Consultation

The theoretical work here is to develop and refine techniques for studying software without its source code, especially as an economical way of getting detailed and reliable answers to questions that might otherwise seem intractable. The practice comes from directing these techniques at Windows. The commercial application is to solve your problems of Windows programming.

To get my attention directed to your particular needs, please refer to the Fee Schedule and consider a formal consultation.

Of course, Windows is very big. I don’t know everything about it. But in my specialties, the systematic application of reverse engineering means I am an expert’s expert. Few others anywhere can be as well prepared for questions in these areas of Windows programming. Inter-operating with a huge, sophisticated, and yet sometimes only vaguely documented, operating system has in its nature that if what your programmers are attempting is the slightest bit innovative then there’s a good chance they spend a lot of time on trial and error, hoping to learn by experiment what does and doesn’t work. And the effort they put into this is not effort that’s going in to careful programming. You end up with software that is held together by the proverbial rubber bands and that nobody’s confident of, yet it still takes ages to develop. If you’re lucky, the bugs don’t bite you back too hard. You do better from the start to secure the close attention of someone with a record of deducing how Windows works.

A lot of Windows code has been analysed here as speculative research. This analysis is a sort of debugging in advance. Before you even imagine a specific problem of programming Windows, let alone before it costs you something in the real world, I may already have done much of the work required for knowing how to solve the problem, if not for its actual solution. Many questions that you, your programmers or your lawyers may have about Windows can be answered quickly and authoritatively—and if the information needed for the answer is not already known, it may be within easy reach. For many programming problems, you can get reliable advice on a design that you expect your own programmers to implement or you can get a solution coded efficiently for you.

Windows Programming

Some programming work with Windows just cries out to be done by a specialist who already knows how Windows behaves and what Windows expects or at least has proven ways of finding out quickly and reliably. You perhaps already have experience of a Linux programmer, even your best Linux programmer, feeling confident to do some system-level Windows programming and even of seeming to do it well—and then, over time, it becomes clear that not everything was quite right or even that some things were very wrong. At some low-enough level in the hierarchy from the hardware up through your software and beyond to the generality of other people’s software that will depend on yours, the details are highly specific to the operating system. Get that programming done by a specialist in that operating system!

Debugging

If you find yourself stepping into Microsoft’s code to debug your own problem but are soon overwhelmed by the unfamiliarity of it, then consider that I’ve been immersed in this stuff for years. Indeed, it’s my source material. Much of what you see at this site is alternative documentation of Microsoft’s code. If you’re lost in that code, there’s every chance that I’ve been in there before and I can help you out of it now.

Help from afar is especially easy when the system has itself detected a problem. For kernel-mode driver problems that have caused a bug check (blue screen), just send me the mini-dump file, your driver and a matching symbol file: that, plus a billing address, is enough nine times out of ten, without any delay from asking for other information.

Kernel-Mode Device Drivers

A long-standing specialty is kernel-mode programming, especially of file-system filter drivers and of device drivers for disk I/O. If you don’t see much sign of that specialty here at this site, it’s because this site is for free publication of research into Windows for the public interest, not for showing professional work that’s done in your interest.

User-Interface Enhancement

One subject that is much on display at this site is the Windows Shell (including its adaptation to support Internet Explorer). Very few Windows programs of any substance do not depend on the Windows Shell. Yet much is undocumented. For most of the history of Windows, it is often because of something new in the Windows shell that new versions of Windows programs from Microsoft have a new, distinctive and even useful appearance. If you want that your programs can do some of the interesting things you see in, say, List-View groups and footers in the Windows Explorer from Windows Vista, then the large amount of information I have published here for free may be enough to get you going. But the nature of writing, let alone for a freely accessible website, is that I write up only a tiny proportion of what I find. If you want that the rest of what I find is put to use working for you, then you have to ask.

Reverse Engineering

Although I regard as folly the notion that closed-source software can usefully be studied only by trying to reconstitute the missing source code, I haven’t been studying software for 20 years without having developed some translation skills.

You are likely familiar with how machine translations of one human language into another often suffice for getting a rough idea of what is meant but do not begin to help with detail and fall far short of being useful for legal proceedings. For any text written in another language, if you want to read it with as close a sense as possible to reading it as intended, then you need a human translator. Indeed, you will need a good one, and will do for many years yet.

So it is with software. The gobbledegook that’s spewed out by automated decompilers is impressive in its way but is just not readable for detail. For a properly crafted translation of x86 or x64 software into source code that actually does look like a human programmer wrote it, you need a human translator. Indeed, you will need a good one, and will do for many years yet.

If you’re in the unfortunate position of having lost the source code to your product, e.g., through contractual dispute, then few people anywhere will be as able to reconstruct readable maintainable source code for you.

If you’re in the better position of knowing that something’s wrong with someone else’s software that you are evaluating or already depend on, and you want your meeting with them to proceed from a position of strength, then just for your own understanding you should want to be armed with reconstructed readable source code in which someone clearly comments the defects. You don’t get that from automated decompilers.

Computer Security

As malware becomes more sophisticated, the time may come when even the anti-virus companies see some merit in getting what they call static analysis done by an expert. There is only so much you can sensibly hope to learn from observation, however systematically and carefully you set about it. If you need to know everything that some malware can possibly do (or have done), then you need to pick apart its code. To get that done comprehensively and reliably, ask someone who has made a point of practising it for years.

File Formats

Much the same applies to the reverse-engineering of proprietary file formats. If you want a competitor’s customers to become your customers, you typically have to overcome the huge obstacle that those customers have stored their work in your competitor’s file format. Your software will need at least to understand that format well enough for reliable conversion to yours.

The apparently traditional way to discover details of an undocumented file format is to create a wide variety of files in more-or-less controlled circumstances and hope to spot what turns up where. And I must admit that this does get you much of the way, if only after lots of fumbling and who knows how many iterations. But if you need to know everything about the file format, then there is no substitute for picking apart the code of whatever program is the definitive creator or interpreter of files in this format. To get that done comprehensively and reliably, ask someone who has made a point of practising it for years.

Real-Mode Programming

For the little while longer that PCs have a ROM BIOS to start executing code from disk in real mode, the exotic niche of real-mode programming just doesn’t want to disappear. Yet efficient coding in real mode is a skill that many people lost years ago, if they ever had it. Even though I, the author of DOS Internals long ago, haven’t written anything for MS-DOS in years, I have kept those real-mode skills alive on commercial software that is written to run from boot sectors before the Windows loader. If you’re in that niche of still needing to run code in real mode, I can help.