a lot of updating to be done. Another recurring theme is that offers of alternatives that might sustain the revival of this website are welcome. See especially that I am again available for Consultation.
Meanwhile, I continue with the recent experiment in documenting structures. A format for this has taken some time to evolve. Some of my early attempts must now be more or less completely reworked. Perhaps more usefully, I have decided that if it’s worth doing at all as more than anyone’s private notes to help with debugging, then it’s worth doing properly. Anyone can re-present the type information from Microsoft’s symbol files (and there do seem to be a few such presentations on the Internet already). Harder, and certainly appealing to me for historical interest, is to collate the definitions over the range of Windows versions, but even though this can be a lot of work it’s still just a curatorial exercise. Added value—to count as research, even—comes from annotating and from tracking down the usage. Taken this far, a survey of structures can become a wide-ranging tour of Windows functionality, and so I expect I’ll persist with it. I’ve even decided it’s worth doing for relatively well-known structures. Expertise in low-level Windows programming is rarely about knowing the undocumented but is much more often about knowing the documented better than it’s documented. Feel free to send wish lists.
Where it hasn’t seemed overwhelming, I’ve added material from old notes—sometimes very old notes. I really had forgotten that even as recently as Windows XP, Microsoft indulged such tricks as having the kernel execute NTDLL code at its user-mode addresses but in ring 0. What a delight it was to take that trip down memory lane!