book

Windows® via C/C++, 5th Edition

Name: Windows® via C/C++, 5th Edition
ISBN: 9780735639904

by Jeffrey Richter, Christophe Nasarre

November 2007

Intermediate to advanced

848 pages

27h 15m

English

Microsoft Press

Read now

Unlock full access

Windows® via C/C++, Fifth Edition
Acknowledgments
Jeffrey’s Family
Christophe’s Family
Technical Assistance
Microsoft Press Editorial Team
Mutual Admiration
Introduction
64-Bit Windows
What’s New in the Fifth Edition
Code Samples and System Requirements
Support for This Book
Questions and Comments

I. Required Reading
1. Error Handling
Defining Your Own Error Codes
The ErrorShow Sample Application
2. Working with Characters and Strings
Character Encodings
ANSI and Unicode Character and String Data Types
Unicode and ANSI Functions in Windows
Unicode and ANSI Functions in the C Run-Time Library
Secure String Functions in the C Run-Time Library
Introducing the New Secure String FunctionsHow to Get More Control When Performing String OperationsWindows String Functions
Why You Should Use Unicode
How We Recommend Working with Characters and Strings
Translating Strings Between Unicode and ANSI
Exporting ANSI and Unicode DLL FunctionsDetermining If Text Is ANSI or Unicode
3. Kernel Objects
What Is a Kernel Object?Usage CountingSecurity
A Process’ Kernel Object Handle Table
Creating a Kernel ObjectClosing a Kernel Object
Sharing Kernel Objects Across Process Boundaries
Using Object Handle InheritanceChanging a Handle’s FlagsNaming ObjectsTerminal Services NamespacesPrivate NamespacesDuplicating Object Handles
II. Getting Work Done
4. Processes
Writing Your First Windows ApplicationA Process Instance HandleA Process’ Previous Instance HandleA Process’ Command LineA Process’ Environment VariablesA Process’ AffinityA Process’ Error ModeA Process’ Current Drive and DirectoryA Process’ Current DirectoriesThe System Version
The CreateProcess Function
pszApplicationName and pszCommandLinepsaProcess, psaThread, and bInheritHandlesfdwCreatepvEnvironmentpszCurDirpsiStartInfoppiProcInfo
Terminating a Process
The Primary Thread’s Entry-Point Function ReturnsThe ExitProcess FunctionThe TerminateProcess FunctionWhen All the Threads in the Process DieWhen a Process Terminates
Child Processes
Running Detached Child Processes
When Administrator Runs as a Standard User
Elevating a Process AutomaticallyElevating a Process by HandWhat Is the Current Privileges Context?Enumerating the Processes Running in the SystemThe Process Information Sample Application
5. Jobs
Placing Restrictions on a Job’s Processes
Placing a Process in a Job
Terminating All Processes in a Job
Querying Job Statistics
Job Notifications
The Job Lab Sample Application
6. Thread Basics
When to Create a Thread
When Not to Create a Thread
Writing Your First Thread Function
The CreateThread Function
psacbStackSizepfnStartAddr and pvParamdwCreateFlagspdwThreadID
Terminating a Thread
The Thread Function ReturnsThe ExitThread FunctionThe TerminateThread FunctionWhen a Process TerminatesWhen a Thread Terminates
Some Thread Internals
C/C++ Run-Time Library Considerations
Oops—I Called CreateThread Instead of _beginthreadex by MistakeC/C++ Run-Time Library Functions That You Should Never Call
Gaining a Sense of One’s Own Identity
Converting a Pseudohandle to a Real Handle
7. Thread Scheduling, Priorities, and Affinities
Suspending and Resuming a Thread
Suspending and Resuming a Process
Sleeping
Switching to Another Thread
Switching to Another Thread on a Hyper-Threaded CPU
A Thread’s Execution Times
Putting the CONTEXT in Context
Thread Priorities
An Abstract View of Priorities
Programming Priorities
Dynamically Boosting Thread Priority LevelsTweaking the Scheduler for the Foreground ProcessScheduling I/O Request PrioritiesThe Scheduling Lab Sample Application
Affinities
8. Thread Synchronization in User Mode
Atomic Access: The Interlocked Family of Functions
Cache Lines
Advanced Thread Synchronization
A Technique to Avoid
Critical Sections
Critical Sections: The Fine PrintCritical Sections and SpinlocksCritical Sections and Error Handling
Slim Reader-Writer Locks
Condition Variables
The Queue Sample ApplicationThe Queue Implementation DetailsThe Client Thread Is the WriterThreadConsuming Requests by the Server ThreadsDeadlock Issues When Stopping ThreadsUseful Tips and TechniquesUse One Lock per Atomically-Manipulated Object SetAccessing Multiple Logical Resources SimultaneouslyDon’t Hold a Lock for a Long Time
9. Thread Synchronization with Kernel Objects
Wait Functions
Successful Wait Side Effects
Event Kernel Objects
The Handshake Sample Application
Waitable Timer Kernel Objects
Having Waitable Timers Queue APC EntriesTimer Loose Ends
Semaphore Kernel Objects
Mutex Kernel Objects
Abandonment IssuesMutexes vs. Critical SectionsThe Queue Sample Application
A Handy Thread Synchronization Object Chart
Other Thread Synchronization Functions
Asynchronous Device I/OWaitForInputIdleMsgWaitForMultipleObjects(Ex)WaitForDebugEventSignalObjectAndWaitDetecting Deadlocks with the Wait Chain Traversal APIThe LockCop Sample Application
10. Synchronous and Asynchronous Device I/O
Opening and Closing DevicesA Detailed Look at CreateFileCreateFile Cache FlagsFILE_FLAG_NO_BUFFERINGFILE_FLAG_SEQUENTIAL_SCAN and FILE_FLAG_RANDOM_ACCESSFILE_FLAG_WRITE_THROUGHMiscellaneous CreateFile FlagsFILE_FLAG_DELETE_ON_CLOSEFILE_FLAG_BACKUP_SEMANTICSFILE_FLAG_POSIX_SEMANTICSFILE_FLAG_OPEN_REPARSE_POINTFILE_FLAG_OPEN_NO_RECALLFILE_FLAG_OVERLAPPEDFile Attribute Flags
Working with File Devices
Getting a File’s SizePositioning a File PointerSetting the End of a File
Performing Synchronous Device I/O
Flushing Data to the DeviceSynchronous I/O Cancellation
Basics of Asynchronous Device I/O
The OVERLAPPED StructureAsynchronous Device I/O CaveatsCanceling Queued Device I/O Requests
Receiving Completed I/O Request Notifications
Signaling a Device Kernel ObjectSignaling an Event Kernel ObjectGetOverlappedResultAlertable I/OThe Bad and the Good of Alertable I/OI/O Completion PortsCreating an I/O Completion PortAssociating a Device with an I/O Completion PortArchitecting Around an I/O Completion PortHow the I/O Completion Port Manages the Thread PoolHow Many Threads in the Pool?Simulating Completed I/O RequestsThe FileCopy Sample Application
11. The Windows Thread Pool
Scenario 1: Call a Function AsynchronouslyExplicitly Controlling a Work ItemThe Batch Sample Application
Scenario 2: Call a Function at a Timed Interval
The Timed Message Box Sample Application
Scenario 3: Call a Function When a Single Kernel Object Becomes Signaled
Scenario 4: Call a Function When Asynchronous I/O Requests Complete
Callback Termination Actions
Customized Thread PoolsGracefully Destroying a Thread Pool: Cleanup Groups
12. Fibers
Working with FibersThe Counter Sample Application
III. Memory Management
13. Windows Memory Architecture
A Process’ Virtual Address Space
How a Virtual Address Space Is Partitioned
Null-Pointer Assignment PartitionUser-Mode PartitionGetting a Larger User-Mode Partition in x86 WindowsGetting a 2-GB User-Mode Partition in 64-Bit WindowsKernel-Mode Partition
Regions in an Address Space
Committing Physical Storage Within a Region
Physical Storage and the Paging File
Physical Storage Not Maintained in the Paging File
Protection Attributes
Copy-on-Write AccessSpecial Access Protection Attribute Flags
Bringing It All Home
Inside the Regions
The Importance of Data Alignment
14. Exploring Virtual Memory
System InformationThe System Information Sample Application
Virtual Memory Status
Memory Management on NUMA Machines
The Virtual Memory Status Sample Application
Determining the State of an Address Space
The VMQuery FunctionThe Virtual Memory Map Sample Application
15. Using Virtual Memory in Your Own Applications
Reserving a Region in an Address Space
Committing Storage in a Reserved Region
Reserving a Region and Committing Storage Simultaneously
When to Commit Physical Storage
Decommitting Physical Storage and Releasing a Region
When to Decommit Physical StorageThe Virtual Memory Allocation Sample Application
Changing Protection Attributes
Resetting the Contents of Physical Storage
The MemReset Sample Application
Address Windowing Extensions
The AWE Sample Application
16. A Thread’s Stack
The C/C++ Run-Time Library’s Stack-Checking Function
The Summation Sample Application
17. Memory-Mapped Files
Memory-Mapped Executables and DLLsStatic Data Is Not Shared by Multiple Instances of an Executable or a DLLSharing Static Data Across Multiple Instances of an Executable or a DLLThe Application Instances Sample Application
Memory-Mapped Data Files
Method 1: One File, One BufferMethod 2: Two Files, One BufferMethod 3: One File, Two BuffersMethod 4: One File, Zero Buffers
Using Memory-Mapped Files
Step 1: Creating or Opening a File Kernel ObjectStep 2: Creating a File-Mapping Kernel ObjectStep 3: Mapping the File’s Data into the Process’ Address SpaceStep 4: Unmapping the File’s Data from the Process’ Address SpaceSteps 5 and 6: Closing the File-Mapping Object and the File ObjectThe File Reverse Sample Application
Processing a Big File Using Memory-Mapped Files
Memory-Mapped Files and Coherence
Specifying the Base Address of a Memory-Mapped File
Implementation Details of Memory-Mapped Files
Using Memory-Mapped Files to Share Data Among Processes
Memory-Mapped Files Backed by the Paging File
The Memory-Mapped File Sharing Sample Application
Sparsely Committed Memory-Mapped Files
The Sparse Memory-Mapped File Sample Application
18. Heaps
A Process’ Default Heap
Reasons to Create Additional Heaps
Component ProtectionMore Efficient Memory ManagementLocal AccessAvoiding Thread Synchronization OverheadQuick Free
How to Create an Additional Heap
Allocating a Block of Memory from a HeapChanging the Size of a BlockObtaining the Size of a BlockFreeing a BlockDestroying a HeapUsing Heaps with C++
Miscellaneous Heap Functions
IV. Dynamic-Link Libraries
19. DLL Basics
DLLs and a Process’ Address Space
The Overall Picture
Building the DLL ModuleWhat Exporting Really MeansCreating DLLs for Use with Non–Visual C++ ToolsBuilding the Executable ModuleWhat Importing Really MeansRunning the Executable Module
20. DLL Advanced Techniques
Explicit DLL Module Loading and Symbol LinkingExplicitly Loading the DLL ModuleDONT_RESOLVE_DLL_REFERENCESLOAD_LIBRARY_AS_DATAFILELOAD_LIBRARY_AS_DATAFILE_EXCLUSIVELOAD_LIBRARY_AS_IMAGE_RESOURCELOAD_WITH_ALTERED_SEARCH_PATHLOAD_IGNORE_CODE_AUTHZ_LEVELExplicitly Unloading the DLL ModuleExplicitly Linking to an Exported Symbol
The DLL’s Entry-Point Function
The DLL_PROCESS_ATTACH NotificationThe DLL_PROCESS_DETACH NotificationThe DLL_THREAD_ATTACH NotificationThe DLL_THREAD_DETACH NotificationSerialized Calls to DllMainDllMain and the C/C++ Run-Time Library
Delay-Loading a DLL
The DelayLoadApp Sample Application
Function Forwarders
Known DLLs
DLL Redirection
Rebasing Modules
Binding Modules
21. Thread-Local Storage
Dynamic TLSUsing Dynamic TLS
Static TLS
22. DLL Injection and API Hooking
DLL Injection: An Example
Injecting a DLL Using the Registry
Injecting a DLL Using Windows Hooks
The Desktop Item Position Saver (DIPS) Utility
Injecting a DLL Using Remote Threads
The Inject Library Sample ApplicationThe Image Walk DLL
Injecting a DLL with a Trojan DLL
Injecting a DLL as a Debugger
Injecting Code with CreateProcess
API Hooking: An Example
API Hooking by Overwriting CodeAPI Hooking by Manipulating a Module’s Import SectionThe Last MessageBox Info Sample Application
V. Structured Exception Handling
23. Termination Handlers
Understanding Termination Handlers by ExampleFuncenstein1Funcenstein2Funcenstein3Funcfurter1Pop Quiz Time: FuncaDoodleDooFuncenstein4Funcarama1Funcarama2Funcarama3Funcarama4: The Final FrontierNotes About the finally BlockFuncfurter2The SEH Termination Sample Application
24. Exception Handlers and Software Exceptions
Understanding Exception Filters and Exception Handlers by ExampleFuncmeister1Funcmeister2
EXCEPTION_EXECUTE_HANDLER
Some Useful ExamplesGlobal UnwindsHalting Global Unwinds
EXCEPTION_CONTINUE_EXECUTION
Use EXCEPTION_CONTINUE_EXECUTION with Caution
EXCEPTION_CONTINUE_SEARCH
GetExceptionCode
Memory-Related ExceptionsException-Related ExceptionsDebugging-Related ExceptionsInteger-Related ExceptionsFloating Point–Related Exceptions
GetExceptionInformation
Software Exceptions
25. Unhandled Exceptions, Vectored Exception Handling, and C++ Exceptions
Inside the UnhandledExceptionFilter FunctionAction #1: Allowing Write Access to a Resource and Continuing ExecutionAction #2: Notifying a Debugger of the Unhandled ExceptionAction #3: Notifying Your Globally Set Filter FunctionAction #4: Notifying a Debugger of the Unhandled Exception (Again)Action #5: Silently Terminating the ProcessUnhandledExceptionFilter and WER Interactions
Just-in-Time Debugging
The Spreadsheet Sample Application
Vectored Exception and Continue Handlers
C++ Exceptions vs. Structured Exceptions
Exceptions and the Debugger
26. Error Reporting and Application Recovery
The Windows Error Reporting Console
Programmatic Windows Error Reporting
Disabling Report Generation and Sending
Customizing All Problem Reports Within a Process
Creating and Customizing a Problem Report
Creating a Custom Problem Report: WerReportCreateSetting Report Parameters: WerReportSetParameterAdding a Minidump File to the Report: WerReportAddDumpAdding Arbitrary Files to the Report: WerReportAddFileModifying Dialog Box Strings: WerReportSetUIOptionSubmitting a Problem Report: WerReportSubmitClosing a Problem Report: WerReportCloseHandleThe Customized WER Sample Application
Automatic Application Restart and Recovery
Automatic Application RestartSupport for Application Recovery
VI. Appendixes
A. The Build Environment
The CmnHdr.h Header FileMicrosoft Windows Version Build OptionUnicode Build OptionWindows Definitions and Warning Level 4The pragma message Helper MacroThe chINRANGE MacroThe chBEGINTHREADEX MacroDebugBreak Improvement for x86 PlatformsCreating Software Exception CodesThe chMB MacroThe chASSERT and chVERIFY MacrosThe chHANDLE_DLGMSG MacroThe chSETDLGICONS MacroForcing the Linker to Look for a (w)WinMain Entry-Point FunctionSupport XP-Theming of the User Interface with pragma
B. Message Crackers, Child Control Macros, and API Macros
Message Crackers
Child Control Macros
API Macros
C. About the Authors
Jeffrey Richter
Christophe Nasarre
Index

Content preview from Windows® via C/C++, 5th Edition

Injecting a DLL as a Debugger

A debugger can perform special actions on a debuggee process. When a debuggee loads, the system automatically notifies the debugger when the debuggee’s address space is ready but before the debuggee’s primary thread executes any code. At this point, the debugger can force some code into the debuggee’s address space (using WriteProcessMemory, for example) and then cause the debuggee’s primary thread to execute that code.

This technique requires that you manipulate the debuggee thread’s CONTEXT structure, which means that you must write CPU-specific code. You have to modify your source code to work correctly on different CPU platforms. In addition, you probably have to hand-code the machine language instructions that ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780735639904Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Windows® via C/C++, 5th Edition

by Jeffrey Richter, Christophe Nasarre

Injecting a DLL as a Debugger

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

C Programming Language, 2nd Edition

A Tour of C++, 2nd Edition

The C++ Programming Language, 4th Edition

CLR via C#, Fourth Edition

Publisher Resources