Scott Hanselman

The Weekly Source Code 33 - Microsoft Open Source inside Google Chrome

September 12, '08 Comments [42] Posted in Microsoft | Programming | Source Code | Windows Client
Sponsored By

First, let me remind you that in my new ongoing quest to read source code to be a better developer, Dear Reader, I present to you thirty-third in a infinite number of posts of "The Weekly Source Code."

That said, what does Microsoft Code have to do with Google Chrome, the new browser from Google? Take a look at the Terms and Conditions for the "Chromium" project up on Google Code. There are 24 different bits of third party software involved in making Chrome work, and one of them is WTL, the Windows Template Library, which was released as Open Source in 2004.

Chrome's use of the Open Source Windows Template Library

WTL is distributed under the MS-PL or Microsoft Public License. This is a VERY relaxed license that basically says "have fun, and don't call if there's trouble." In the Open Source world, licenses like that make people smile.

WTL is a C++ library for Win32 development and is kind of like MFC (Microsoft Foundation Classes), but a lot more lightweight. It was originally worked on by Nenad Stefanovic as an internal thing at Microsoft that was then released as an unsupported sample. Nenad is still listed on the old SourceForge project.

WTL embraces ATL (Active Template Library) which is a series of C++ template classes made to make COM development easier. It was more or less patterned after the STL (Standard Template Library). You may remember that folks like Chris Sells were hard-core ATL wonks. Chris and Chris Tavares (of P&P fame) worked on the ATL Internals book.

WTL was well loved going back to 2002. There's a great post from back then by Simon Steele about The Joys of WTL. Simon says:

The Windows Template Library (WTL) is MFC on template-based steroids - after a successful stretch on the slimfast plan. WTL provides the user-interface frameworks that we need to write proper GUI applications without resorting to the bloated MFC or complicated pure Win32 API programming. A number of the "must-have" classes from MFC are also available as WTL utility classes too, welcome back your old friends CPoint, CSize, CRect and most importantly CString! WTL produces small executables that do not require the MFC run time libraries - in fact if you stay clear of the Visual C++ runtime functions (strcpy and friends) you can dispense with msvcrt.dll as well - leading to really small programs, which run fast too

Windows Template Library was released as Open Source over 4 years ago which is like 28 Internet years. May of 2004 was a long time. I didn't think Microsoft was doing much Open Source that far back, but it appears they were. In fact, back as far as April of 2003 there was talk on the WTL Yahoo Group by Pranish Kumar, then of the Visual C++ team, of trying to figure out how to get the product out into the community in a way that would let it live on.

History: How WTL Became Open Source

I had an IM chat today with Pranish Kumar about how WTL made it out of a 2004 Microsoft as an Open Source project. I'd also encourage you to check out both the Shared Source page at MSFT, the Open Source page, and most importantly, Port 25.

Here's part of my IM with Pranish about how WTL was released:

[WTL] was one of the first if not the first OSS things from Microsoft and it was a tough sell. There was a meeting with some bosses where we were presenting 3 potential OSS items. I guess it was the first "real OSS" with joint MS/Community involvement as opposed to just us posting something externally. WTL was the only one that got approved.

Me: Did it start the Shared Source Initiative?

Yes in the broader sense, I think we took the basis for the license/process from Win CE and a few other components which Microsoft made available (in some form) as shared source. They also looked at BSD and some other licenses.

It was a fascinating experience for many reasons. One of them was seeing the reaction of various Microsoft execs to the whole open source/shared source idea. There was a lot of concern about OSS = Linux, and questions on whether there was business value in us engaging

It's pretty amazing how our stance/attitude has changed, one of the reasons WTL got through is because we convinced management, it had a passionate community base and would really help us foster that base.

I check in on the community now and then (not as regularly as I'd like) and I'm always impressed how it's remained strong.

One of the reasons I wanted to work for ScottGu was because of Microsoft's always improving attitude about releasing source. It's a big company and sometimes moves slow, but more people "get it" now than before.

Digging In

Chrome uses abstraction libraries to draw the GUI on other non-Windows platforms, but for now, what sits underneath part of ChromeViews is good ol' WTL. Makes sense, too. Why not use a native library to get native speeds? They are using WTL 8.0 build 7161 from what I can see.

Chromium is a lot of code. The source tarball is over 400 megs, if you want to try to compile it yourself with VS2005. Let's try to look at a few tiny interesting bits, though. You can check out their "Build Bot" if you like, and watch the development on the Linux and Mac Versions as they progress each day.

In some places, Chrome uses WTL for little stuff, like macros. For example, in the Chrome AeroTooltipManager, GET_X_LPARAM is a macro:

...snip...
if (u_msg == WM_MOUSEMOVE || u_msg == WM_NCMOUSEMOVE) {
int x = GET_X_LPARAM(l_param);
int y = GET_Y_LPARAM(l_param);
if (last_mouse_x_ != x || last_mouse_y_ != y) {
last_mouse_x_ = x;
last_mouse_y_ = y;
HideKeyboardTooltip();
UpdateTooltip(x, y);
}
...snip...

In other places, they rely on it more, like in text_field.cc that includes atlcrack.h. These are not drugs, mind you, but rather "message crackers" to help get at, and react to, the information inside Window Messages. These are used to create a "message map" of all the events you're interested in. These are macros that expand into an obscene amount of code. They are exceedingly handy.

// CWindowImpl
BEGIN_MSG_MAP(Edit)
MSG_WM_CHAR(OnChar)
MSG_WM_CONTEXTMENU(OnContextMenu)
MSG_WM_COPY(OnCopy)
MSG_WM_CUT(OnCut)
MESSAGE_HANDLER_EX(WM_IME_COMPOSITION, OnImeComposition)
MSG_WM_KEYDOWN(OnKeyDown)
MSG_WM_LBUTTONDBLCLK(OnLButtonDblClk)
MSG_WM_LBUTTONDOWN(OnLButtonDown)
MSG_WM_LBUTTONUP(OnLButtonUp)
MSG_WM_MBUTTONDOWN(OnNonLButtonDown)
MSG_WM_MOUSEMOVE(OnMouseMove)
MSG_WM_MOUSELEAVE(OnMouseLeave)
MSG_WM_NCCALCSIZE(OnNCCalcSize)
MSG_WM_NCPAINT(OnNCPaint)
MSG_WM_RBUTTONDOWN(OnNonLButtonDown)
MSG_WM_PASTE(OnPaste)
MSG_WM_SYSCHAR(OnSysChar) // WM_SYSxxx == WM_xxx with ALT down
MSG_WM_SYSKEYDOWN(OnKeyDown)
END_MSG_MAP()

They also use some handy helpers that are C++ classes around Windows structures. For example, the Windows POINT structure is a class in WTL called CPoint. The class actual derives from the struct. Lots of interesting stuff in there, and WTL is at a pretty low level helping out and keeping things tidy.

Now, moving on to something I found fascinating because it's not documented and may or may not have required some disassembling to accomplish.

Chrome's Odd Use of Data Execution Prevention

This part isn't explicitly about use of open source, but it's darned interesting. This is part of Chrome's WinMain(). It's long, but check out a few interesting bits. First, the big if/else at the beginning. They look at the command line and determine if they (the EXE) are one of three flavors...either a Renderer, a Plugin [host] process, or the Browser process. Notice that they have DEP (Data Execution Prevention) turned on for the Renderer and main Browser, but have to enable ATL7 thinking because there are plugins that weird build in older ways still out there. They are ultimately calling SetProcessDEPPolicy and passing in a flag to enable DEP, as well enabling ATL7 compiled processes. From MSDN help:

"Disables DEP-ATL thunk emulation for the current process, which prevents the system from intercepting NX faults that originate from the Active Template Library (ATL) thunk layer."

These new APIs were added in Vista SP1, Windows XP SP3 and WIndows 2008. Why is ATL special cased? From Michael Howard:

"Older versions of ATL, and by older I mean pre-Visual C++ 2005, used dynamically generated code in small isolated cases. Obviously, without the appropriate APIs this is going to cause problems on a DEP-enabled computer, because you can't execute data. This code is referred to as a "thunk" and versions of ATL in VC++ 2005 and later work correctly with DEP."

Some plugins that might run in a Chrome sandboxed process might be compiled in this way, so that process has a different security DEP setting than the others.

int APIENTRY wWinMain(HINSTANCE instance, HINSTANCE prev_instance,
wchar_t* command_line, int show_command) {
// The exit manager is in charge of calling the dtors of singletons.
base::AtExitManager exit_manager;

// Note that std::wstring and CommandLine got linked anyway because of
// breakpad.
CommandLine parsed_command_line;
std::wstring process_type =
parsed_command_line.GetSwitchValue(switches::kProcessType);

const wchar_t* dll_name = L"chrome.dll";
if (process_type == switches::kPluginProcess) {
// Plugin process.
// For plugins, we enable ATL7 thunking support because we saw old activex
// built with VC2002 in the wild still being used.
sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED_ATL7_COMPAT);
} else if (process_type == switches::kRendererProcess) {
// Renderer process.
// For the processes we control, we enforce strong DEP support.
sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED);
} else {
// Browser process.
// For the processes we control, we enforce strong DEP support.
sandbox::SetCurrentProcessDEP(sandbox::DEP_ENABLED);
}
...snip...
}

When you dig into their use of DEP, notice this interesting comment, as they try to get DEP working under Windows XP SP2 and Windows Server 2003 SP1. They are using the totally unsupported technique outlined in this article from 2005 to try to turn on DEP. If you try to call this on Vista you'll get back STATUS_NOT_SUPPORTED, of course. ;) There's an official Vista API, and that's SetProcessDEPPolicy.

As an side, and interestingly enough, this undocumented API has been added as a patch just last week to WINE (Windows Emulation) for those who try to emulate Windows under Linux, but outside a VM.

Note the most interesting comment in the method:

"// Completely undocumented from Microsoft. You can find this information by
// disassembling Vista's SP1 kernel32.dll with your favorite disassembler.
enum PROCESS_INFORMATION_CLASS {
ProcessExecuteFlags = 0x22,
}"

Looks like The Chromium authors may have disassembled part of the Windows Kernel in order to achieve this security feature under Windows XP SP2. Probably not cool to do that, but they're clearly doing it for good and not evil, as their intent (from reading their code) is to make their browser safer under XP SP2 and prevent unwanted code execution.

This internal and totally unsupported API is in the Microsoft Windows Internals 4th Edition, Chapter 6, on download.microsoft.com (PDF). It's also mentioned in a Microsoft Research PowerPoint (PPTX). An architect on the Windows Kernel team point out in a forum posting that this was internal:

"I want to stress as a disclaimer that NtSetInformationProcess, class ProcessAccessToken, is an undocumented and unsupported infterface. It is reserved for system component use and is subject to change between operating system releases"

You can see the dance Chrome does below or on their source site. They poke around looking for a method that does what they want, using GetProcAddress:

namespace sandbox {

namespace {

// These values are in the Windows 2008 SDK but not in the previous ones. Define
// the values here until we're sure everyone updated their SDK.
#ifndef PROCESS_DEP_ENABLE
#define PROCESS_DEP_ENABLE 0x00000001
#endif
#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
#endif

// SetProcessDEPPolicy is declared in the Windows 2008 SDK.
typedef BOOL (WINAPI *FnSetProcessDEPPolicy)(DWORD dwFlags);

// Completely undocumented from Microsoft. You can find this information by
// disassembling Vista's SP1 kernel32.dll with your favorite disassembler.
enum PROCESS_INFORMATION_CLASS {
ProcessExecuteFlags = 0x22,
};

// Flags named as per their usage.
const int MEM_EXECUTE_OPTION_ENABLE = 1;
const int MEM_EXECUTE_OPTION_DISABLE = 2;
const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4;
const int MEM_EXECUTE_OPTION_PERMANENT = 8;

// Not exactly the right signature but that will suffice.
typedef HRESULT (WINAPI *FnNtSetInformationProcess)(
HANDLE ProcessHandle,
PROCESS_INFORMATION_CLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength);

} // namespace

bool SetCurrentProcessDEP(DepEnforcement enforcement) {
#ifdef _WIN64
// DEP is always on in x64.
return enforcement != DEP_DISABLED;
#endif

// Try documented ways first.
// Only available on Vista SP1 and Windows 2008.
// http://msdn.microsoft.com/en-us/library/bb736299.aspx
FnSetProcessDEPPolicy SetProcDEP =
reinterpret_cast<FnSetProcessDEPPolicy>(
GetProcAddress(GetModuleHandle(L"kernel32.dll"),
"SetProcessDEPPolicy"));

if (SetProcDEP) {
ULONG dep_flags;
switch (enforcement) {
case DEP_DISABLED:
dep_flags = 0;
break;
case DEP_ENABLED:
dep_flags = PROCESS_DEP_ENABLE |
PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION;
break;
case DEP_ENABLED_ATL7_COMPAT:
dep_flags = PROCESS_DEP_ENABLE;
break;
default:
NOTREACHED();
return false;
}
return 0 != SetProcDEP(dep_flags);
}

// Go in darker areas.
// Only available on Windows XP SP2 and Windows Server 2003 SP1.
// http://www.uninformed.org/?v=2&a=4
FnNtSetInformationProcess NtSetInformationProc =
reinterpret_cast<FnNtSetInformationProcess>(
GetProcAddress(GetModuleHandle(L"ntdll.dll"),
"NtSetInformationProcess"));

if (!NtSetInformationProc)
return false;

// Flags being used as per SetProcessDEPPolicy on Vista SP1.
ULONG dep_flags;
switch (enforcement) {
case DEP_DISABLED:
// 2
dep_flags = MEM_EXECUTE_OPTION_DISABLE;
break;
case DEP_ENABLED:
// 9
dep_flags = MEM_EXECUTE_OPTION_PERMANENT | MEM_EXECUTE_OPTION_ENABLE;
break;
case DEP_ENABLED_ATL7_COMPAT:
// 0xD
dep_flags = MEM_EXECUTE_OPTION_PERMANENT | MEM_EXECUTE_OPTION_ENABLE |
MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION;
break;
default:
NOTREACHED();
return false;
}

HRESULT status = NtSetInformationProc(GetCurrentProcess(),
ProcessExecuteFlags,
&dep_flags,
sizeof(dep_flags));
return SUCCEEDED(status);
}

} // namespace sandbox

It's a really interesting read and there's a lot of stuff going on in the comments, like TODOs, HACKs, and the like. All the stuff you'd expect to see any application of significant size. Funny, it's been at least 5 years since I've thought about C++ deeply. And to think I used to do all this -> stuff full time for money!

There's lots more to see. Check out the About Box version checks where they were blocking on Vista SP1 with UAC disabled. Also, the Threading stuff is interesting as they have a Thread Class that was ported to Mac and Linux. Finally check out Pickle.cc, as they serialize objects by "pickling them." Pickle is serialization for Python, and this looks like they're serializing between C++ and Python, and this is a C++ implementation of Pickle.

Back on WTL, you can download the final MS release of WTL 7.1 at Microsoft Downloads if you're interested. However, the more interesting release is the 8.0 release from June of 2007. This was the most recent release from the community! WTL 8 includes full support for Vista!

I think it's great that Microsoft is releasing more and more code in either Shared Source, Reference Source, or my favorite, Open Source as MS-PL. The fact that Google was able to use it, even this small part, really speaks to the spirit of Open Source.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Friday, September 12, 2008 7:30:17 AM UTC
Scott, what an interesting post. I don't have the time to dabble around in other people's code any more but it's a great way to learn different things. Hadn't realised Microsoft was active in Open Source so long ago too.
Friday, September 12, 2008 7:55:52 AM UTC
WTL Yahoo Gruop? Right there at the end?
Friday, September 12, 2008 8:03:53 AM UTC
Oh Man! This is brings me back some years ago :) I loved WTL, it was what MFC far better than MFC for C++ (IMHO).
Friday, September 12, 2008 8:25:04 AM UTC
Great story, thanks for sharing.
By 2004, many groups at MSFT had been posting source for years, and involving community in its creation, and sharing it with quite permissible licenses. :)
Friday, September 12, 2008 8:34:32 AM UTC
WTL 8.0 is actually the second community release - the first was WTL 7.5.

Here's to WTL 9.0! :)
Friday, September 12, 2008 9:31:28 AM UTC
I wonder if we could get the IE team to use WebKit ;-)

Pickle.cc >> could this mean Pythonic plugins/client-side apps in the future? Cool if so


Friday, September 12, 2008 10:25:58 AM UTC
Hah, I'd forgotten even writing that article! I too was very interested to see where WTL was used in the Chrome code base, as it seemed it would have to be fairly well hidden to give them a good cross-platform code base. I'm still using WTL now for Programmer's Notepad - it was a good choice that's served me well.

Oh, and I'd wondered where the traffic spike came from. It was only when reading my feeds and noticing my name that it clicked :)
Friday, September 12, 2008 11:37:50 AM UTC
This is a very well written article.Easy to follow.I am happy that I came across this.Thank you.
Friday, September 12, 2008 3:59:57 PM UTC
This shows how insanely better is Open Source for us developers. I mean, Google releases a browser and less than a week later you can discuss critical technical issues with solid bases. And you can see the problems they faced and how they got around them. This is an invaluable learning asset for the developers, and I think Google gets it, and Microsoft doesnt. Well, maybe Microsoft does get it, they have a lot of smart people, but it chooses not to care. When was the last time you saw the source code for an important Microsoft project released as Open Source?
Martin
Friday, September 12, 2008 4:45:55 PM UTC
I have this itch to build something that wants to generate code on the fly. This raises concerns for how to do this and not excite DEP. It seems there are polite ways to do this, but I glazed over somewhere there and I'm not sure I've got it.

Can you say more about how to do on-the-fly code generation and execution (preferably on the stack, too, but I am willing to give that up to stay DEP-safe). No this is not about exploits but about getting full power out of functional programming and use of curried code.
Friday, September 12, 2008 5:53:35 PM UTC
Martin - ASP.NET MVC not an important project? Also, remember that source is available (not Open Source, but "Source Opened" for Reference) for the entire .NET Framework. Also, there's a pile of things released as MS-PL or MS-rPL.

I agree that it's a developer's dream. Believe me, there are lots of people inside Microsoft who's knee-jerk reaction is to release code as Open Source. That's their *first* reaction, myself included. It's happening, give it time.
Friday, September 12, 2008 5:57:27 PM UTC
@Martin:

When was the last time you saw the source code for an important Microsoft project released as Open Source?


Well, I suppose you mean as important as the .NET base class libraries?

.NET Framework Library Source Code now available


-Matt
Friday, September 12, 2008 7:00:06 PM UTC
Meh. Thanks for the reminder for why I never got into C++ as a kid... Lol
Erik
Friday, September 12, 2008 7:01:13 PM UTC
@Matt - The .NET BCL is *not* open source. The license is for reference use only - if you use that code for anything beyond debugging, you can get bitten.
Erik
Friday, September 12, 2008 7:09:34 PM UTC
Great post Scott. I'm not a developer by any stretch of the imagination, but my ancient coding background back in the mid to late 80's has me treading water, and very interested in reading articles like this. I'm curious to see what kind of a reaction Chrome will get from MS and its potential impact on future versions of IE and other browsers.

I'll see if I can put together a mix this weekend to top Memory Leak, and send you a link ...
Friday, September 12, 2008 7:14:10 PM UTC

> WTL Yahoo Gruop? Right there at the end?

And right below that is a "Google Adsense" ad right on his blog, no less.

Maybe Microsoft does not pay him enough to write OSS software? :-)

Oh no! Did I accidently use "Google Chrome" to post this?

Friday, September 12, 2008 7:50:25 PM UTC
Actually, I was just pointing out a typo for Scott to fix. Not being mean.
Friday, September 12, 2008 7:51:54 PM UTC
DJ Bolivia > I like this song, very cool!, but i like "Google Chrome" more than - -" just kidding :-)
Guru
Saturday, September 13, 2008 12:11:50 AM UTC
my thoughts on google chrome
http://snsays.com/260/google-chrome/
Saturday, September 13, 2008 9:35:05 AM UTC
@orcmid:

How much code are we talking about here? If it's just little bits, allocate a chunk of memory with virtualalloc (minimum size: 64KB) with RW protection, write your code there, and virtualprotect it to RX. You might want to maintain a couple of variables to track the space that's free and occupied by code fragments.
nksingh
Saturday, September 13, 2008 5:01:43 PM UTC
I wrote a coupla intro articles on WTL in 2000 that might still be interesting:

http://www.sellsbrothers.com/writing/wtlpart1.zip

http://www.sellsbrothers.com/writing/wtlpart2.zip

Enjoy!
Sunday, September 14, 2008 2:09:16 AM UTC
WTL was Microsoft's SECOND Open Source library, their first was some "XML Installer API thingie" which I can't remember the name of. I remember this very well since at that time WTL was a "competitor" of one of my own pet projects - SmartWin++ which is BSD licensed and in fact I frankly do not understand why Chrome does not use instead of WTL since WTL is really _bad_ C++ due to their extreme use of macros inherited from MFC and among other things the CString class which is a really bad implementation of a string class. Try to compile this for one in VC++;
"CString x;delete x;"
Also SmartWin doesn't use thunks but actually std::map to declare all the different event handlers for WM_x messages. So the whole DEP things are irellevant there. SmartWin++ is also strongly typed too. Though I think WTL probably due to SmartWin's extreme use of templates (far more heavy usage than WTL) probably generates smaller executable code which might have been the reason. Though when we're at alternatives, why didn't the Chrome guys use Qt in fact...?
That would have given them all the cross OS parts completely for FREE! And I know Google have used Qt before in among other things Google Talk...?
Qt is probably the most portable and mature GUI library for C++ in the world. In addition it's also commercially backed by Trolltech (Nokia now in fact)
But anyway, interesting blog Scott, a trip down the "memory lane" for us all I guess :)
Sunday, September 14, 2008 10:44:56 AM UTC
Great article Scott, i didn't really expect Chrome to use WTL but i guess it makes "some" sense.

Anyhow i've bookmarked your site so i can go over this at a less absurd hour.
Sunday, September 14, 2008 7:41:18 PM UTC
This is Windows API development par exellence. Reminds me of those days I was dev'ing for the Win32 Platform with Visual Basic 5 a decade ago.
Frederick
Monday, September 15, 2008 1:05:40 AM UTC
Very nice article Scott! But I think you're showing a bit too much hacker-to-hacker solidarity here. IMO reverse-engineering the kernel and relying on undocumented features is by no means "just not too cool" or acceptable at all. Maybe I'm just too much of an idealist?
Monday, September 15, 2008 4:51:24 PM UTC

Looks like The Chromium authors may have disassembled part of the Windows Kernel
in order to achieve this security feature under Windows XP SP2. Probably not cool to do that,
but they're clearly doing it for good and not evil, as their intent...


Scott,
If by "not cool" you mean "not legal", you're incorrect. Reverse engineering has long been held a legitimate form of discovery by the courts and U.S. law. The U.S. Supreme Court has decided the issue of reverse engineering in mechanical technologies several times, upholding it under the principles that it is an important method of the dissemination of ideas and that it encourages innovation in the marketplace.

That tradition continues with software reverse engineering such as you describe. The courts have recognized the value of reverse engineering to, for example, determine whether a competitor's product contains patent or copyright infringements. Although frequently listed in EULAs as a disallowed action, so far the courts have uniformly held those restrictions to be unenforceable. This was most recently affirmed in "DVD Copy Control vs. Bunner", 2004. When reverse engineering is used for interoperability purposes, as Google does in the instance you cite, the courts have uniformly rejected EULA prohibitions. In Sega v. Accolade (2003), the court held "...[W]here disassembly is the only way to gain access to the ideas and functional elements embodied in a copyrighted computer program and where there is a legitimate reason for seeking such access, disassembly is a fair use of the copyrighted work, as a matter of law."

Currently the only explicitly illegal reverse engineering is that prohibited by the onerous DMCA, which DMCA proponents claim falls under the "no circumvention" provisions (e.g. Blizzard v. BNETD). DMCA clearly contradicts existing copyright law, a conundrum that the courts have yet to resolve. However, even the DMCA states that reverse engineering can be done for the purposes of ensuring inter-operability between software components.

So, no need to be coy about decompiling.
Monday, September 15, 2008 5:28:55 PM UTC
Mel - I am sure he meant 'not cool' as in unsupported and likely to break if MS releases an update.

It is never cool to use internal/undocumented functions if you have the choice. MS is the king of keeping legacy code working, but if they mark it 'internal' it is fair game for breaking changes.
Jorgie
Monday, September 15, 2008 11:17:30 PM UTC

I think Google gets it, and Microsoft doesnt.


What Google gets is that they can keep all their valuable code closed source while using Open Source products by hiding behind the LGPL. WHat Google actually releases as open source is stuff that is meant to drive the value out of their competitors, not the stuff where they keep their value (which is on the server side).

If you think Google are somehow altruistic "good guys" you're a fool. They're in this for the money just like any other public corporation. They've just figured out how to leverage the OSS community to their own advantage.
geekraver
Tuesday, September 16, 2008 1:05:00 PM UTC
geekraver, you are SO right!!!
Tuesday, September 16, 2008 3:48:33 PM UTC
Nice post. I have been going gaga over Chrome these past few days. Your post caused an article here: http://www.campustechnology.com/articles/67551

And why not take this opportunity to link to my post on Chrome: http://blog.gadodia.net/google-chrome-vs-mozilla-firefox/
Tuesday, September 16, 2008 7:35:00 PM UTC
Wonder why nobody has built a browser written in 100% .NET. Just too slow I guess.
Dave
Wednesday, September 17, 2008 3:37:09 AM UTC
Great post, its interesting to see an analysis of the DEP workarounds Chrome uses...

@Thomas
The project was WIX... we use it internally and its a great tool! MSFT used it for Sql Server 2005 and Office 2007 on WIX if I recall right...
Wednesday, September 17, 2008 1:50:31 PM UTC
WTL rocks. I've been using on a major project since 2001 - yes 2001. Apart from being lean and mean, you can turn to the src to find out what it does. I'd also heard that Movie Maker was written using it. It'll be interesting to see how Google implement the Mac version. Given the effort put into the WTL version of Chrome, maybe someone is porting WTL to the Mac. I'm not sure that's a good fit.
Thursday, September 18, 2008 11:39:56 AM UTC
WTL does indeed "rock" - we've been using it in our main product (Visual Lint) since it's inception in 2004, and I have to say that the code is far easier to work with than the dinosaur that MFC has become. The only real downside is lack of complete documentation (particularly for those coming from an MFC background) - but Mike Dunn's excellent articles on CodeProject are a great help there. Personally, I just read the source though! ;)

WTL is tied to ATL, so a cross platform port is somewhat unlikely. I suspect that if that could be overcome there are lots of people who would like to see it though...
Friday, September 19, 2008 1:18:02 AM UTC
Why Microsoft will not use that code as Google?
After all, IE is sucks.
Carutcho
Monday, September 22, 2008 12:27:32 PM UTC
A really interesting post Scott!! It's really nice to see how open source projects helps to improve security features and many other features in software!!
Monday, September 22, 2008 8:40:31 PM UTC
About pickling, I believe the method was created in Python, proved itself useful, and then got rewritten in C++ *for Python* to improve speed. So now Python has a Pickle package and a cPickle package.

I imagine the Chrome team just used the c implementation and don't actually deal with any Python. But if I'm wrong that would be pretty damn cool!
Tuesday, September 23, 2008 10:52:35 AM UTC
It's very cool to see WTL used in Chrome and a testament to the value of the library after all these years.

Nenad especially has really done a wonderful job of keeping WTL fresh and pushing through the political minefield to get it released in a full open source form. In fact I'll buy him a beer the next time I see him for the 10+ years he stuck with it.

As far as the thunk, it existed prior to WTL proper and was created for ATL 2.0 when we added the ActiveX control support. We had experimented with a few different ways of handling messages and eventually Jim Springfield came up with the idea of the thunk. Both he and I wrote the initial implementation and the original was 5 instructions long. After a bit of work we got it down to just 2 instructions and we thought it was probably good enough.

We also created thunks for the DEC Alpha, MIPS and PowerPC so even back in 1996 it was somewhat portable. Also, I seem to remember the Mainsoft guys ported pretty much everything we were doing to unix back then too.

Of course in 1995/1996 we weren't really thinking too much about DEP, just how to make it go fast on a 200 MHz Pentium Pro :) I really had to laugh when I read about the hacks in the Windows kernel to detect our little thunks!

I would imagine that Google chose WTL over say Smartwin++ because WTL is more broadly used, closer to the metal, easy to remove the dependency if necessary, and finally in the browser wars speed still counts for a lot. I imagine that one or more of the team had also used WTL before.

It's probably fine to do a dictionary lookup these days for every window message but at the time this was written it just wouldn't have been acceptable. Also, these days you might think that macros are bad but it was a very important tool of the trade back then and there are still some days I wish they existed in some form in C#. In any case, the message maps in WTL really aren't that bad, especially compared to some alternatives and you get to use atlcrack.h which must be good for you!

By the way, great Blog Scott, I often read it.
Thursday, September 25, 2008 10:50:16 PM UTC
ooops, there is an unreadable sentence in the blog
" have to enable ATL7 thinking because there are plugins that weird build in older ways still out there"

probably mean to be
" have to enable ATL7 THUNKING because there are plugins that WERE builT WITH THE older ways still out there"
ulric
Thursday, October 09, 2008 11:04:10 AM UTC
Dear came to your site after seeing the ZD net Blog... And dear, some one may even say, its because of that MS code that Chrome is buggy :)
Thursday, October 16, 2008 5:15:43 AM UTC
"The Weekly Source Code." That said, what does Microsoft Code have to do with Google Chrome, the new browser from Google? Take a look at the Terms and Conditions for the "Chromium" project up on Google Code. There are 24 different bits of third party software involved in making Chrome work, and one of them is WTL, the Windows Template Library, which was released as Open Source in 2004. Chrome's use of the Open Source Windows Template Library WTL is distributed under the MS-PL or Microsoft Public License. This is a VERY relaxed license that basically says "have fun, and don't call if there's trouble." In the Open Source world, licenses like that mak WTL is a C++ library for Win32 development and is kind of like MFC
-----------------------------------
amsn

<a href="http://www.hanselman.com" rel="dofollow"</a>
Tuesday, October 21, 2008 9:26:41 PM UTC
Linux, Gnu, Unix
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.