The previous section introduced the notion of a message queue and list, of where there is one pair per PM message thread. We now look at these in more detail, with the associated PM system structures that comprise the applications's messaging environment.

The Message Queue Header (MQ)

This structure acts an anchor for all the message processing structures of an application message thread. It is created by WinCreateMsgQueue, and the returned HMQ (message queue handle) is the address of this structure. PM often refers to the address of a MQ as its PMQ.

The principle fields of interest are:

Offset

Description
+0x14
The current read position of the message queue.

Since the message queue is a circular array, four pointers have to be maintained: the current read position, current write position, top and bottom of array.

Each queue entry is a QMSG structure.

Entries are added to the queue in increasing address order, until the maximum (bottom) is reached then entries are added from the top.

Removal of entries only involves updating the current read pointer. Thus, a small trace of past message activity may be seen by scanning backwards from the current read pointer to the current write pointer.

+0x18
The current write pointer.
+0x24
The Pid of the message thread to which this MQ belongs.
+0x28
The Tid of the message thread to which this MQ belongs.
+0x44
The most recent SMS on which a response is awaited.

The presence of a non-zero value in this field implies that the message thread is currently blocked in WinSendMsg waiting for a response.

If the message thread recurses, for example through the receipt of a synchronous message, then a subsequent WinSendMsg will cause this field to be updated. The previous contents are saved on the stack.

A non-zero value in this field is of prime interest when diagnosing hangs. It immediately focuses our attention on the recipient of this message.

+0x48
The current SMS received.

This field is non-zero when an SMS is removed from the receive list for processing by its associated window procedure.

When this field is non-zero, it implies that the thread's window procedure has been dispatched to process a received message.

+09c
The Received message list.

SMSs are chained from this location pending dispatch.

Upon dispatch the oldest message is removed from the list and pointed to from offset +0x48 of the MQ.

+0xa4
The thread slot number of the message thread to which this MQ belongs.

This is very useful for correlating MQs to threads.

The Send Message Structure (SMS)
The SMS is created for synchronous messages and linked to the receive list (MQ+0x9c) when WinSendMsg is called.

The principle fields of interest are:

Offset

Description
+0c
Pointer to the next (more recent) SMS in the receive list.
+14
Pointer to the MQ to which this SMS has been sent.
+18
Pointer to the MQ of the thread from which this SMS was sent.
+24
Pointer to the WND the represents the Window to which this message has been sent.
+28
The message Id.
+2c
Message parameter 1.
+30
Message parameter 2.
Offsets +0x14 and +0x18 are of prime interest in diagnosing hangs. They enable us to locate the recipient of a message, of which a response is pending and therefore the thread which is causing our thread to remain blocked.
The Queue Message Structure (QMSG)
This is the structure used by applications when calling WinDispatchMsg.

The QMSG is also the form of an entry on the application's message queue.

The principle fields of interest are:

Offset

Description
+0
The window handle (HWND). This is an index (ignoring the high-order bit) in to the handle table. From the handle table we can obtain the equivalent PWND or pointer to the WND.
+4
The message Id.
+8
Message parameter 1.
+c
Message parameter 2.
The Handle Table
This is a global table that is used to correlate window handles (HWNDs) with pointers to WNDs (PWNDs). The table comprises a 0x20 byte header with 8-byte entries. The first word of each entry is a PWND and the second a Boolean flag, which if non-zero, indicates that an HWND/PWND combination is non-deleteable.

The handle table may be located from the address at symbol:

    pHandleTable

The Window Structure (WND)
This structure represents a window. It is created by WinCreateWindow.

The WND has two main functions:

>>

It acts as the link between the MQ and the thread's window procedure
>>
It establishes the WND hierarchy.
The principle fields of interest are:

Offset

Description
+0
Next sibling WND.
+4
Parent WND.
+8
First Child WND.
+28
The pointer to the MQ that will queue messages sent and posted to this window.
+2c
The windows's HWND.
+30
A Boolean, which if non-zero, indicates that the window procedure address is a 16-bit far pointer.
+34
The address of the window procedure.

This scenario is illustrated in the following diagram:

---

[Back] [Next]