Table Of Content

THE ANDREW SCHULMAN A PROGRAMMING SERIES Undocumented Windows A Programmer's Guide to API Reserped Microsoft" Windows Functions h Covers Windows 3.1 and 3.0 ANDREW SCHULMAN DAVID MAXEY IdiskI MATT PIETREK | Included 1 fun #i Scht"man i„, l394 and reW; Pietr'ek * Maxev n ro^mme ed^ndows:A Wi°doWSSAAPprI.s^?f0ulun'cdteiotnosreserZveedd MMi-crosoft === ^ (lCCoOvers == s= Windows D*Tf ni.r I3^if KO©(D JL California Research Center Library *" m COh coiieij t\ '- Ste. 115 mnlo. Park, CA 34025 ' Undocumented Windows 1 ANDREW SCHULMAN DAVID MAXEY MATT PIETREK Series Editor: Andrew Schulman TT Addison-Wesley Publishing Company Reading, Massachusetts Menlo Park, California New York Don Mills, Ontario Wokingham, England Amsterdam Bonn Sydney Singapore Tokyo Madrid San Juan Paris Seoul Milan Mexico City Taipei Many of the designations used by manufacturers and sellers to distinguish their prod- ucts are claimed as trademarks. Where those designations appear in this book and Addison-Wesley was aware ofthe trademark claim, the designations have been printed in initial capital letters. The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connec- tion with or arising out ofthe use ofthe information or programs contained herein. Library ofCongress Cataloging-in-Publication Data Schulman, Andrew. Undocumented Windows a programmer's guide to reserved Microsoft : Windows API functions / by Andrew Schulman, David Maxey, and Matt Pietrek. p. cm. Includes index. ISBN 0-201-60834-0 1. Windows (Computer programs) 2. Microsoft Windows (Computer program) I. Maxey, David. II. Pietrek, Matt. III. Title. QA76.76.W56S38 1992 005.4'3--dc20 92-14831 CIP Copyright © 1992 by Andrew Schulman and David Maxey All rights reserved. No part ofthis publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocop- ying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States ofAmerica. Published simultaneously in Canada. Series Editor: Andrew Schulman Managing Editor: Amorette Pedersen Production Editor: AndrewWilliams Line drawings: Jennifer Noble Set in 10.5-point ITC Galliard by Benchmark Productions 234 5 6789 MW-9695949392 Second printing, October 1992 Thanks to Phar Lap for providing the foundation on which we based the graphics. 1 CONTENTS Preface ix Acknowledgments xvi CHAPTER This Was Not Supposed to Happen 1 1 Backdoor Programming 5 Dynamic Linking Aids Snooping 5 NDW Inside 7 Open Tools: No Longer Undocumented Windows 12 Finally, Undocumented Windows 14 The Saga ofFree System Resources 14 The Problem with Protected Mode 21 Further Inside the Norton Desktop 26 Microsoft's Use ofUndocumented Windows 28 Undocumented Debugging 34 Microsoft Commercial Applications and Language Products 36 The "Chinese Wall" and FTC's Investigation ofMicrosoft 40 The Geary Incident 42 Inside Windows 46 Why Aren't They Documented? 48 Fear, Loathing, and Portability 5 in UNDOCUMENTED WINDOWS iv WhatAbout NT? 55 Safe Use ofUndocumented Functions 56 CHAPTER 2 Examining Windows Executables 59 MAPWIN Using 64 EXEDUMP Using 73 Producing .DATFiles with EXEDUMP -EXPORTS 79 Quickie Examinations with EXEDUMP -MAGIC and -DESC 80 EXEUTIL 81 Finding Undocumented Functions with EXEUTIL -FINDUNDOC 82 Finding Calls to Undocumented Functions with EXEUTIL -UNDOC 85 Finding Calls to APIFunctions with EXEUTIL -IMPORTS 89 Finding DLL Changes with EXEUTIL -DIFF 90 Finding Function Equivalences with EXEUTIL -DUPES 92 CHAPTER 3 Disassembling Windows 95 TASKMAN Disassembling 103 TASKMAN Techniques 122 ExaminingAPIFunctions and Data Structures 126 CHAPTER 4 Tools for Exploring Windows 1 35 Windows Spies, Walkers, and Debuggers 135 HEAPWALK 136 SPY 136 CodeViewfor Windows 137 WDEB386 137 Debug Version ofWindows 138 Other Snooping Utilities 139 Soft-ICE/Windows 142 Disassembly with WINICE 143 WINICE Breakpoints 145 WINICE System-Information Commands 148 The W1NIO Library 151 An Interactive Command Shell 153 111 CONTENTS Going Resident 156 Installing EventHandlers 157 WINIO Menus 159 WINIO Clickable Lines 16 CALLFUNC: Dynamic Linking at Your Fingertips! 165 CALLFUNC GP FaultHandling 171 Watching Undocumented WM_ Messages with SNOOP 173 TracingMessages Through WndProc Calls 177 Deliberately-Intrusive Debugging 179 Watching Interrupts with WISPY 180 DOS Starting a Box 184 Fixing WINIO 185 Windows Browsers 188 CHAPTER 5 KERNEL: Windows System Services 189 KERNEL Versions of 189 KERNEL Data Structures 191 Handles, Handles Everywhere 193 KERNEL Exports and Imports 202 KERNEL Initialization 202 Undocumented KERNEL Functions 204 Using the Undocumented Functions 207 CHAPTER 6 USER: Microsoft Windows User Interface 399 USER Data Structures 399 USERHeaps 400 USER Objects 402 GlobalHeap Objects 402 User Local Heap Objects 402 USERWALK 406 USER Exports and Imports 41 USER Undocumented Functions 41 11 UNDOCUMENTED WINDOWS vi USER Composition 412 Using Undocumented USER Functions 413 CHAPTER 7 Undocumented Windows Messages 517 Built-in WndProcs 533 Undocumented Control Messages 533 CHAPTER 8 GDI 535 GDI Data Structures 536 GDIWALK 537 GDI Heaps 543 GDI Exports and Imports 543 GDI Undocumented Functions 544 Using Undocumented GDI functions 545 CHAPTER 9 SYSTEM 601 CHAPTER 10 ToolHelp: A Partial Replacment for Undocumented Windows 61 What Undocumented Functionality Can ToolHelp Replace? 612 Assorted ToolHelp Programming Considerations 614 Using ToolHelp in Your Product 616 The ToolHelp Functions 617 The Heap Functions 617 The Windows Data Structure Walking Functions 623 Debugger and Miscellaneous Functions 626 Sample Program: WinWalk 639 Global Heap, Hex Dump, and Local Walk 639 Task List 641 Module List 641 Class List 64 Sample Program: Coroner 652 Running Coroner 652 The Coroner Code 653 Suggested Enhancements 668 CONTENTS vii APPENDIX A WINIO Library Reference 671 WINIO Differencesfrom Stdio 673 WINIO Functions 674 WMHANDLER Functions 680 APPENDIX B Annotated Bibliography 683 Index 693 Digitized by the Internet Archive 2012 in http://archive.org/details/undocumentedwindOOschu

ebook img

Undocumented Windows: A Programmers Guide to Reserved Microsoft Windows API Functions PDF

740 Pages·1992·68.963 MB·English
by  Andrew Schulman
#
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Undocumented Windows: A Programmers Guide to Reserved Microsoft Windows API Functions

THE ANDREW SCHULMAN A PROGRAMMING SERIES Undocumented Windows A Programmer's Guide to API Reserped Microsoft" Windows Functions h Covers Windows 3.1 and 3.0 ANDREW SCHULMAN DAVID MAXEY IdiskI MATT PIETREK | Included 1 fun #i Scht"man i„, l394 and reW; Pietr'ek * Maxev n ro^mme ed^ndows:A Wi°doWSSAAPprI.s^?f0ulun'cdteiotnosreserZveedd MMi-crosoft === ^ (lCCoOvers == s= Windows D*Tf ni.r I3^if KO©(D JL California Research Center Library *" m COh coiieij t\ '- Ste. 115 mnlo. Park, CA 34025 ' Undocumented Windows 1 ANDREW SCHULMAN DAVID MAXEY MATT PIETREK Series Editor: Andrew Schulman TT Addison-Wesley Publishing Company Reading, Massachusetts Menlo Park, California New York Don Mills, Ontario Wokingham, England Amsterdam Bonn Sydney Singapore Tokyo Madrid San Juan Paris Seoul Milan Mexico City Taipei Many of the designations used by manufacturers and sellers to distinguish their prod- ucts are claimed as trademarks. Where those designations appear in this book and Addison-Wesley was aware ofthe trademark claim, the designations have been printed in initial capital letters. The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connec- tion with or arising out ofthe use ofthe information or programs contained herein. Library ofCongress Cataloging-in-Publication Data Schulman, Andrew. Undocumented Windows a programmer's guide to reserved Microsoft : Windows API functions / by Andrew Schulman, David Maxey, and Matt Pietrek. p. cm. Includes index. ISBN 0-201-60834-0 1. Windows (Computer programs) 2. Microsoft Windows (Computer program) I. Maxey, David. II. Pietrek, Matt. III. Title. QA76.76.W56S38 1992 005.4'3--dc20 92-14831 CIP Copyright © 1992 by Andrew Schulman and David Maxey All rights reserved. No part ofthis publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocop- ying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States ofAmerica. Published simultaneously in Canada. Series Editor: Andrew Schulman Managing Editor: Amorette Pedersen Production Editor: AndrewWilliams Line drawings: Jennifer Noble Set in 10.5-point ITC Galliard by Benchmark Productions 234 5 6789 MW-9695949392 Second printing, October 1992 Thanks to Phar Lap for providing the foundation on which we based the graphics. 1 CONTENTS Preface ix Acknowledgments xvi CHAPTER This Was Not Supposed to Happen 1 1 Backdoor Programming 5 Dynamic Linking Aids Snooping 5 NDW Inside 7 Open Tools: No Longer Undocumented Windows 12 Finally, Undocumented Windows 14 The Saga ofFree System Resources 14 The Problem with Protected Mode 21 Further Inside the Norton Desktop 26 Microsoft's Use ofUndocumented Windows 28 Undocumented Debugging 34 Microsoft Commercial Applications and Language Products 36 The "Chinese Wall" and FTC's Investigation ofMicrosoft 40 The Geary Incident 42 Inside Windows 46 Why Aren't They Documented? 48 Fear, Loathing, and Portability 5 in UNDOCUMENTED WINDOWS iv WhatAbout NT? 55 Safe Use ofUndocumented Functions 56 CHAPTER 2 Examining Windows Executables 59 MAPWIN Using 64 EXEDUMP Using 73 Producing .DATFiles with EXEDUMP -EXPORTS 79 Quickie Examinations with EXEDUMP -MAGIC and -DESC 80 EXEUTIL 81 Finding Undocumented Functions with EXEUTIL -FINDUNDOC 82 Finding Calls to Undocumented Functions with EXEUTIL -UNDOC 85 Finding Calls to APIFunctions with EXEUTIL -IMPORTS 89 Finding DLL Changes with EXEUTIL -DIFF 90 Finding Function Equivalences with EXEUTIL -DUPES 92 CHAPTER 3 Disassembling Windows 95 TASKMAN Disassembling 103 TASKMAN Techniques 122 ExaminingAPIFunctions and Data Structures 126 CHAPTER 4 Tools for Exploring Windows 1 35 Windows Spies, Walkers, and Debuggers 135 HEAPWALK 136 SPY 136 CodeViewfor Windows 137 WDEB386 137 Debug Version ofWindows 138 Other Snooping Utilities 139 Soft-ICE/Windows 142 Disassembly with WINICE 143 WINICE Breakpoints 145 WINICE System-Information Commands 148 The W1NIO Library 151 An Interactive Command Shell 153 111 CONTENTS Going Resident 156 Installing EventHandlers 157 WINIO Menus 159 WINIO Clickable Lines 16 CALLFUNC: Dynamic Linking at Your Fingertips! 165 CALLFUNC GP FaultHandling 171 Watching Undocumented WM_ Messages with SNOOP 173 TracingMessages Through WndProc Calls 177 Deliberately-Intrusive Debugging 179 Watching Interrupts with WISPY 180 DOS Starting a Box 184 Fixing WINIO 185 Windows Browsers 188 CHAPTER 5 KERNEL: Windows System Services 189 KERNEL Versions of 189 KERNEL Data Structures 191 Handles, Handles Everywhere 193 KERNEL Exports and Imports 202 KERNEL Initialization 202 Undocumented KERNEL Functions 204 Using the Undocumented Functions 207 CHAPTER 6 USER: Microsoft Windows User Interface 399 USER Data Structures 399 USERHeaps 400 USER Objects 402 GlobalHeap Objects 402 User Local Heap Objects 402 USERWALK 406 USER Exports and Imports 41 USER Undocumented Functions 41 11 UNDOCUMENTED WINDOWS vi USER Composition 412 Using Undocumented USER Functions 413 CHAPTER 7 Undocumented Windows Messages 517 Built-in WndProcs 533 Undocumented Control Messages 533 CHAPTER 8 GDI 535 GDI Data Structures 536 GDIWALK 537 GDI Heaps 543 GDI Exports and Imports 543 GDI Undocumented Functions 544 Using Undocumented GDI functions 545 CHAPTER 9 SYSTEM 601 CHAPTER 10 ToolHelp: A Partial Replacment for Undocumented Windows 61 What Undocumented Functionality Can ToolHelp Replace? 612 Assorted ToolHelp Programming Considerations 614 Using ToolHelp in Your Product 616 The ToolHelp Functions 617 The Heap Functions 617 The Windows Data Structure Walking Functions 623 Debugger and Miscellaneous Functions 626 Sample Program: WinWalk 639 Global Heap, Hex Dump, and Local Walk 639 Task List 641 Module List 641 Class List 64 Sample Program: Coroner 652 Running Coroner 652 The Coroner Code 653 Suggested Enhancements 668 CONTENTS vii APPENDIX A WINIO Library Reference 671 WINIO Differencesfrom Stdio 673 WINIO Functions 674 WMHANDLER Functions 680 APPENDIX B Annotated Bibliography 683 Index 693 Digitized by the Internet Archive 2012 in http://archive.org/details/undocumentedwindOOschu

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users