Geoff Chappell - Software Analyst
You are at the home page of a website that has grown out of an academic interest in studying what software actually does. Sadly, what software actually does is much too often not exactly what the manufacturer says the software does.
Especially sad is that nobody checks much. Some explanation is that nobody cares much. After all, software does mostly work and few of its defects are matters of life or death. They’re not even costly. Most are mere nuisances. Yet software has become very important to how we all face the world. It’s not an essential utility such as water and electricity, but it arguably is more important to most than are television and the fixed-line telephone. Increasing reliance on software means that defects and changes have increasingly wide-ranging effects. An apparent tendency to monopoly means that consumers have no real power to change from the software they’ve become familiar with. Then those who might watch for consumers’ interests compound this situation by being incurious about what software actually does.
Even with a decade or so of widening awareness that some defects in software are problems for computer security and can indeed cost real money, if not lives, it’s still that too few care enough. One obstacle may be that even if we do care, there’s nothing practical to be done. Studying what any given software actually does is highly specialised, difficult and costly work. There’s not much possibility that the necessary skill is ever developed independently of the software industry, but there’s not much incentive within the industry. Since anyone who has the skill for studying software might otherwise have been a good programmer (or at least be good at debugging), it’s a diversion of engineering resources from work that might be more immediately productive of a financial return. Worse, it’s work that the software industry really would rather that nobody does, in part for not wanting to be watched, but also because it touches on a fundamental fear about software as intellectual property. To pick apart software to verify what its manufacturer says is not unrelated to picking it apart to re-engineer it as theft.
You should know up front that pretty much everything at this website has been obtained by reverse engineering computer software from commercial manufacturers, not so their ideas can be stolen and reworked, but so the actual working of what they sell can be discovered, reported and understood. I say my work is critical analysis, but if you think that reverse engineering can only be theft, then turn away now—or, better, browse this website’s thousands of pages to learn differently.
Software that is better understood is more reliably put to use. This is true especially for its use by programmers whose software interacts closely with an operating system. The software examined here is almost always Microsoft Windows or one of Microsoft’s programming tools for Windows. Very little that I write about any of this software is intended for a general readership. If anything, almost all is at the other extreme: I take as granted that you have a sound understanding of advanced Windows programming in general and a good knowledge of what Microsoft has already documented of the particular topic. It has to be this way, not just from my disposition and temperament but for the practical matter that I could not otherwise get to the detail that Microsoft’s documentation does not. Where I do cover material that Microsoft documents, it is not at all unusual that what I write conflicts with Microsoft’s documentation. That is much of the point to my proceeding with the intensive research that backs up the writing: you should be able to rely on me to be correct and Microsoft to be mistaken, because Microsoft at best documents what its programmers thought they coded into the software but my aim is to document what actually is there.
The result is a resource for Windows programmers. Indeed, I think it’s one of the Internet’s most detailed resources for Windows programmers, certainly about features of Windows programming that are otherwise hardly known. There are roughly three thousand pages here. Some are merely placeholders for work that never properly got under way or for introductions that I probably never will get round to writing. Some just track what’s new or was new. Others are statistics about what gets viewed. But the overwhelming bulk of pages here exist to say something original—not necessarily important, at least not to a wide audience, but original nonetheless. This is not one of those many websites that collate suppositions from who knows where on the Internet. Though I may slip up now and then, my intention is that all the substantive work at this site is original research into primary sources, unless another source is noted, or is the application of that research to comment on a primary or secondary source. Let it be stressed: the only primary source in a study of computer software is the software—not the product documentation, not even the source code, just the software as actually executed by the computer.
For more about the nature of this work and my reasons for doing it, please read Software Analysis by Reverse Engineering.
There are far too many pages at this website for you to navigate without the expandable table of contents to the left of this page. If you see no such thing, then please check the Browser Advice. For an overall description of how these many pages are organised and of what little I expect of you for reading them, see About This Site.
To criticise me, thank me or submit a wish list, please read the page about feedback. I am especially concerned, of course, to hear about errors which I need to correct.
To ask for help with a technical problem, even one that I address at this site, please consult me formally and expect to pay for my time.
This website is funded from consultation services for Windows programming. If you appreciate the research behind the site and the free publication of what I find time to write up, then please consult me for your Windows programming. If you have nothing to consult me on, then please recommend my consultation services as widely as possible.
Better, if you would like to see the research and writing become established as full-time work for the public good, then please recommend it to people who have the resources to fund it and may also have the will. If all you have is an idea for possible funding, it’s very possibly more than occurs to me with my limited mind for these things, so please send me your suggestion.