Debugging Internet Explorer – A Beginner’s Guide

As a Program Manager on the IE team, I spent comparatively little time running Internet Explorer under the debugger. In contrast, the IE developers were far more adept at solving problems with advanced debugging techniques. Nevertheless, over the years I picked up a few tricks that proved useful from time-to-time. In this post, I outline…


Sharpen the Saw

Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in cash, kids, this was before credit cards got popular) and you’d get your cardboard box…


Enhanced Mitigation Experience Toolkit Update

Microsoft’s Security Research and Defense team has released an updated version of their Enhanced Mitigation Experience Toolkit (EMET), a tool that allows the application of enhanced security mitigations around the application of your choice. While Internet Explorer 9 already natively includes many of the protections that EMET provides (including DEP/NX and SEHOP), the tool includes several…


Writing Files from Low-Integrity Processes

Internet Explorer 7 introduced Protected Mode, which uses Windows’ Integrity Controls feature to help prevent the contamination of the system with data that originates from the Internet. As a part of this feature, Internet Explorer now maintains two stores for the Temporary Internet Files and two Cookie Jars to store the user’s cookies. For each,…


Forcing Internet Explorer To Forget To Not Remember

All joking aside, last fall, I wrote about the variety of reasons why Internet Explorer might not offer to remember your password on a web form. As I mentioned then, you will not be re-prompted to save your password if you’ve previously declined to store the password for this username on this page by clicking “No”…


Using Meddler to Simulate Web Traffic

As mentioned back in July, IE8’s new lookahead downloader has a number of bugs which cause it to issue incorrect speculative download requests. The “BASE Bug” caused the speculative downloader to only respect the <BASE> element for the first speculatively downloaded script file. Subsequent relative SCRIPT SRCs would be combined without respecting the specified BASE,…


Capturing Crash Dumps for Analysis

Sometimes, folks report crashes to the IE team that we are unable to reproduce internally. That’s usually because, as mentioned often, most crashes are caused by buggy browser add-ons. In some cases, however, crashes occur even when running with browser add-ons off, and if we cannot reproduce the problem, the next best thing is a…


Good News: Microsoft Security Essentials Released

Microsoft’s free new anti-virus / anti-malware realtime scanner is now available as a free download. Installing MSE, a traditional signature-based scanner, alongside IE8’s URL Reputation-based SmartScreen Filter yields comprehensive protection to help keep your computers safe from malicious software. There are a few things I like about MSE over other scanners: You won’t see advertisements trying…


New Tool: Compare IE Security Settings

“IE Zone Comparer” was designed to provide additional visibility into URLMon’s security zone settings.  Pick any two collections of security zone settings, and IE Zone Comparer displays the values of those settings, highlighting any differences between the two collections. Note: Updated on 11/7/2009 to offer details on “Effective” policy.


Microsoft Doloto Performance Optimization Tool

Ben Livshits and Emre Kiciman of Microsoft Research have released the Doloto performance-optimization tool. This cool tool enables web developers to optimize page-load time by ensuring that pages only pull in the JavaScript functions they need. Mentioned in Steve Souder’s Even Faster Web Sites earlier this year, it’s now available to the public. Beyond the fact that I love…