New in January 2017

Still the writing of new material for free publication continues. Evidently I’m motivated by the intellectual enjoyment, for although I do believe that this work is commercially useful to others, continuing with it isn’t an obviously good strategy for bringing commercial benefit to me. I’d leave that as my grumble to keep to myself, except that I have to make a practical point. See that my topic for January 2017, following from the end of December 2016, is basic diagnostics functionality that’s over 20 years old. It just should not be possible that anyone can mine so old a field and find enough that seems new enough to be worth writing up.

How does this happen? How does such basic functionality get overlooked by so many for so long? Who in the substantial industry that’s built around the development of software for Windows can be satisfied with this? Who in the rapidly growing industry of assessing and improving computer security can be satisfied that we understand the operating system so little? Note on this last point that this little understood functionality hides a coding error that can crash Windows from user mode yet has been passed over, despite review by Microsoft and others, for more than 20 years.

Inevitably, what I have yet written about profiling sprawls while I settle on how best to model in text how the functionality is organised as code. It will get tightened the longer that I keep at it, if I do keep at it (or resume it, for I have ended up putting it aside for a while as insufficiently productive of commercial work). Amid the clutter meanwhile, please do not overlook the demonstration of how a program can profile its own execution. I know you programmers like to have code written for you.



Please, user-mode programmers, do not feel neglected! Though much of what I have been writing for the last few months is in my section on kernel-mode programming, that’s only because the kernel is where the relevant functionality is implemented. Much of this material about profiling and event tracing is very much intended to be used from, well, user mode.