1 -*- mode: outline -*- |
|
2 |
|
3 * Dependency Walker. |
|
4 |
|
5 Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows |
|
6 module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of |
|
7 all dependent modules. For each module found, it lists all the functions that |
|
8 are exported by that module, and which of those functions are actually being |
|
9 called by other modules. Another view displays the minimum set of required |
|
10 files, along with detailed information about each file including a full path |
|
11 to the file, base address, version numbers, machine type, debug information, |
|
12 and more. |
|
13 |
|
14 See |
|
15 |
|
16 http://www.dependencywalker.com/ |
|
17 |
|
18 * Windows 2000 Resource Kit Tools. |
|
19 |
|
20 http://support.microsoft.com/kb/927229 |
|
21 Windows 2000 Resource Kit Tools for administrative tasks |
|
22 |
|
23 * Sysinternals. |
|
24 |
|
25 TODO |
|
26 |
|
27 * Application verifier. |
|
28 |
|
29 http://www.microsoft.com/downloads/en/details.aspx?familyid=c4a25ab9-649d-4a1b-b4a7-c9d8b095df18 |
|
30 download page |
|
31 http://msdn.microsoft.com/en-us/library/ms220948.aspx |
|
32 Application Verifier |
|
33 |
|
34 * Debugging with windbg. |
|
35 |
|
36 http://www.microsoft.com/whdc/devtools/debugging/default.mspx |
|
37 Download and Install Debugging Tools for Windows |
|
38 http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx |
|
39 Debugging Tools for Windows 32-bit Version |
|
40 download page |
|
41 http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx |
|
42 Debugging Tools for Windows 64-bit Version |
|
43 download page |
|
44 |
|
45 ** Break on dll load/unload. |
|
46 |
|
47 sxe ld <module> |
|
48 sxe ud <module> |
|
49 |
|
50 ** Set breakpoint by pattern and/or on specific module. |
|
51 |
|
52 bm <module>!<name> # set breakpoints on 'module' with name 'name' |
|
53 bm *!<prefix>* # set breakpoints on all names with prefix 'prefix' |
|
54 bm <module>!* # set breakpoints on all names in module 'module' |
|
55 |
|
56 'bp', 'bm' commands sets software breakpoints, debugger replaces the processor instruction with a |
|
57 break instruction. |
|
58 |
|
59 ** Clear breakpoints. |
|
60 |
|
61 bc * |
|
62 |
|
63 ** How to set WinDbg as a Default Windows Postmortem Debugger. |
|
64 |
|
65 cmd> WinDbg -I |
|
66 |
|
67 ** How analyse crash. |
|
68 |
|
69 When program crash and use enter in WinDbg execute: |
|
70 |
|
71 !analyze -v |
|
72 |
|
73 ** Adding symbols from Symbol Server. |
|
74 |
|
75 Execute in WinDbg: |
|
76 |
|
77 .sympath SRV*D:\srv\symcache*http://msdl.microsoft.com/download/symbols |
|
78 |
|
79 or Ctrl+S and add: |
|
80 |
|
81 SRV*D:\srv\symcache*http://msdl.microsoft.com/download/symbols |
|
82 |
|
83 http://support.microsoft.com/kb/311503 |
|
84 Use the Microsoft Symbol Server to obtain debug symbol files |
|
85 |
|
86 ** Using the SymChk.exe utility to download symbols. |
|
87 |
|
88 symchk /r c:\windows\system32 /s SRV*c:\symbols\*http://msdl.microsoft.com/download/symbols |
|
89 |
|
90 ** Debugging child process. |
|
91 |
|
92 .childdbg 1 |
|
93 |
|
94 * Running at startup. |
|
95 |
|
96 HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
97 Launches a program automatically when a particular user logs |
|
98 in. This key is used when you always want to launch a program |
|
99 when a particular user is using a system. |
|
100 HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
101 Launches a program the next time the user logs in and removes |
|
102 its value entry from the registry. This key is typically used |
|
103 by installation programs. |
|
104 HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
|
105 Launches a program automatically at system startup. This key |
|
106 is used when you always want to launch a program on a |
|
107 particular system. |
|
108 HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
109 Launches a program the next time the system starts and removes |
|
110 its value entry from the registry. This key is typically used |
|
111 by installation programs. |
|
112 HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices |
|
113 Launches a service (a standard NT service or a background |
|
114 process) automatically at startup. An example of a service is |
|
115 a Web server such as Microsoft Internet Information Server. |
|
116 HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce |
|
117 Launches a service (a standard NT service or a background |
|
118 process) the next time the system is started, then removes its |
|
119 value entry from the registry. |
|
120 |
|
121 Values to registry on Windows XP can be added by: |
|
122 |
|
123 cmd> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v run.bat /t REG_SZ /d "path\to\run.bat" |
|
124 cmd> reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run <-- see what done |
|
125 |
|
126 * MFC. |
|
127 |
|
128 ** Can I link to MFC statically. |
|
129 |
|
130 Yes. |
|
131 |
|
132 http://msdn.microsoft.com/en-us/library/f22wcbea%28VS.80%29.aspx |
|
133 |
|
134 * Microsoft Visual C++ Redistributable Package. |
|
135 |
|
136 http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displayLang=en |
|
137 This package installs runtime components of C Runtime (CRT), |
|
138 Standard C++, ATL, MFC, OpenMP and MSDIA libraries. |
|
139 |
|
140 * Cabinet file (.cab). |
|
141 |
|
142 Extract content from .cab file: |
|
143 |
|
144 cmd# expand my.cab |
|
145 |
|
146 http://support.microsoft.com/kb/198038 |
|
147 INFO: Useful Tools for Package and Deployment Issues |
|
148 http://msdn.microsoft.com/en-us/library/aa367841%28VS.85%29.aspx |
|
149 The Makecab.exe utility is included in the Windows SDK |
|
150 Components for Windows Installer Developers. |
|
151 http://web.archive.org/web/20070403215326/http://download.microsoft.com/download/platformsdk/cab/2.0/w98nt42kmexp/en-us/cabsdk.exe |
|
152 download link from web archive |
|
153 http://msdn.microsoft.com/en-us/library/aa370834%28v=VS.85%29.aspx |
|
154 The components of the Windows Installer Software Development |
|
155 Kit are included in the Microsoft Windows Software Development |
|
156 Kit (SDK). |
|
157 http://msdn.microsoft.com/en-us/library/bb417343.aspx |
|
158 Microsoft Cabinet Format |
|
159 |
|
160 * Internet Explorer. |
|
161 |
|
162 ** Debugging. |
|
163 |
|
164 Install IE 8.0 and press 'F12' key. |
|
165 |
|
166 http://msdn.microsoft.com/library/dd565626.aspx |
|
167 Developer Tools User Interface Reference |
|
168 |
|
169 * Microsoft technologies. |
|
170 |
|
171 ** COM. |
|
172 |
|
173 The family of COM technologies includes COM+, Distributed COM (DCOM) and ActiveX® Controls. |
|
174 |
|
175 http://www.microsoft.com/com/default.mspx |
|
176 home page |
|
177 |
|
178 ** OLE. |
|
179 |
|
180 OLE (Object Linking and Embedding) allows embedding and linking to documents and other objects. |
|
181 |
|
182 OLE 1.0 released in 1990, OLE 2.0 released in 1993, in 1994 OLE custom controls (OCXs) were |
|
183 introduced. |
|
184 |
|
185 OLE objects and containers are implemented on top of the Component Object Model. |
|
186 |
|
187 Next release after 2.0 introdused in 1996 and named as ActiveX. |
|
188 |
|
189 http://en.wikipedia.org/wiki/Object_Linking_and_Embedding |
|
190 |
|
191 ** ActiveX. |
|
192 |
|
193 Faced with the complexity of OLE 2.0 and with poor support for COM in MFC, Microsoft rationalized |
|
194 the specifications to make them simpler, and rebranded the technology as ActiveX in 1996. |
|
195 |
|
196 http://msdn.microsoft.com/en-us/library/aa751968.aspx |
|
197 ActiveX Controls |
|
198 http://en.wikipedia.org/wiki/ActiveX |
|
199 |
|
200 ** ATL. |
|
201 |
|
202 The Active Template Library (ATL) is a set of template-based C++ classes developed by Microsoft, |
|
203 intended to simplify the programming of Component Object Model (COM) objects. |
|
204 |
|
205 http://en.wikipedia.org/wiki/Active_Template_Library |
|
206 |
|
207 ** MFC. |
|
208 |
|
209 MFC (Microsoft Foundation Classes) is a library that wraps portions of the Windows API in C++ |
|
210 classes, including functionality that enables them to use a default application framework. Classes |
|
211 are defined for many of the handle-managed Windows objects and also for predefined windows and |
|
212 common controls. |
|
213 |
|
214 A lightweight alternative to MFC is the Windows Template Library (WTL). |
|
215 |
|
216 http://en.wikipedia.org/wiki/Microsoft_Foundation_Class_Library |
|
217 http://ru.wikipedia.org/wiki/Microsoft_Foundation_Classes |
|
218 |
|
219 ** WTL. |
|
220 |
|
221 WTL (Windows Template Library) is a free software, object-oriented C++ template library for Win32 |
|
222 development. |
|
223 |
|
224 WTL provides support for implementing various user interface elements, to MDI, standard and common |
|
225 controls, common dialogs, property sheets and pages, GDI objects, and other common UI elements, such |
|
226 as scrollable windows, splitter windows, toolbars and command bars. |
|
227 |
|
228 Most of the WTL API is a mirror of the standard Win32 calls. |
|
229 |
|
230 http://sourceforge.net/projects/wtl |
|
231 http://en.wikipedia.org/wiki/Windows_Template_Library |
|
232 |
|
233 * Windows style variable names. |
|
234 |
|
235 Prefix | Data type |
|
236 ---------+----------------------------------------- |
|
237 b | boolean |
|
238 by | byte or unsigned char |
|
239 c | char |
|
240 cx / cy | short used as size |
|
241 dw | DWORD, double word or unsigned long |
|
242 fn | function |
|
243 h | handle |
|
244 i | int (integer) |
|
245 l | Long |
|
246 n | short int |
|
247 p | a pointer variable containing the address of a variable |
|
248 s | string |
|
249 sz | ASCIIZ null-terminated string |
|
250 w | WORD unsigned int |
|
251 x, y | short used as coordinates |
|
252 |
|
253 PrefixCategory | Mean |
|
254 ----------------+---------------- |
|
255 CS | Class style |
|
256 CW | Create window |
|
257 DT | Draw text |
|
258 IDC | Cursor ID |
|
259 IDI | Icon ID |
|
260 WM | Window message |
|
261 WS | Window style |
|
262 |
|
263 Data type | Meaning |
|
264 ----------+------------------------------------------------------------------- |
|
265 FAR | Same as far. Identifies an address that originally used the |
|
266 | segment:offset addressing schema. Now FAR simply identifies a |
|
267 | (default) 32-bit address but may be omitted entirely in many cases. |
|
268 | |
|
269 PASCAL | Same as Pascal. The Pascal convention demanded by Windows |
|
270 | defines the order in which arguments are found in the stack when |
|
271 | passed as calling parameters. |
|
272 | |
|
273 WORD | Unsigned integer (16 bits) |
|
274 | |
|
275 UINT | Unsigned integer, same as WORD |
|
276 | |
|
277 DWORD | Double word, unsigned long int (32 bits) |
|
278 | |
|
279 LONG | Signed long integer (32 bits) |
|
280 | |
|
281 LPSTR | Long (far) pointer to character string |
|
282 | |
|
283 NEAR | Obsolete, previously identified an address value within a 16KB |
|
284 | memory block. |
|
285 |
|
286 http://www.tenouk.com/cnotation.html |
|
287 C/C++ NOTATION STORY |
|