Geoff Chappell - Software Analyst
At this site, you can get a lot of free material. Indeed, this site exists primarily to supply you with free samples as a means of encouraging your attention.
Very nearly everything at this site comes from applying techniques that are being developed into Software Analysis by Reverse Engineering, by which I mean a study of what software actually does, which is much too often not exactly what its manufacturer says. What this produces in practice is mostly an attempt at alternative documentation, sometimes with programming samples, to help Windows programmers.
Although it is not necessary that one who works at analysing software should be a programmer or have formally trained as a programmer—which I did not—it is almost certainly not possible to become proficient at analysing software without also becoming at least competent at many of the skills required for programming, and it is surely not possible to do any useful software analysis without producing information that may in turn be useful to programmers. Indeed, the production of such information looks to be the primary measure of whether the software analysis is useful.
Most of the site’s information for programmers is presented as the public results of separate studies. These each show as a tab in the banner. They’re in roughly ascending order of functionality on the way from the hardware to the user or programmer: Kernel, Win32, Shell, Internet Explorer, Visual C++.
This organisation into separate studies might have developed anyway, but the history is that I worked on them separately, at least to begin with, and then when the website was reorganised for its new domain name in 2007, formal division into studies was seen to be very convenient because pages in one study hardly ever link to pages in another. Each study thus got its own table of contents, which is more or less essential for navigation. If you see no banner with tabs for these studies, or no table of contents to the left of this page, then please check the Browser Advice before trying to pick your way through any of the studies.
The two studies that I now regard as having the greatest long-term value grew from pages that I initially provided just as miscellaneous Notes (see below).
Because kernel-mode programming, e.g., of device drivers and file system filter drivers, is the commercial specialty that funded this website’s early development as a free public resource, it could not easily itself be a subject for the free public resource. Not until 2016 did it start getting serious attention at this website, not even to publish old notes whose commercial value had long passed. Now, however, the Kernel study is well on its way to becoming a resource to reckon with for the functions and structures exposed by the kernel and the HAL.
A Win32 study collects similarly detailed notes on the lower levels of user-mode Windows—or would, except that kernel-mode Windows keeps claiming my attention much more readily.
This website in its present form dates from 2007, when it was redesigned around its being the repository for the public results of two fairly large studies that had started in 2004: first into the API functions exported by various modules of the Windows Shell (which was then contentious because of a legal settlement about anti-competitive product tying); and second into the Microsoft Visual C++ compiler and linker (because I was even then still learning what benefit a reverse engineer could gain from greater knowledge of how these tools work). Even the smaller study has several hundred pages.
Be aware, please, that both these studies always were open-ended exercises. The first held my earnest attention until 2010 but never regained it when I returned to the website in 2016. The second was abandoned because of illness in late 2006 and has barely even been looked at since. It, especially, is therefore long out of date. That said, it is some testament both to Microsoft’s notions of compatibility and to the complexity of these tools that many of the pages in this study remain relevant even though all were written specifically from study of Microsoft Visual Studio .NET 2003.
Pages in both these studies vary significantly in their degree of completion. Some tell you more than you might ever have imagined could be written (or would want to be). Others are nothing more than sketches or placeholders.
The chronologically third study arose directly from the website’s redevelopment in 2007 to use scripting. It started as a few tentative steps at alternative documentation of Microsoft’s JScript language but developed into a wider look at Internet Explorer. It too is frozen at and around 2009 and 2010, thus for Internet Explorer versions 7 and 8, having never regained my attention when I returned to the website in 2016.
Be warned that the Internet Explorer study was only ever tentative. The material is published only as very rough notes. Many of the pages really are just my own notes as I myself was learning the least I hoped I would ever need to know about HTML authoring. Though many more are the result of committed research on a scale similar to the best work in the other studies, no formal guidance is offered about which pages were attempted to what standard.
Also given its own table of contents is a section of miscellaneous Notes. These notes are as close as I ever get to writing for a general readership. This will often mean that instead of my assuming you’re an advanced Windows programmer, you will still need to be a moderately advanced Windows user, at least for a first reading.
Many of the notes give the sorts of tips, traps, quirks, etc., that seemingly ordinary computer users take unusual pride in knowing. Some deal with problems that have arisen in my ordinary use of a computer and which I happen to have studied as if for a commercial problem. Some others are technical documentation for programmers or perhaps for system administrators. They are among the notes only because they have tumbled out of other analyses and look like they might be useful to record without waiting for inclusion in larger work (such as one of the studies).
No claim is made that the subjects of any of these notes are important in themselves. Indeed, un-importance is sometimes the only reason a note got written. It will have seemed incidental enough to dash off without distracting me too much from whatever work I was doing at the time (and which perhaps was important). Or the note’s subject, typically some software’s irritating misbehaviour, distracted me so much that I had to write it up to get it out of my head!
That said, it would be a very rare note that didn’t present me with at least some vague wish that something to do with its subject will be some practical use to someone somewhere someday. After all, the point to all these notes, whether substantial or slight, is that software analysis can produce practical results, even when no help is available from the manufacturer of whatever software shows the problem.
Everything at this site is the result of time that I have somehow managed to find, off and on for decades, to write up as a public resource some of what I discover in my own research. Frankly, the research is always something I would do for my own pleasure since I am very much that sort of person who is driven by inquisitiveness, but writing up is a chore—albeit one that has its rewards, not least for its harsh exposure of deficiencies in the research.
Though I have sometimes made a point of reserving large stretches of time just for research and writing, it is more typical that even research is limited to time snatched between items of paid work. At best, only 10% of the research gets even an attempt at a write-up. For not even half of this do I find time to develop the write-up far enough so that it starts to look like it’s worth polishing for publication.
That I do sometimes compromise by publishing insufficiently polished (or even unpolished) work is far from easy for me, but seems preferable to leaving drafts and unannotated lists to moulder in a virtual drawer, awaiting time for perfection. For your part, I remind you to understand that your choice in these cases is between having those drafts or lists, unsatisfactory as they are, and having nothing at all.
The deciding factor for me in this compromise is that even what little I get round to writing up only tentatively is in far too many cases both more detailed and more reliable than anything you can find from Microsoft on the same topic. I don’t say this to my credit. I don’t mean it to Microsoft’s discredit, either, but to the shame of an industry that bleats a lot about Microsoft’s software and its closed-source model yet invests next to nothing in uncovering the details.
All samples at this website, whether program code or documentation, are free. You pay nothing and you are owed nothing. You take everything “as is” and you check it for yourself before relying on it in any way.
That said, I believe honestly that I have prepared all material here with at least as much care as could reasonably be expected even of commercial software or of commercial literature on programming. It is in the nature both of software development and of software analysis that there may be mistakes. If you discover a mistake and report it to me, then I shall respond at least as well as (and I hope much better than) any reputable software house would respond to news of a defect in a commercial product. However, you must understand now that although I am proud of my work, you should not think me liable for what you do with it.
Regarding the material as intellectual property, I ask first that if you use anything you find here, then please respect three requests that are surely so little burden that they ought not need mentioning in a civilised world:
In particular on this last point, it is not fair use to copy large slabs of material from here to another website even if you cite your source (which remarkably many do not).
Second, if your use of anything here is commercial, i.e., makes you money, even indirectly, as from advertising, then will you please do the decent thing and support this site financially. Either consult or recommend my consulting services whenever and wherever you can.