November 24, 2014
Hot Topics:

Snooping Around

  • November 12, 2003
  • By Mike Gunderloy
  • Send Email »
  • More Articles »

To use Developer Playground, you first select the process that you care about in the main window. This will cause Developer Playground to list all of the libraries that the process has loaded. Select a library, and the next window will show all of the exported functions in that library. From there, you can choose one or more functions to hook. As you work with the process, you'll be shown every call to the hooked functions in the lower window. If you like, you can also configure Developer Playground to show you the top of the stack with each call.

There are other little touches here to make exploring a process easier. You can send any module to OLEView or Depends (two utilities from the Platform SDK) to explore its COM properties and its dependencies. You can also search for references to any function name on Google, either across the entire Internet or limited to MSDN.

Developer Playground won't show you every detail of every process (for example, some functions simply don't export human-readable names), but it will go a long way in letting you figure out where some obscure (and potentially useful) bit of functionality is located.

Cobicon

Some programs just do one thing, but do it very well. Such an application is Cobicon, from Luis Cobian.



Click here for a larger image.

Most developers have, at best, limited graphics skills. That poses a problem for us when we need to use icons in our application, whether to represent nodes in a treeview or the minimized application on the Taskbar. What Cobicon does is show you all of the icons in a Windows executable or DLL file, and let you save them individually to .ico files. Of course, you need to be respectful of copyrights when you use this technique to grab icons, but there are many standard ones (like file and folder icons from shell32.dll) that everyone uses.

Cobicon also offers one feature that distinguishes it from other icon extractors that I've seen. You can specify a source folder and a destination folder, and with one click extract all of the icons from files in the source folder and put them in the destination folder. Try this with the System32 folder some time to see a truly staggering variety of Windows icons.

PE Resource Explorer

Of course, Windows PE files (the common format used by applications running on Windows) can contain other resources besides icons. If you want to see them all, try PE Resource Explorer



Click here for a larger image.

PE Resource Explorer understands the portion of the PE file format that stores resources: AVIs, bitmaps, strings, you name it. You can drill into any of these parts of a file to see what's there. I find this particularly useful when trying to get acquainted with a new application while it's still in beta and poorly documented. Inspecting bitmaps and strings can often give you a sense of what functionality is lurking in the application, waiting for you to find it.

In addition to viewing and saving resources, PE Resource Explorer actually lets you edit them. This is useful for doing quick localization on an application that you don't have the source for. For that matter, it can also lead to some interesting practical jokes (imagine Notepad with all of its menu items in Pig Latin, for instance).

CLR Profiler

My final free pick is CLR Profiler, a free tool for optimizing .NET applications available directly from Microsoft.



Click here for a larger image.

CLR Profiler is primarily a tool to use when trying to optimize your own .NET applications (though it can be fun - or appalling - to watch what happens with other .NET applications as well). It works by hooking into the part of the .NET Framework that keeps track of object allocations and garbage collections. To use CLR Profiler, you first open it up and then use it to launch a .NET application. Run the application as you normall would (though it will be much slower due to the amount of information being collected), and then go back to CLR Profiler to see the results.

These results are presented as a series of colorful graphs and histograms. You can see which objects took up the most space, where they were created and destroyed, which routines are heaviest, and so on. The graphs are well designed and can be filtered to let you home in on the problem parts of your program very quickly. There are commercial alternatives that do more, but if you want to get a start with profiling objects, the price is certainly right here.

About the Author

Mike Gunderloy is the author of over 20 books and numerous articles on development topics, and the lead developer for Larkware. Check out his MCAD 70-305, MCAD 70-306, and MCAD 70-310 Training Guides from Que Publishing. When he's not writing code, Mike putters in the garden on his farm in eastern Washington state.





Page 2 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Rocket Fuel