The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.
Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.
You can view the entire Sysinternals Live tools directory in a browser at live.sysinternals.com.
Or you can map the server to your drive:
net use y: \\live.sysinternals.com\tools
Windows Runtime, or shortly WinRT, is a new runtime (siting on top of the Windows kernel) that allows developers to write Metro style applications for Windows 8, using a variety of languages including C/C++, C#, VB.NET or JavaScript/HTML5.
WinRT is a native layer (written in C++ and being COM-based) that is intended as a replacement, or alternative, to Win32, and enables development of “immersive” applications, using the Metro style. Its API is object oriented and can be consumed both from native or managed languages, as well as JavaScript. At the same time the old Win32 applications will continue to run just as before and you can still (and most certainly will) develop Win32 applications.
Microsoft has created a new language called C++ Component Extension, or simply C++/CX. While the syntax is very similar to C++/CLI, the language is not managed, it’s still native. WinRT components built in C++/CX do not compile to managed code, but to 100% native code. A good news for C++ developers is that they can use XAML now to build the UI for immersive applications. However, this is not available for classical, Win32 applications.
Before you start here are several additional articles that you might want to read:
Windows Runtime reference
Author: Marius Bancila
Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities.
This is achieved by monitoring a native application’s interaction with the Windows operating system, profiling its use of objects, the registry, the file system, and Win32 APIs (including heaps, handles, locks, etc), and indicating issues when and where they are discovered.
Application Verifier also includes checks to predict how well an application may perform under various account privileges. These compatibility tests are used in Windows Logo program.
Print verification tests are also available to verify your usage of the print subsystem.
Download
Additional links:
VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.
Besides flexible views for analyzing live processes, VMMap supports the export of data in multiple forms, including a native format that preserves all the information so that you can load back in. It also includes command-line options that enable scripting scenarios.
VMMap is the ideal tool for developers wanting to understand and optimize their application’s memory resource usage.
Download VMMap
Run VMMap now from Live.Sysinternals.com
The desktop composition feature, introduced in Windows Vista, fundamentally changes the way applications display pixels on the screen. When desktop composition is enabled, individual windows no longer draw directly to the screen or primary display device as they did in previous versions of Microsoft Windows. Instead, their drawing is redirected to off-screen surfaces in video memory, which are then rendered into a desktop image and presented on the display.
Desktop composition is performed by the Desktop Window Manager (DWM). Through desktop composition, DWM enables visual effects on the desktop as well as various features such as glass window frames, 3-D window transition animations, Windows Flip and Windows Flip3D , and high resolution support. For more information about the user experience features enabled by the DWM visit the Windows Vista: Features user experience page.
Many of the DWM features can be controlled or accessed by an application through the DWM APIs . The following documentation describes some of the features and requirements of the DWM APIs.
Note: This paper is derived from the book The Security Development Lifecycle, by Michael Howard and Steve Lipner, Microsoft Press, 2006.
Prohibiting the use of banned APIs is a good way to remove a significant number of code vulnerabilities — this practice is reflected in Stage 6 of The Microsoft Security Development Lifecycle: “Establish and Follow Best Practices for Development.” It can also be referenced in Chapter 11 of the Microsoft Press Book The Security Development Lifecycle.
When the C runtime library (CRT) was first created about 25 years ago, the threats to computers were different; machines were not as interconnected as they are today, and attacks were not as prevalent. With this in mind, a subset of the C runtime library must be deprecated for new code and, over time, removed from earlier code. It’s just too easy to get code wrong that uses these outdated functions. Even some of the classic replacement functions are prone to error, too.
This list is the SDL view of what comprises banned APIs; it is derived from experience with real-world security bugs and focuses almost exclusively on functions that can lead to buffer overruns (Howard, LeBlanc, and Viega 2005). Any function in this section’s tables must be replaced with a more secure version. Obviously, you cannot replace a banned API with another banned API. For example, replacing strcpy with strncpy is not valid because strncpy is banned, too.
Also note that some of the function names might be a little different, depending on whether the function takes ASCII, Unicode, _T (ASCII or Unicode), or multibyte chars. Some function names might include A or W at the end of the name. For example, the StrSafe StringCbCatEx function is also available as StringCbCatExW (Unicode) and StringCbCatExA (ASCII).
More info
The Windows Animation Manager (Windows Animation) is a programmatic interface that supports the animation of visual elements of Windows applications. Windows Animation is designed to simplify the development and maintenance of animation sequences and to enable developers to implement animations that are consistent and intuitive. Windows Animation can be used with any graphics platform including Direct2D, Direct3D, or GDI+.
Basic Concepts
The two fundamental units of an animation are (1) the characteristic of a visual element to animate and (2) the description of how that characteristic changes over time. An application can animate a wide variety of characteristics such as position, color, size, rotation, contrast, and opacity.
In Windows Animation, an animation variable represents the characteristic to animate. A transition describes how the value of that animation variable changes as animation occurs. For example, a visual element might have an animation variable that specifies its opacity, and a user action might generate a transition that takes that opacity from a value of 50 to 100, representing an animation from semi-transparent to fully opaque. A storyboard is a set of transitions applied to one or more animation variables over time.
An application displays animations by constructing and playing storyboards and then drawing sequences of discrete frames as the values of animation variables change over time.
The Windows Ribbon (Ribbon) framework is a rich command presentation system that provides a modern alternative to the layered menus, toolbars, and task panes of traditional Microsoft Windows applications.
The Ribbon framework is a collection of Microsoft Win32 APIs that provides a host of new user interface capabilities for Windows developers and includes both the ribbon command bar and a context menu system. This rich, new command framework offers:
- Easy implementation for brand new Ribbon applications and straightforward migration of existing Win32 applications.
- Consistent appearance and behavior across Ribbon applications.
- Adherence to Windows user interface (UI) guidelines for a first-class Windows experience through accessibility standards, visual style (theming) support, automatic high contrast adjustments, and high dots per inch (dpi) awareness.
Additional: Ribbons are the modern way to help users find, understand, and use commands efficiently and directly—with a minimum number of clicks, with less need to resort to trial-and-error, and without having to refer to Help.
lpClass [in, optional]
The user-defined class type of this key.
This parameter may be ignored.
This parameter can be NULL.
Этот параметр позволяет при создании ключа задать строку, которая будет храниться с этим ключом, пока тот не будет удалён. После создания ключа, параметр не может быть изменён. Эта строка может быть прочитана с помощью функции RegQueryInfoKey.
Structured Storage provides file and data persistence in COM by handling a single file as a structured collection of objects known as storages and streams.
The purpose of Structured Storage is to reduce the performance penalties and overhead associated with storing separate objects in a single file. Structured Storage provides a solution by defining how to handle a single file entity as a structured collection of two types of objects—storages and streams—through a standard implementation called Compound Files. This enables the user to interact with, and manage, a compound file as if it were a single file rather than a nested hierarchy of separate objects.
Read more…
