Archive

Archive for the ‘.Net’ Category

TFS build Sservice account change gives workspace in use error

March 25, 2010 1 comment

When we changed the existing service account we were using for TFS build agent and used a new service account. After this change our continous integration failed with the following error:

Problem:
C:\Program Files\MSBuild\Microsoft\VisualStudio\TeamBuild\Microsoft.TeamFoundation.Build.targets(699,5,699,5): error : The working folder [WorkingFolder] is already in use by the workspace [workspace];[domain]\[user] on computer [buildmachine]

Reason:
Part of the Team Build build process involves creating a workspace that can be used to get sources for the build. This workspace is typically deleted and then created during the course of the build, meaning that after the build the workspace hangs around. So – when you changed the service account, the delete for the next build had nothing to do (since workspaces are owned and the current user didn’t have a workspace to delete) and the create failed, since a workspace already existed in the same location. You’ll just need to delete the old workspace, owned by DEV\tfssetup

I found the above excellent tip from the this page.

And the correct command to execute the deletion of workspace is as follows:

C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE>tf workspace /delete /server:http://%5Bservername%5D:8080/ [workspacename];[domainname]\[utcode]

You will need workspace deletion permission to execute the above command.

More information here!

Happy programming!

Advertisements

Moving ASP.NET web application from 32 bit to 64 bit

October 26, 2009 1 comment

Before we jump in to the details, we need to know few things to understand some basics.

Managed module is a standard 32 bit Microsoft Windows Portable Executable (PE32) file or standard 64 bit Microsoft Windows Portable Executable file (PE32+) that requires CLR to execute.

Parts of managed module:

PE32 or PE32+ header

Contains information about
1.    format of the file (PE32 or PE32+)
2.    type of the file (DLL, CUI or GUI)
3.    a timestamp: the time when the file is built.
4.    Information about native CPU code (if the module contain native CPU code)
For modules that has only IL this information is not used

CLR header

This includes information about
1.    Version of the CLR required
2.    MethodDef metadata token of the managed module’s entry point
3.    Location of Metadata and size of metadata
4.    resources
5.    strong name

Metadata

Usually this part contains 2 tables
1.    information about the types and members defined in the module’s source
2.    information about the types and members referred by the module’s source.

Intermediate
Language code
Code produced by compiler during compilation. At run time CLR compiles the IL in to native CPU instructions.

 

Always keep in mind that all CLR complaint compilers produce IL code. At times this IL code is referred as managed code because it is managed by CLR.

Assembly Assembly is a logical group of one or mode modules
Manifest Manifest is a set of metadata tables that have information about list of files in the assembly, the dependencies of the files in the assembly and resource or data files associated with the files

 

Before we understand how CLR loads the managed code or assembly we need to study the difference between 32 bit and 64 bit versions of windows.

If your assembly files contain only type-safe managed code, you are writing code that should work on both 32-bit and 64-bit versions of Windows. No source code changes are required for your code to run on either version of Windows. In fact, the resulting EXE/DLL file produced by the compiler will run on 32-bit Windows as well as the x64 and IA64 versions of 64-bit Windows! In other words, the one file will run on any machine that has a version of the .NET Framework installed on it.

On extremely rare occasions, developers want to write code that works only on a specific version of Windows. Developers might do this when using unsafe code or when interoperating with unmanaged code that is targeted to a specific CPU architecture.

What is Unsafe Code?
http://msdn.microsoft.com/en-us/library/62bwd2yd(VS.80).aspx

By default Microsoft’s C# compiler produces safe code. Safe code is code that is verifiably safe. However it is possible to write unsafe code. Unsafe code is allowed to work directly with memory addresses and can manipulate bytes at these addresses. This is a powerful feature and is useful when interoperating with unmanaged code.

How to check if an assembly is type safe or not?
Microsoft supplies a utility called PEVerify.exe that analyses and reports the error if any unsafe code is used in the assembly.

image

 

To aid these developers,the C# compiler offers a /platform command-line switch. This switch allows you to specify whether the resulting assembly can run on x86 machines running 32-bit Windows versions only, x64 machines running 64-bit Windows only, or Intel Itanium machines running 64-bit Windows only. If you don’t specify a platform, the default is anycpu, which indicates that the resulting assembly can run on any version of Windows.

Depending on the platform switch, the C# compiler will emit an assembly that contains either a PE32 or PE32+ header, and the compiler will also emit the desired CPU architecture (or agnostic) into the header as well. Microsoft ships two command-line utilities, DumpBin.exe and CorFlags.exe, which you can use to examine the header information emitted in a managed module by the compiler.

How to find Platform dependency?

image

CLR Header

2.0 = .NET 1.0 or 1.1
2.5 = .NET 2.0

PE

PE header type
PE32 = 32-bit
PE32+ = 64-bit

CorFlags Different flags
ILONLY Since assembly also allowed to contain native code, to be “AnyCPU” the assembly shall contain only IL.
32BIT

1 = x86 target
0 = Any CPU target

Signed

Signed    1 = Assembly signed
0 = Assembly not signed

In our example we will have to look at three properties to find if the assembly is platform dependent or not.
ILONLY –> 1
Even the assembly has only ILCode still it can be platform dependent. PE and 32 Bit properties help to get more information.
PE & 32 Bit –> PE32 & 0

The combination of PE & 32 bit for different platforms are as follows:

  PE 32Bit
AnyCPU PE32 0
X86 PE32 1
x64 PE32(+) 0

So from the information displayed by CorFlags, our test assembly is truly “AnyCPU”

Also CorFlags can be used to forcefully change the PE headers. But personally I don’t like this because if it is compiled like that then it is done for a reason.

 

What happens during running of the executable?
1.    Windows examines the EXE file’s header to determine whether the application requires a 32 bit or 64 bit address space
2.    A file with PE32 header can run with a 32 bit or 64 bit address space
3.    A file with PE32+ header requires a 64 bit address space
4.    Windows also checks the CPU architecture information embedded inside the header to ensure that it matches the CPU type in computer.

WOW64
64 bit versions of windows offer a technology that allows 32 bit windows applications to run. This technology is called WOW64 (for windows on Windows 64).It would be more appropriate if it was named as ‘Windows 32 on Windows 64”. To make it simple, WOW64 acts as a layer and let 32 bit process to run as if they are running in 32 bit system even though in real they are running in 64 bit OS. As you see there is an extra cost here. There is no free lunch.

The even allows 32 bit applications with x86 native code in them to run on an Itanium machine, because WOW technology can emulate X86 instruction set, but with a performance cost.

How do we know if the application is running under WOW64?
In the task manager if you see *32 near to your image name then your application is running under 32 bit emulation mode using WOW64. If you want to determine it from out of process use IsWow64Process.

Also you could use Module.GetPEKind to determine the platform targeted by the module.

/platform
Switch

Resulting managed module X86 Windows X64 Windows IA64 Windows
anycpu PE32/platform agnostic Runs as a 32 bit application Runs as 64 bit application Runs as a 64 bit applications
X86 PE32/X86 Runs as a 32 bit application Runs as a WoW64 application Runs as a WoW64 application
X64 PE32+/X64 Doesn’t run Runs as a 64 bit application Doesn’t run
Itanium PE32+/Itanium Doesn’t run Doesn’t run Runs as a 64 bit application

Where to set the /platform switch in VS

image

Process of creating a Process

After Windows has examined the EXE file’s header to determine whether to create a 32-bit process, a 64-bit process, or a WoW64 process, Windows loads the x86, x64, or IA64 version of MSCorEE.dll into the process’s address space. On an x86 version of Windows, the x86 version of MSCorEE.dll can be found in the C:\Windows\System32 directory. On an x64 or IA64 version of Windows, the x86 version of MSCorEE.dll can be found in the C:\Windows\SysWow64 directory, whereas the 64-bit version (x64 or IA64) can be found in the C:\Windows\System32 directory (for backward compatibility reasons). Then, the process’ primary thread calls a method defined inside MSCorEE.dll. This method initializes the CLR, loads the EXE assembly, and then calls its entry point method (Main). At this point, the managed application is up and running.

So,

1.    If your application has only managed code then you don’t hesitate to use “Any CPU”. Best option if you are just using pure c#.

2.    If your application (or any of the third party dlls) has direct native code or have an assembly that is targeted to x86 (32) then you cannot run your application in X64 environment because when the dependent assembly (targeted to x86) could not be loaded in x64 environment (will throw bad format exception). In this case, use CorFlags tool to change the target to x64, if you are so sure that can be done!. Otherwise there is a hack.

3.    If any of your code targets specifically x86 platform then you must compile targeting the platform x86. This will run in x64 in emulated mode (WoW64) but bear in mind that you have a performance hit in WoW64.

4.    If any of your code targets specifically x64 platform (this wont occur normally until you have specific pointer sizes) then you got no choice except to compile your application targeting X64.

Critical October Security patches

October 14, 2009 Leave a comment

Microsoft today released a huge security patch. This includes 13 fixes out of which 6 updates are given as critical and they have the highest priority.

image

As we see in the priority list given by Microsoft, half of the security patches has something to do with day to day activities of the users or at worst at the server level.

As a web developer I am really concerned about patches for Internet Explorer, .Net CLR and Silver light. As a normal user the patch for Media Runtime and Media Player interests me, because I download loads of media content.

Below are the critical patches as recommended by Microsoft.

MS09-052

Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-050

Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

MS09-054

Cumulative Security Update for Internet Explorer (974455)
This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-061

Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.

MS09-062

Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-052

Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Also to check for the missing security updates and misconfigurations we can use Microsoft Baseline Security Analyzer.

For MS09-061 the current vulnerabilities are explained here as follows:

  1. The first issue results from the manner in which Microsoft .NET verifiable code is verified, which could allow attackers to obtain a managed pointer to stack memory that is no longer used, leading to arbitrary code execution.
  2. The second vulnerability results from the manner in which Microsoft .NET verifiable code is verified, which could allow attackers to bypass a type equality check and execute arbitrary code.
  3. The third issue results from the manner in which the Microsoft .NET Common Language Runtime (CLR) handles interfaces, which could allow attackers to execute arbitrary code via a malicious application.

Best books for .Net development – My Recommendations

September 24, 2009 Leave a comment

Today my manager asked me to list some good technical .net books on which our management had planned to invest.

I always had a wish list for technical books; I could easily  arrive at a list.

I categorized the books as follows:

  1. Programming.Net (That helps core programming. Mostly on C# core and ASP.NET core)
  2. Design/Architecture/Guidelines (Design Patterns, Best Practices, Modeling Patterns)
  3. Concepts (General concepts for programming, UI design)
  4. Source control / Build & deployment

I didn’t cover books on WCF/WPF/Silver Light/RESTful services/ASP.NET MVC/Entity Framework as I don’t have enough knowledge on those books.

Programming .NET

  1. CLR via C# by Jeffery Richter
  2. Programming Microsoft Visual C# 2005: The Base Class Library by Francesco Balena
  3. Professional ASP.NET 3.5: In C# and VB by Bill Evjen
  4. Programming .NET Components by Juval Lowy
  5. Debugging Microsoft .NET 2.0 Applications by John Robbins
  6. Professional ASP.NET 3.5 AJAX by Matt Gibbs

Design / Architecture / Guidelines

  1. Framework Design Guidelines: Conventions, Idioms, and Patterns for Reusable .NET Libraries by Krzysztof Cwalina
  2. Microsoft® .NET: Architecting Applications for the Enterprise (PRO-Developer) by Dino Esposito
  3. UML Distilled: A Brief Guide to the Standard Object Modeling Language (3rd Edition) by Martin Fowler
  4. Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives by Nick Rozanski
  5. Practical Guidelines and Best Practices for Microsoft® Visual Basic® and Visual C#® Developers  by Francesco Balena
  6. Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin

Concepts 

  1. Don’t Make Me Think: Common Sense Approach to Web Usability, 2nd Edition by Steve Krug
  2. The Pragmatic Programmer: From Journeyman to Master by Andrew Hunt
  3. Code Complete: A Practical Handbook of Software Construction by Steve McConnell

Source Control / Build

  1. Inside the Microsoft® Build Engine: Using MSBuild and Team Foundation Build by Sayed Ibrahim Hashimi
  2. Professional Team Foundation Server by Jean-Luc David

Any other suggestions guys, particularly for web services, security and unit testing?

Programming for Beginners

September 22, 2009 Leave a comment

Really there are cool changes happening in Microsoft.

Today I learnt about this exiting new site for beginner programmers (from Scott Hanselman ) which was created to educate the beginner programmers. I know quite a few beginner programmers to whom I would send this link. If you guys know some kids/beginners, do the same.

As expected there are different tracks waiting for the beginners to choose from
1. Web Track: This track covers everything the beginners need to learn about how the internet works and how to create great (!) web applications. There are some tips and tricks too that would give more insight.
2. Windows Track: Great place to learn windows programming, graphics etc.
3. Aspiring Professional: After mastering basics of programming, the beginners can utilize this place to gain more in depth knowledge. There are some advertisements and tricks done here to make beginners spend money on training and upgrading to professional visual studio from free visual studio express.
4. Kids Corner: Why the kids always get the corner? No don’t think this corner is only for kids. This also includes video tutorials for Parents and Teachers who wants to teach the kids.

Beginners can choose either tracks 1 and 3 (web developer) or 2 and 3 (windows developer) or 1,2 and 3 (know-it-all, web-windows developer).

Beginners must install Silverlight to watch and learn all these videos; which is free and can be installed by clicking on the “Silverlight: Click to install the required version”.I think, Microsoft is violently marketing Silverlight. Cannot blame them, they are actually running out of time. They need all the machines to have Silverlight, only then they will be able to tackle the fierce competition from flash. Anyway this is out of our current topic.

There are really quite a lot of learning resources available now for kids and students who really want to do some programming. It is not like the time when I studied programming in my college. Few weeks before I and my friend Sajid were talking about this problem.

One of Sajid’s friends was doing a part-time job of “helping” university students to develop their projects. Actually he is not just helping; he is developing the whole project and selling it for a cost. This is not helping really. This actually spoils the kid and never gives him a chance to learn on his own.

@“Helpers”: Never and ever develop and sell projects to university students. If you have free time try to educate them and give pointers to learning resources.

@“Kids / Beginner Programmer”: Don’t rely on the “helpers”; there is lot of resources available now in the internet. Use them and build your own career. Happy programming!

Categories: .Net, ASP.NET

CLR via C#, 3rd edition

September 21, 2009 Leave a comment

Jeffery Richter, here announces the next version of his book “CLR Via C#”. This is the 3rd edition of this book. He didnt update the book after 2nd edition which actually covered .Net 2.0. Now since he signed a new contract with Microsoft for the next version, he will be updating the content for .net 3.0 and .net 4.0 too.

CLR via c# (2nd edition) is one of the .net books I love and I strongly suggest every .net developer to read this book.

It will be good to have an updated version of this book. Jeffery Richter hopes to release the book when .net 4.0 ships.

Update: On 25th Jan 2010

Now you can pre-order CLR via C# 3rd Edition from Amazon.

Categories: .Net, CLR Tags: ,