Holy cow, I wrote a book!
If you read through old code, you will often find casts
that seem redundant.
SendMessage(hwndListBox, LB_ADDSTRING, 0, (LPARAM)(LPSTR)"string");
Why was "string" cast to LPSTR?
It's already an LPSTR!
These are leftovers from 16-bit Windows.
Recall that in 16-bit Windows, pointers were near by default.
Consequently, "string" was a near pointer to a string.
If the code had been written as
SendMessage(hwndListBox, LB_ADDSTRING, 0, (LPARAM)"string");
then it would have taken the near pointer and cast it to a long.
Since a near pointer is a 16-bit value, the pointer would have been
zero-extended to the 32-bit size of a long.
However, all pointers in window messages must be far pointers
because the window procedure for the window might very well be implemented
in a different module from the sender.
Recall that near pointers are interpreted relative to the default
selector, and the default selector for each module is different.
Sending a near pointer to another module will result in the
pointer being interpreted relative to the recipient's
default selector, which is not the same as the sender's
The intermediate cast to LPSTR converts the near
pointer to a far pointer, LP being the Hungarian
prefix for far pointers (also known as "long pointers").
Casting a near pointer to a far pointer inserts the previously-implied
default selector, so that the cast to LPARAM captures
the full 16:16 far pointer.
Aren't you glad you don't have to worry about this any more?
The GlobalAlloc function has a GMEM_SHARE flag.
What was it for?
In 16-bit Windows, the GMEM_SHARE flag controlled whether the
memory should outlive the process that allocated it.
By default, all memory allocated by a process was automatically
freed when that process exited.
Passing the GMEM_SHARE flag suppressed this automatic cleanup.
That's why you had to use this flag when allocating memory to be
placed on the clipboard or when you transfer it via OLE to
another process. Since the clipboard exists after your program
exits, any data you put on the clipboard needs to outlive the
program. If you neglected to set this flag, then once your program
exited, the memory that you put on the clipboard would be cleaned up,
resulting in a crash the next time someone tried to read that data from
(The GMEM_SHARE flag also controlled whether the memory could be
freed by a process other than the one that allocated it.
This makes sense given the above semantics.)
Note that the cleanup rule applies to global memory allocated
by DLLs on behalf of a process. Authors of DLLs had to be careful
to keep track of whether any particular memory allocation was
specific to a process (and should be freed when the process exited)
or whether it was something the DLL was planning on sharing across
processes for its own internal bookkeeping (in which case it shouldn't
Failure to be mindful of this distinction led to
bugs like this one.
Thank goodness this is all gone in Win32.
Back in the days of 16-bit Windows, the difference was significant.
In 16-bit Windows, memory was accessed through values called
"selectors", each of which could address up to 64K.
There was a default selector called the "data selector";
operations on so-called "near pointers" were performed relative to
the data selector.
For example, if you had a near pointer p
whose value was 0x1234 and your data selector was 0x012F, then when
you wrote *p, you were accessing the memory at
(When you declared a pointer, it was near by default. You had
to say FAR explicitly if you wanted a far pointer.)
Important: Near pointers are always relative to
a selector, usually the data selector.
The GlobalAlloc function allocated a selector that could be used
to access the amount of memory you requested.
(If you asked for more than 64K, then something exciting happened,
which is not important here.)
You could access the memory in that selector with a "far pointer".
A "far pointer" is a selector combined with a near pointer.
(Remember that a near pointer is relative to a selector; when
you combine the near pointer with an appropriate
selector, you get a far pointer.)
Every instance of a program and DLL got its own data selector,
known as the HINSTANCE,
which I described in an earlier entry.
The default data selector for code in a program executable
was the HINSTANCE of that instance of the program;
the default data selector for code in a DLL was the HINSTANCE
of that DLL.
Therefore, if you had a near pointer p and accessed it via
*p from a program executable, it accessed memory relative
to the program instance's HINSTANCE.
If you accessed it from a DLL, you got memory relative to your DLL's
The memory referenced by the default selector
could be turned into a "local heap" by calling the
LocalInit function. Initialing the local heap
was typically one of the first things
a program or DLL did when it started up.
(For DLLs, it was usually the only thing it did!)
Once you have a local heap, you can call LocalAlloc to allocate
memory from it.
The LocalAlloc function returned a near pointer relative to the default
selector, so if you called it from a program executable, it allocated
memory from the executable's HINSTANCE; if you called it from a DLL,
it allocated memory from the DLL's HINSTANCE.
If you were clever, you realized that you could use LocalAlloc to
allocate from memory other than HINSTANCEs. All you had to do
was change your default selector to the selector for some memory
you had allocated via GlobalAlloc, call the LocalAlloc function,
then restore the default selector. This gave you a near pointer
relative to something other than the default selector,
which was a very scary thing to have, but if you were smart and
kept careful track, you could keep yourself out of trouble.
Observe, therefore, that in 16-bit Windows, the LocalAlloc and
GlobalAlloc functions were completely different! LocalAlloc
returned a near pointer, whereas GlobalAlloc returned a selector.
Pointers that you intended to pass between modules had to be in the
form of "far pointers" because each module has a different default
selector. If you wanted to transfer ownership of memory to another
module, you had to use GlobalAlloc since that permitted the recipient
to call GlobalFree to free it. (The recipient can't use LocalFree
since LocalFree operates on the local heap, which would be the
local heap of the recipient - not the same as your local heap.)
This historical difference between local and global memory still
has vestiges in Win32.
If you have a function that was inherited from 16-bit Windows
and it transfers ownership of memory, it will take the form
of an HGLOBAL. The clipboard functions are a classic example
of this. If you put a block of memory onto the clipboard,
it must have been allocated via HGLOBAL because you are transferring
the memory to the clipboard, and the clipboard will call GlobalFree
when it no longer needs the memory.
Memory transferred via STGMEDIUM takes the form of HGLOBALs
for the same reason.
Even in Win32, you have to be careful not to confuse the local
heap from the global heap. Memory allocated from one cannot be
freed on the other. The functional differences have largely
disappeared; the semantics are pretty much identical by this
point. All the weirdness about near and far pointers disappeared
with the transition to Win32.
But the local heap functions and the global heap functions
are nevertheless two distinct heap interfaces.
I'm going to spend the next few entries describing some of the
features of the 16-bit memory manager. Even though you don't
need to know them, having some background may help you understand
the reason behind the quirks of the Win32 memory manager.
We saw a little of that today, where the mindset of the 16-bit
memory manager established the rules for the clipboard.
[Raymond is currently on vacation; this message was pre-recorded.]
The taskbar created all sorts of interesting problems, since the
work area was not equal to the entire screen dimensions.
(Multiple monitors created similar problems.)
"Why didn't the gui return the usable workspace
as the root window (excluding the taskbar)?"
That would have made things even worse.
Lots of programs want to cover the entire screen.
Games, for example, are very keen on covering the entire screen.
Slideshow programs also want to cover the entire screen.
(This includes both slideshows for digital pictures as well as
Screen savers of course must cover the entire screen.
If the desktop window didn't include the taskbar, then those
programs would leave a taskbar visible while they did their thing.
This is particularly dangerous for screen savers, since a user
could just click on the taskbar to switch to another program
without going through the screen saver's password lock!
And if the taskbar were docked at the top or left edge of the screen,
this would have resulted in the desktop window not beginning at
coordinates (0,0), which would no doubt have caused widespread havoc.
(Alternatively, one could have changed
the coordinate system so that (0, 0) was no longer the
top left corner of the screen, but that would have broken so many
programs it wouldn't have been funny.)
Before Explorer was introduced in Windows 95,
the Windows desktop was a very different place.
The icons on your desktop did not represent files;
rather, when you minimized a program, it turned into
an icon on the desktop.
To open a minimized program, you had to hunt for its icon,
possibly minimizing other programs to get them out of the way,
and then double-click it.
(You could also Alt+Tab to the program.)
Explorer changed the desktop model so that icons on your desktop
represent objects (files, folders) rather than programs.
The job of managing programs fell to the new taskbar.
But where did the windows go when you minimized them?
Under the old model, when a window was minimized, it displayed
as an icon, the icon had a particular position on the screen,
and the program drew the icon in response to paint messages.
(Of course, most programs deferred to DefWindowProc
which just drew the icon.)
In other words, the window never went away; it just changed its
But with the taskbar, the window really does go away when you
minimize it. Its only presence is in the taskbar.
The subject of how to handle windows when they were minimized
went through several iterations, because it seemed that no matter
what we did, some program somewhere didn't like it.
The first try was very simple: When a window was minimized,
the Windows 95 window manager set it to hidden.
That didn't play well with many applications,
which cared about the distinction between minimized (and visible)
and hidden (and not visible).
Next, the Windows 95 window manager
minimized the window just like the old days,
but put the minimized window at coordinates (-32000,
This didn't work because some programs freaked out if they found their
coordinates were negative.
So the Windows 95 window manager tried putting minimized windows at
coordinates (32000, 32000),
This still didn't work because some programs freaked out if they found
their coordinates were positive and too large!
Finally the Windows 95
window manager tried coordinates (3000, 3000),
This seemed to keep everybody happy.
Not negative, not too large, but large enough that it wouldn't show
up on the screen (at least not at screen resolutions that were
readily available in 1995).
If you have a triple-monitor Windows 98 machine lying around,
you can try this:
Set the resolution of each monitor to
1024x768 and place them corner-to-corner. At the bottom right
corner of the third monitor, you will see
all your minimized windows parked out in the boonies.
(Windows NT stuck with the -32000 coordinates and didn't
pick up the compatibility fixes for some reason.
I guess they figured that by the time Windows NT became
popular, all those broken programs would have been fixed.
In other words: Let Windows 95 do your dirty work!)
Windows 95 Setup would notice that a file it was installing
was older than the file already on the machine and would ask you
whether you wanted to keep the existing (newer) file or to overwrite
it with the older version.
Asking the user this question at all turned out to have been a bad idea.
It's one of those
dialogs that ask the user a question they have no idea how to answer.
Say you're installing Windows 95 and you get the file version
conflict dialog box.
"The file Windows is attempting to install is older than the one
already on the system. Do you want to keep the newer file?"
What do you do?
Well, if you're like most people, you say,
"Um, I guess I'll keep the newer one,"
so you click Yes.
And then a few seconds later, you get the same prompt
for some other file. And you say Yes again.
And then a few seconds later, you get the same prompt
for yet another file. Now you're getting nervous.
Why is the system asking you all these questions?
Is it second-guessing your previous answers?
Often when this happens, it's because you're doing something bad
and the computer is giving you one more chance to change
your mind before something horrible happens.
Like in the movies when you have to type Yes five times
before it will launch the nuclear weapons.
Maybe this is one of those times.
Now you start saying No. Besides, it's always safer
to say No, isn't it?
After a few more dialogs (answering No this time),
Setup finally completes. The system reboots,
and... it bluescreens.
Because those five files were part of a matched set of files
that together form your video driver.
By saying Yes to some of them and No to others, you ended up
with a mishmash of files that don't work together.
We learned our lesson. Setup doesn't ask this question any more.
It always overwrites the files with the ones that come with the
operating system. Sure, you may lose functionality, but at least
you will be able to boot. Afterwards, you can go to Windows Update
and update that driver to the latest version.
Note, however, that this rule
does not apply to hotfixes and Service Packs.
When you register your program with a file association, the shell needs to decide whether your program supports long file names so it can decide whether to pass you the long name (which may contains spaces! so make sure you put quotation marks around the "%1" in your registration) or the short name.
The rule is simple: The shell looks at your program's EXE header to see what kind of program it is.
Note that third case. If you mess up your program registration, then the shell will be unable to determine whether your program supports long file names and assumes not. Then when your program displays the file name in, say, the title bar, you end up displaying some icky short file name alias instead of the proper long file name that the user expects to see.
The most common way people mess up their program registration is by forgetting to quote spaces in the path to the program itself! For example, an erroneous registration might go something like this:
HKEY_CLASSES_ROOT litfile shell open command (default) = C:\Program Files\LitWare Deluxe\litware.exe "%1"
Observe that the spaces in the path "C:\Program Files\Litware Deluxe\litware.exe" are not quoted in the program registration. Consequently, the shell mistakenly believes that the program name is "C:\Program", which it cannot find. The shell therefore plays it safe and assumes no LFN support.
Compatibility note: As part of other security work, the code in the shell that parses these command lines was augmented to chase down the "intended" path of the program. This presented the opportunity to fix that third case, so that the shell could find the program after all and see that it supported long file names, thereby saving the user the ignominy of seeing their wonderful file name turn into a mush of tildes.
And after we made the change, we had to take it out.
Because there were programs that not only registered themselves incorrectly, but were relying on the shell not being smart enough to find their real location, resulting in the program receiving the short name on the command line. Turns out these programs wanted the short name, and doing this fake-out was their way of accomplishing it.
(And to those of you who are already shouting, "Go ahead and break them," that's all fine and good as long as the thing that's incompatible isn't something you use. But if it's your program, or a program your company relies on, I expect you're going to change your tune.)
The Listview control
when placed in report mode
has a child header control
which it uses to display column header titles.
This header control is the property of the listview,
but the listview is kind enough to
let you retrieve the handle to that header control.
And some programs abuse that kindness.
It so happens that the original listview control did not use
the lParam of the header control item for anything.
So some programs said, "Well, if you're not using it, then I will!"
and stashed their own private data into it.
Then a later version of the listview decided,
"Gosh, there's some data I need to keep track of for each
header item. Fortunately, since this is my header control,
I can stash my data in the lParam of the header item."
And then the application compatibility team takes those
(the program that stuffs data into the
header control and the listview that does the same)
to their laboratory, mixes them, and an explosion occurs.
After some forensic analysis, the listview development team
figures out what happened and curses that they have to work
around yet another program that grovels into internal data
The auxiliary data is now stored in some other less convenient
place so those programs can continue to run without crashing.
The moral of the story:
Even if you change something that nobody should be relying on,
there's a decent chance that somebody is relying on it.
(I'm sure there will be the usual chorus of people who will
say, "You should've just broken them."
What if I told you that one of the programs that does this
is a widly-used system administration tool?
Eh, that probably wouldn't change your mind.)
functions return an
What is that ATOM good for?
The names of all registered window classes is kept in an
internal to USER32. The value returned by the class registration
functions is that atom.
You can also retrieve the atom for a window class by asking
a window of that class for its class atom via
The atom can be converted to an integer atom via
the MAKEINTATOM macro,
which then can be used by functions that accept
class names in the form of strings or atoms.
The most common case is the
lpClassName parameter to
the CreateWindow macro
the CreateWindowEx function.
Less commonly, you can also use it as the lpClassName
(Though why you would do this I can't figure out.
In order to have the atom to pass to GetClassInfo
in the first place, you must have registered the class (since that's
what returns the atom), in which case why are you asking for information
about a class that you registered?)
To convert a class name to a class atom, you can create a dummy window
of that class and then do the aforementioned
Or you can take advantage of the fact that the return value from the
GetClassInfoEx function is the atom for the class,
cast to a BOOL.
This lets you do the conversion without having to create a dummy window.
(Beware, however, that GetClassInfoEx's return value is
the atom on Windows 95-derived operating systems.)
But what good is the atom?
Not much, really.
Sure, it saves you from having to pass a string to functions like
CreateWindow, but all it did was replace a string with
with an integer you now have to save in a global variable for later use.
What used to be a string that you could hard-code is now an atom that
you have to keep track of.
Unclear that you actually won anything there.
I guess you could use it to check quickly whether a window belongs to
a particular class. You get the atom for that class (via
GetClassInfo, say) and then get the atom for the window
and compare them. But you can't cache the class atom since the
class might get unregistered and then re-registered (which will give
it a new atom number). And you can't prefetch the class atom since
the class may not yet be registered at the point you prefetch it.
(And as noted above, you can't cache the prefetched value anyway.)
So this case is pretty much a non-starter anyway; you may as well use
the GetClassName function and compare the resulting
class name against the class you're looking for.
In other words, window class atoms are an anachronism.
replacement dialog box classes, it's one of those
generalities of the Win32 API that never really got off the ground,
but which must be carried forward for backwards compatibility.
But at least now you know what they are.
[Typos fixed October 12.]
If the system directory is always %windir%\SYSTEM32,
why is there a special function to get it?
Because it wasn't always that.
For 16-bit programs on Windows NT, the system directory
is %windir%\SYSTEM. That's also the name of the
system directory for Windows 95-based systems and all the 16-bit
versions of Windows.
But even in the 16-bit world, if it was always
%windir%\SYSTEM, why have a function for it?
Because even in the 16-bit world, it wasn't always
Back in the old days, you could run Windows
directly over the network. All the system files were
kept on the network server, and only the user's files were kept
on the local machine. What's more, every single computer
on the network used the same system directory on the server.
There was only one copy of USER.EXE, for example, which
Under this network-based Windows configuration, the
system directory was a directory on a server somewhere
and the Windows directory was a directory on the local
machine (C:\WINDOWS). Clients did not have write permission into
the shared system directory, but they did have permission to write
into the Windows directory.
That's why GetSystemDirectory is a separate function.