• The Old New Thing

    What is this extra thread in my process?


    A customer liaison asked:

    After applying Service Pack 2 to Windows Server 2003, my customer found that a simple MFC application (just using the template, no customization) has two threads when it is supposed to have only one. After five minutes, one of the threads exits. This doesn't happen on Windows Server 2003 RTM or Windows Server 2003 Service Pack 1.

    Here is a stack trace of the extra thread:

    0:001> kP

    The parameters to Etwp­Wait­For­Multiple­Objects­Ex seem to be consistent with Wait­For­Multiple­Objects­Ex. Assuming that's the case, the parameters are

    nCount  = 0
    lpHandles  = 00x004f4470
    bWaitAll  = 0
    dwMilliseconds  = 300000 = 5 minutes
    bAlertable  = TRUE

    Can you explain what the purpose of this thread is? Did this behavior change as a result of the update? It is important for the customer to know the purpose of this thread.

    We asked, "Why does the customer need to know the purpose of this thread?"

    We never heard back from the customer liaison. I guess it wasn't that important after all.

    In case you cared: From the names of the functions, it looks like this is the ETW event pump thread.

  • The Old New Thing

    Microspeak: Party, in various forms


    Remember, Microspeak includes words and phrases in general use, as long as they are employed at Microsoft at a higher rate than in the general population, or in specific situations that may not be obvious to the uninitiated. They are the words and phrases you need to use in order to fit in.

    Today's word is party, in various forms, and usually paired with the preposition on. In general, it means to use, change, or modify with few or no constraints. These aren't genteel tea parties; they're more like wild college parties, the kind that end with the police being called.

    LockBits returns a pointer to the pixel buffer, and the caller can party on the memory inside the rectangle until it calls UnlockBits.

    When used with permission verbs like can and may, the usage indicates that the component has permission to read from and write to the memory, subject to the given constraints.

    The code partied on our data structures because it used a pointer after freeing it.

    It is often used in a negative sense to indicate that the component wrote to memory that it should not have. Sort of an unauthorized party. (Compare fandango on core.)

    The Contoso notifier injects a DLL into Explorer so it can party on the internal data that keeps track of icons in the notification area and thereby disable the icons of its competitors.

    These sorts of unauthorized parties can be malicious and willful as well as merely accidental.

    The exp branch is a party branch. You can commit your changes there so we can test it before pulling it into the release branch.

    The word party can be used to describe an environment in which the normal rules and constraints are reduced or removed entirely. Here, the party branch is presumably a branch of the project in which the usual procedures for code changes don't apply, or at least apply less strictly than normal. You can put any experimental changes in the exp branch, and then when a new build comes out the next day, you can run your tests against it to see if they solve the problem. If so, then you can start filling out the necessary paperwork to pull the changes into the release branch.

    Many release branches have an experimental offshoot.¹ The idea is that people developing fixes to the product can commit their changes to the experimental branch to see how they work out. If the changes look good, they are pulled into the release branch. If the changes doesn't pass muster, they are rolled back. The developers who use the experimental branch are on their honor to keep the branch in good condition.

    Note that this sense of party is relative. The experimental branch is a big party compared to the staid and formal release branch, but it's still not a crazy free-for-all. You still need to be judicious about what you put into the party branch so you don't ruin the party for everybody else.

    The Q1 branch is locked down for the beta, but you can party your post-beta fixes into the Q2 branch.

    The above example further highlights the relative nature of the term party. Even though the Q2 branch is open to post-beta fixes, you still have to go through the usual test and review processes for fixing bugs. It's just that Q2 will accept any approved bug fix, whereas Q1 will accept only fixes for bugs marked beta-blocking.

    (That's a little extra Microspeak for you: blocking. In Microspeak, a beta blocker is not a pharmacological agent. Rather, it's something that prevents the beta from being released.)

    ¹ In Windows, the experimental branch associated with a release branch is typically called cbt. This officially stands for Central Build Team, but some people who live in my house like to joke that it stands for Can't Be Trusted.

  • The Old New Thing

    Excuses I learned from babies


    I was visiting a friend of mine, and his young daughter was being unusually cranky. He explained, "Oh, she's teething."

    I filed that away as an excuse I could use the next time I felt cranky. "Sorry about that. I'm teething."

    Here's another excuse you might want to use:

    "No, I'm not drunk. I simply lost interest in remaining upright."

  • The Old New Thing

    Execute a file as if it were a program, even though its extension is not EXE


    Today's Little Program executes a file as if it were a program, even though its extension is not EXE. The idea here is to prevent somebody from running your program by accident, so you give it an extension like .MOD. This is great for preventing somebody from running the program by mistake, but how do you do it on purpose?

    #define STRICT
    #include <windows.h>
    #include <shellapi.h>
    int WINAPI WinMain(
        HINSTANCE hinst, HINSTANCE hinstPrev,
        LPSTR lpCmdLine, int nCmdShow)
      SHELLEXECUTEINFO sei = { 0 };
      sei.cbSize = sizeof(sei);
      sei.nShow = SW_SHOWNORMAL;
      sei.lpFile = TEXT("C:\\full\\path\\to\\program.mod");
      sei.fMask = SEE_MASK_CLASSNAME;
      sei.lpVerb = TEXT("open");
      sei.lpClass = TEXT("exefile");
      return 0;

    We're merely using the lpClass member of the SHELL­EXECUTE­INFO structure to force the file to be interpreted as the type we specify, overriding the default type inference code.

  • The Old New Thing

    VirtualLock locks your memory into the working set, even if your threads are blocked


    Today, a correction to an earlier article on Virtual­Lock.

    When you lock memory with Virtual­Lock, it will remain locked even if all your threads are blocked. As noted in the Follow-up section at the end of the referenced article, the behavior of the operating system never changed. Virtually-locked pages were never unlocked in practice. What changed is that an implementation detail was elevated to contract. The intention when Virtual­Lock was originally designed was that virtually-locked pages were potentially unlockable if the application is not running. However, the memory manager folks never got around to implementing that part. At some point, they decided that they would abandon any future intention to to do and strengthened the contract accordingly.

    Mind you, Virtual­Lock does not guarantee that the same physical frame will always be assigned to the memory. The memory manager may reassign the memory to another physical frame in order to defragment memory so that it can allocate physically contiguous pages, primarily for I/O purposes, but occasionally to satisfy a large-page request. All it guarantees is that the memory will always be present.

    The memory manager folks tell me that locked memory remains locked even if the application is suspended. But I don't know whether that's an implementation detail or contractual, so I wouldn't run around relying on it.

  • The Old New Thing

    The United States Team uniforms for the opening ceremony is rather hideous, and illegal, and a bit anachronistic


    By the time you read this, the opening ceremony for a large sporting event organized by a lawsuit-happy organization may already have taken place. As part of the ceremony, the team representing the United States entered wearing ugly uniforms. They're so ugly that even the hideous Christmas sweater in your closet, the one with the reindeer and wreaths and candy canes, actually steps out, points, and laughs, saying "Ha ha, what an ugly sweater!"

    If you study the picture carefully, you will observe a number of things.

    First of all, the incorporation of the flag into the sweater pattern (and once in the pants) violates Title 4, Section 8, paragraphs(d) and (j) of the United States Code.¹

    (d) The flag should never be used as wearing apparel, bedding, or drapery. …

    (j) No part of the flag should ever be used as a costume or athletic uniform. However, a flag patch may be affixed to the uniform of military personnel, firemen, policemen, and members of patriotic organizations. …

    Of course, this section of the United States Code is violated constantly because it specifies no penalty for violation. Therefore, you can break this law all you want; even if caught, there is no punishment. (Exception: Penalties are specified for violations within the District of Columbia. So the Olympic Team had better not wear those sweaters when they meet with the President. Actually, that's probably good advice anyway from a fashion standpoint, completely ignoring the legal angle.)

    But more interesting is that if you look closely at the picture, you might notice that the giant flag in the background has 48 stars on it, which means that this photo was taken some time between 1912 and 1959. I guess they've been working on this uniform for a long time. Either that, or they decided to kick Alaska and Hawaii off the team.

    (Actually, if you're kicking states off the flag for not being part of the team, then the flag should have only 39 stars because there is nobody from Alabama, Arkansas, Delaware Louisiana, Maryland, Mississippi, New Mexico, Oklahoma, South Dakota, Tennessee, or West Virginia.)

    ¹ There is disagreement over whether a flag pattern counts as a flag. Since there is no enforcement, it doesn't really matter, so work with me here. I'm going somewhere with this.

  • The Old New Thing

    If an asynchronous I/O completes synchronously, is the hEvent in the OVERLAPPED structure signaled anyway?



    When an I/O completes (whether synchronously or asynchronously), the event is signaled and completion status notifications are queued. The Get­Overlapped­Result/Ex function can be used to wait on an I/O that has already completed; it will merely return immediately. If you ask Has­Overlapped­Io­Completed whether the I/O has completed, and the I/O completed synchronously, it will correctly report, "Yeah, of course it completed. Heck, it completed a long time ago!"

    In other words, you can logically treat the case of an asynchronous I/O request completing synchronously as if it had completed asynchronously. It just completes asynchronously before you even blinked.

  • The Old New Thing

    How do I prevent folders like My Pictures from being recreated?


    Another converse of How do I programmatically create folders like My Pictures if they were manually deleted? is How do I prevent folders like My Pictures from being recreated?

    Starting in Windows 7, there is a group policy called Disable Known Folders which lets you specify a list of known folders which should be disabled.

    If somebody tries to create a known folder programmatically, the call will fail with ERROR_ACCESS_DISABLED_BY_POLICY.

    Note that this policy only blocks creation of the folder. If the folder already exists, then the policy has no effect. (You're locking the door after the horse has bolted.)

  • The Old New Thing

    Racing email against a snail


    The Windows team double-dogfoods Windows Server and Exchange Server, and while this is good for both products, it can be quite frustrating when something goes wrong.

    I remember back in the early days of the Windows 95 project, the mail servers once got so messed up that some email messages were not delivered for several days. After a colleague told me that he had just received an email message that I had sent several days earlier, I went to the library to look up the typical speed of a garden snail. (This was back in the days when you had to use an actual library to look up facts, and cat videos were available only once a week. The Internet looked like this and a few years later, this.)

    Conclusion: A garden snail would have delivered the message faster than our email system.

    More recently, a wrinkle in the space-time continuum resulted in one of our automated systems sending out warning messages four months after the anomalous situation was detected. (The anomalous situation was repaired almost immediately, so the warning was not only late, it was spurious.)

    One of my colleagues remarked,

    I have a story I read to my grandkids where Frog writes Toad a letter and gives it to a passing snail, who delivers it to Toad's house four days later.

    Can we hire that snail?

    Today is Thank a Mailman Day.

  • The Old New Thing

    The new research citation format, if students got to design it



    ¹ The Internets.
    ² Ibid.
    ³ Ibid.

Page 7 of 419 (4,184 items) «56789»