April 25, 2011

Mark Russinovich's Software Detective Stories


Mark Russinovich has published another of his software detective stories: "The Case of the Malicious Autostart". Russinovich's detective stories are great! Each one walks you through a puzzling case of mis-behaving software, and shows you how to apply careful, thorough analysis to break down the problem and solve the case.

Russinovich is quite well regarded here at work: we read his books, we study his blog, we use his tools constantly. When you're writing complex systems software, there's no such thing as "too much information"; we always want to learn more about how Windows does what it does, and why, and Russinovich's explanations are clear and thorough.

Prior to joining Microsoft, Russinovich was an independent consultant and operated his own web site, called Winternals (it was later renamed to SysInternals), and before that he worked for NuMega Technologies, which made the legendary SoftIce, a debugger so great it has its own eulogy (I have fond memories of my days using SoftIce).

When Mark was an independent consultant, his Sysinternals tools tended to be released with full source code, but now that he's moved to Microsoft, the tools are generally released in binary editions only. This is too bad, as the source code was quite helpful. It's great to use a tool; it's even more great to be able to learn how the tool is made, and how it does its job. Systems programmers love source code, and can never get enough of it; after all, we're the sort of programmers who learned by reading the VAX/VMS Microfiche listings with a copy of Ruth Goldenberg's famous "black book" by our side. Anyway, thanks again Mark, for a great post. Your fans appreciate it!