Geoff Chappell - Software Analyst
For January, I noted that I must face “that my recent diversions into retro-computing are no longer just diversions.” Add a few months and it turns out that this is just one of many things that must be faced. By now I start to realise that this is not new just for this year. It wasn’t new even for late last year, when I as the long-ago author of a book titled DOS Internals looked again at DOS for the first time in decades.
Coincidentally with the pandemic but more and more evidently because of life events that are specifically mine, I’ve let the last two years turn heavy with retrospection. Even the few months of early 2021 that I spent on reworking the website’s styles and scripts, even what in mid-2021 I thought at first was a development of new themes—notably the question of what can reverse engineers learn of the Windows source code solely from Microsoft’s readily published information—now looks more like the start of a long tidying of whatever must pass for my somewhat unorthodox career in computer programming. It may even be the beginning of the end of this website’s new work.
It’s not my usual practice to list additions and changes to the site’s introductory pages as new or revised, and certainly not just the occasional summaries of what got read. But except for the last few days of this month, my tidying of these pages, which is still on-going, was all I could report.
That said, the massed collection of statistics and especially the collation for the whole year had the constructive effect of reminding me that some of the site’s most-read pages are its lists of user-mode functions. I truly wish they weren’t. I like to think I’ve made a far bigger contribution to my subject than to have prepared these lists—and perhaps precisely because of this, I have neglected them for much too long, even after writing as long ago as April 2021 that I would make a point of updating them.
For better or worse, my progress through these will be from low-level to high and early to late. When I last worked on these pages, Windows 10 was more or less new and the earliest Windows I had for inspection (from MSDN subscriptions in the 1990s) was version 3.51. My collection has since got filled out. Only after I attend to the earliest versions to be sure the history is well grounded will I update beyond the original Windows 10. My presently planned order is NTDLL, KERNEL32, KERNELBASE and ADVAPI32, but how far I’ll persist with this is anyone’s guess.
Please remember that although I do publish these lists and they are in some sense the most detailed on the Internet for the versions they cover, they are just my own notes to support my own work, whether of programming or reverse engineering or even just for the bee I have in my bonnet about accurately recording the history of Windows. If I happen not to do much user-mode work or none that requires the use of very recent functionality, then I have no need of my own to update these notes.
If you want a reliable programme of updating, then please ask yourself (and anyone who’ll listen) what is it that’s so disfunctional about our academy and industry that you’re left with my lists as anything that may be worth looking at. What has gone wrong that these lists aren’t prepared by research students at some university or even by interns or salaried employees at a public-spirited (or publicity-seeking) company for the benefit of all programmers and security researchers? I’m biased, or jaded, but I don’t think the service is missed just because we all think we have better things to do.
Because NTDLL is in large part the kernel’s footprint in user mode, the NTDLL lists never could be written independently of the kernel’s lists. Presumably from never having quite enough time, I never did get them well synchronised. Now, even to extend the NTDLL lists to the earliest versions, it’s only inevitable that I at least look at—and revise—what I had done a few years back on the same point but for the kernel. Some revision was anyway required from having more recently filled a few gaps in my collection of early versions’ service packs—and, as I keep saying, kernel-mode always trumps user-mode for my interest.
I can’t resist blowing my own horn on this, but as I review the kernel’s API summary and start reworking NTDLL’s, I find I’m more than a little pleased with myself for what now looks like an easy outcome of the months I put into web programming back in February 2021. Of course, this also means I have revised the scripts a little. I don’t even try for compatibility with scripts that persist in caches: if you get any errors or suspect any misbehaviour, please refresh to get the latest scripts.