Developer Tips & Hints

Run key (machine) Programs listed in the registry’s HKLM\Software\Microsoft\Windows\CurrentVersion\Run key are available at startup to all users. Run key (user) Programs listed in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run key run when the current user logs on. A similar subkey, HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run, can also be used. Load value Programs listed in the Load value of the registry key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows run when any user logs on. Scheduled tasks The Windows task scheduler (see “Using the Windows 7 Task Scheduler” on page 779) can specify tasks that run at startup. In addition, an administrator can set up tasks for your computer to run at startup that are not available for you to change or delete. Win.ini Programs written for 16-bit Windows versions can add commands to the Load= and Run= lines in the [Windows] section of this startup file, which is located in %SystemRoot%. The

Structure of a Portable Executable (source : http://www.csn.ul.ie/) The MS-DOS header occupies the first 64 bytes of the PE file. A structure representing its content is described below: Offset (hex) Meaning 00-01 0x4d , 0x5a. This is the "magic number" of an EXE file. The first byte of the file is 0x4d and the second is 0x5a . 02-03 The number of bytes in the last block of the program that are actually used. If this value is zero, that means the entire last block is used (i.e. the effective value is 512). 04-05 Number of blocks in the file that are part of the EXE file. If [02-03] is non-zero, only that much of the last block is used. 06-07 Number of relocation entries stored after the header. May be zero. 08-09 Number of paragraphs in the header. The program's data begins just after the header, and this field can be used to calculate the appropriate file offset. The header includes the relocation entries. Note th