Channel 9 Interview</h1> <article> <h1>Channel 9 Interview</h1> <p>marioh — Tue, 16 Sep 2008 08:07:00 GMT</p> <p>We recently sat down with Charles over in Channel 9 and talked about the Advanced Windows Debugging book and its PDC 2008 session. Check it out at:</p><p> <a href="http://channel9.msdn.com/posts/Charles/Advanced-Windows-Debugging-An-Introduction/">http://channel9.msdn.com/posts/Charles/Advanced-Windows-Debugging-An-Introduction/</a></p><p>Cheers,</p><p>Mario</p> </article> <article> <h1>PDC 2008 and Advanced Windows Debugging</h1> <p>marioh — Wed, 03 Sep 2008 01:43:00 GMT</p> <p>The Professional Developer Conference 2008 is right around the corner! Almost a week jam packed with the latest and greatest technology talks and in depth information on what has and is brewing at Microsoft. I and Daniel have been asked to present a 6hr pre-conference session on October 26th. We are extremely excited to have this opportunity to spread the word about the great tools available from Microsoft to make the development process more robust as well as increase the quality of software developed for Windows. In this session, we will dive into the details of some of the most vexing software bugs and include detailed examples of how to use the freely available tools to quickly arrive at the resolution. The session will be focused on ensuring that the material covered and presented is something that an attendee can apply right away when doing their day to day job. </p><p>Have a look at the PDC 2008 website and remember, dont forget to sign up for the Advanced Windows Debugging pre-conference session!</p><p><a href="http://www.microsoftpdc.com/Agenda/Preconference.aspx#advanced-windows-debugging">http://www.microsoftpdc.com/Agenda/Preconference.aspx#advanced-windows-debugging</a></p><p><a href="http://www.microsoftpdc.com/">http://www.microsoftpdc.com/</a></p><p>Cheers,</p><p>Mario</p><p> </p> </article> <article> <h1>System Center Online is Hiring!</h1> <p>marioh — Wed, 09 Apr 2008 01:53:00 GMT</p> <p>Interested in joining Microsoft and the exciting world of online services. If so, my team is hiring -- feel free to send me your inquiry/resume (we have several positions open). </p><p> ------</p><p>Software as a service (SaaS) is “the single biggest opportunity across every one of our businesses”. Do you want to be a part of this exciting new direction for Microsoft? Do you want to work on a V1 service? Do you want to be part of the team that’s defining a whole new experience for hosted services? Then look no further, come and join the System Center Online team. The team that believes and works towards the success of our employees and our customers. <br /><br />System Center Online is Microsoft's service-based systems management offering, providing an online solution and complimenting the industry-leading Systems Center range of products. This new System Center Online Service targeted to IT pro’s & Value Add Providers (VAPs) will be offering Update Management, Host protection (AV/AS), Hardware/Software Inventory, Monitoring and Backup along with policy/configuration, helpdesk and others. A key part of our services vision is a rapidly evolving suite of products on a constant delivery and upgrade cycle. <br /><br />Be part of our Online Management Platform and Solutions (OMPS) group that has an excellent track record in successfully delivering great performing services catering to large volume – Microsoft/Windows Update, Windows Server Update Services (WSUS) product and the recent addition of Asset Inventory Service which was part of MDOP. You would be part of a team focusing on server side solutions for infrastructure (‘Eventing’ system – Generic ‘eventing’ collection and staging web service along with ETL orchestration) as well as direct customer impacting offering of Hardware/Software inventory.<br /><br />A successful candidate should have solid skills in design and development to drive the design of areas of the service within the team; ability to work independently and own the design of individual features; Strong cross-functional interaction skills; Excellent programming, problem solving & debugging skills with experience in C/C++ or C# or Java. Preference will be given to candidates experience Web Services and related technologies such as XML/SOAP as well as SQL along being able to provide technical mentoring inside the team;. A BS degree in Computer Science or a related field with 5+ years of industry experience is strongly preferred.<br /></p><p>Cheers,</p><p>Mario</p> </article> <article> <h1>Wireshark is at version 1.0.0</h1> <p>daniel — Fri, 04 Apr 2008 03:52:00 GMT</p> <p>The current stable release of Wireshark is 1.0.0. It supersedes all previous releases, including all releases of Ethereal. You can get it from many locations, check <a href="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</a> for details. Thanks to its authors. </p><p><span>Because Wireshark </span><font size="3"><font face="Calibri"><span>opens/interprets each packet received by the networking card, it is essential to use a version which is up to date. This version contains update parser for the following protocols (from the release notes <a href="http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html">http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html</a>): </span></font></font></p><div>AFS, ALCAP, ATM, BACapp, CIGI, DCC (renamed from DCCP), DCCP (renamed from DCP), DCERPC SPOOLSS, DCERPC NT, DHCP, DirectPlay, EtherCAT, FIX, GIOP, GTP, H.248, HTTP, ICMPv6, ICQ, IPv6, ISIS, JXTA, NCP, P_Mul, PCAP, PKIX1Explicit, PTP, RADIUS, Roofnet, RTCP, RTMPT, RTP, RX, SABP, SCSI OSD, sFlow, SMPP, SNMP, SSCOP, TAPA, TIPC, TPNCP, UNISTIM, X.25, X.509sat, XML . <h3></h3></div><div></div><div>Unrelated to this post, my group <a href="http://www.microsoft.com/systemcenter/scvmm/default.mspx">System Center Virtual Machine Manager</a> is hiring software developers. If you are looking for a nice twist in your carrer send me a note (daniel at advancedwindowsdebugging dot com). </div><div></div><div></div><div>Chers, </div><div>Daniel</div><div></div><div></div> </article> <article> <h1>Advanced Windows Debugging sources moved to Codeplex</h1> <p>daniel — Wed, 02 Apr 2008 04:24:00 GMT</p> <p>After making several changes to a software project, you begin to understand why a source revision control system is a necessity. This is even more important when more than one developer contributes to the same project. I looked for an inexpensive source revision control server hosted on public location and I was surprised by the number of options that I found, some of them being sponsored by software corporation. We decided to host the source code project on <a href="http://www.codeplex.com/AWD">Codeplex</a> (project sponsored by Microsoft) because we like the client tools (free) offered as well as the project management interface. Now the project is live and our readers can check-in the bug fix in the code bugs sooner than we will be able to do it. The previous download location will continue to host a static version of the source files, as well as the associated binary and symbol files. It is impressive how easy it is nowadays for open source developers to use a professional source revision control with zero investment. </p><p>Keep on reading, <br />Daniel </p> </article> <article> <h1>The cost of software bugs</h1> <p>daniel — Mon, 17 Mar 2008 04:33:00 GMT</p> <p>After reading a relatively old <a href="http://www.wired.com/software/coolapps/news/2005/11/69355?currentPage=all">article published in Wired Magazine</a> about few nasty software bugs, I searched for similar list on the Internet. <a href="http://en.wikipedia.org/wiki/List_of_notable_software_bugs">Wikipedia</a> has an impressive list of <a href="http://en.wikipedia.org/wiki/Software_bugs">software bugs</a> that moved from the bug tracking systems into the history. Don't forget to check out the external links, they are very informative. </p><p style="font-size:10pt;margin:0in;font-family:Arial;">Do you have similar bug histories to share? </p><p style="font-size:10pt;margin:0in;font-family:Arial;"> </p><p style="font-size:10pt;margin:0in;font-family:Arial;">Thanks, </p><p style="font-size:10pt;margin:0in;font-family:Arial;">Daniel</p><p> </p> </article> <article> <h1>Two sides of reliability</h1> <p>daniel — Tue, 11 Mar 2008 05:38:00 GMT</p> <p class="PadderBetweenControlandBody" style="margin:0in 0in 6pt;"><span><font face="Calibri" size="3">One of the projects I finished recently was to assembly a microcontroller board and written the "driver" for the small LCD screen. The </font><a href="http://www.myavr.com/"><font color="#0000ff" face="Calibri" size="3">board</font></a><font size="3"><font face="Calibri"> uses an RISC AVR-microcontroller from ATMEL (ATmega8) with only 8K FLASH and 1K RAM and is connected to a 2x16 characters display. As you can see after few days of "debugging", the controller learns to spell "Advanced Windows Debugging", nicely centered on the LCD. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">While working on this project I understood better the difference in the entry barrier between building hardware building software. What are exactly the differences? </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">First there are the tools. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">For software development, the free tools can be found everywhere and we can use them after a simple download. For example, in "Advanced Windows Debugging" book we used WDK(free) to build the applications,<span> </span>we used Debugging Tools for Windows (free) to troubleshoot the applications which can be written created very well in any text editor(Notepad is free).</font></font></span></p><p style="margin-bottom:0pt;"><span><font face="Calibri" size="3">Looking for highly integrated or managed code development tools? Many are also available for free.<span> </span>For example Microsoft offers for download an "</font><a href="http://www.microsoft.com/express/"><font color="#0000ff" face="Calibri" size="3">Express</font></a><font size="3"><font face="Calibri">" version to all development tools for free.</font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">If open source software is an option, you can easily find a tool that suits you needs. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">The tools used in hardware development are not free for a good reason. With few exceptions most are physical objects. You cannot just download a COPY of a physical object, you have to pay the manufacturing and distribution costs. And you need tools from the moment you start building the hardware. Once the circuit is ready and powered on, you need measurement equipment for validating the design correctness. If the circuit uses processors, you must have another set of tools (usually expensive) to validate the application correctness and to debug the code running inside the embedded processors. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">After the design is complete, the process of removing the remaining bugs from the products is also different. In software a bug is usually fixed by adding a code line, removing a code line, of even re-architecting a code section. In any case the cost of implementing those changes is relatively small. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">The bugs discovered after the products release are easily fixed with a downloadable patch.</font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">In hardware the problems are more difficult to fix dues to the high cost of prototyping and the cost of redesigning the circuits. And most important the bugs discovered by customers are causing product returns.<span> </span></font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">Although it seems that it is in fairly inexpensive and easy to release "bug-free" software products, we somehow accepted the error in software applications. When an internet browser crashes, we just restart it without any bad feelings.<span> </span>However, we have different expectation for a hardware device. If a cell phone, or a TV, or a music player freezes and require a "restart" we are not happy.<span> </span>When it happens too often, we end-up returning the products. </font></font></span></p><p style="margin-bottom:0pt;"><span><font size="3"><font face="Calibri">Due to the flexibility offered by providing some of the functionality in software the later devices incorporate more capabilities offered by software modules. Because this trend will continue and even accelerate, is interested what will happen with their reliability? We will learn to live devices that are not working properly or software running on such devices will be more reliable than the current desktop applications?<span> </span></font></font></span></p><p class="MsoNormal" style="margin:0in 0in 10pt;"><font size="3"><font face="Calibri"><span></span><span style="font-size:12pt;font-family:'Times New Roman','serif';"></span></font></font></p><p class="MsoNormal" style="margin:0in 0in 10pt;"><span><font face="Calibri" size="3"></font></span></p> </article> <article> <h1>CS Techcast: Advanced Windows Debugging</h1> <p>marioh — Tue, 19 Feb 2008 15:56:00 GMT</p> <p>A couple of weeks ago we had the opportunity to chat with the folks over at CS Techcast about Advanced Windows Debugging. It was an excellent discussion with a lot of interesting questions. Head over to <a href="http://www.cstechcast.com/home.aspx?Episode=12">http://www.cstechcast.com/home.aspx?Episode=12</a> for the full Podcast.</p><p>Cheers,<br />Mario</p> </article> <article> <h1>Windows Development Kit 6001 RTM</h1> <p>daniel — Sun, 17 Feb 2008 21:37:00 GMT</p> I have started this blog immediately after we finished all the reviews for <a href="http://www.amazon.com/gp/product/0321374460?ie=UTF8&tag=advanwindodeb-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0321374460">Advanced Windows Debugging (The Addison-Wesley Microsoft Technology Series)</a> with the goal to supplement and correct, when necessary, the book content. With all the available hours, previously spent on the book project, I never thought that it will be hard to find time for blogging. However, I found a lot of tasks postponed since some time, waiting for completion. Now I should find more time for contributing to this blog. <br /> <br />What has been changed since the book has been completed? <br /> <br />In the last few days, Microsoft announced the release of <a href="http://www.microsoft.com/windowsserver2008/en/us/default.aspx" title="Windows Server 2008">Windows Server 2008</a> (formerly known as Longhorn) and the client version, Windows Vista SP1. The Microsoft Connect team promptly sent a notification mail to all Windows Development Kit (WDK) Beta users telling them that the WDK RTM version is ready for downloading. Because our samples designed to be compiled using WDK and a new version can affects many readers, it is better to evaluate its impact ourselves. <br /> <br />WDK is considered by many as one of the Microsoft best keep secrets, simply because it offers a simple, yet robust platform for creating, building and verification application targeted to multiple platforms. Even better, the footprint is fairly small by today's standards (less then 1.6 GB installed), the dependences of the guest operating system are minimal. The WDK is self contained, all compilers, libraries and tools are available for all target platforms. It even comes with ATL and MFC libraries. If you need to write a simple application that is happy with the OS installed CRT (msvcrt.dll), WDK is a very good option. <br /> <br />WDK's version is set to 6001.18000 that should also represent the build version of the Windows Server 2008 and the corresponding Windows Vista SP1. <br /> <br /><em>C:\>set base<br />BASEDIR=C:\WinDDK\6001.18000</em><br /> <br />I just downloaded it and all the samples build without a surprise. As expected, the whole build process worked flawless and the samples are failing as designed.<br /> <br />What is new in the WDK 6001? <br /> <br />As with the previous version this one is available only as an ISO file. This version seems smaller than other versions and fit well in a CD image (the web site recommend burning it on a DVD). If you are looking for a free CD/DVD burner search the web for cdburn.exe or dvdburn.exe. Both are available from Microsoft in the Windows Resource Kit Tools.<br /> <br />The WDK 6001 contains many driver samples using both User Mode Driver Framework and Kernel Mode Driver Framework. There are new tools as well are extension to the existing tools (static verifier, prefast, etc.). <br /> <br />Perhaps the most important is the Microsoft <a href="http://www.microsoft.com/windowsserver2008/en/us/virtualization-consolidation.aspx" title="hypervisor">hypervisor</a> reference which is available as a role in Windows Server 2008. For people not familiar with the hypervisor, it can be described as a thin layer of software that runs above the physical hardware. It allows multiple operating systems to run "simultaneously" on the same physical computer and maintains the isolation between them. Each such virtual computer is called a partition. <br /> <br />The documentation contains a node describing the hypervisor implementations and the APIs available for creating hypervisor aware drivers and applications. The node is located strategically hidden under Device and Driver Technology|System|Hypervisor. <br /> <br />Because the debugger is so close to the hardware layer, the introduction of another layer between debuggers and the physical hardware layer brings some changes to the debugging process. In the future post I will analyze the impact that the hypervisor has to the techniques described in the book. <br /> </article> <article> <h1>The Missing Object Security Command</h1> <p>marioh — Wed, 19 Dec 2007 23:56:00 GMT</p> <p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">One of the most intriguing command omissions from the native debugger package is that of being able to display extended security information (such as a security descriptor) on a kernel mode object from user mode via its associated user mode handle. The workaround is somewhat tedious and involves hooking up the kernel debugger (live or actual) and get the security information from there. The most interesting part of this omission is that getting extended security information about a kernel mode object from user mode is relatively straightforward using the GetUserObjectSecurity API. As such, the first thing that popped into my mind was to write a custom debugger extension that achieved just </font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">that. Fortunately, before taking this approach, I did some research and found that an extension like that already exists and is called SDbgExt (developed by Skywing). In addition to extended security information it includes a lot of other excellent commands such as:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>* VC STL support</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>* Symbol commands</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>* Security commands</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">One of the commands in the security category is called <em>objsec</em>. The <em>objsec</em> command can be used to dump out the security descriptor of a kernel mode object using the associated user mode handle value. Let's take a look at an example of how to use the objsec extension command. I used <em>notepad.exe</em> as the target application (on a XP SP2 machine).</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Prior to running the example, copy the debugger DLL (<em>sdbgext.dll</em>) into the <em>WinExt</em> folder of the debugger installation path. On my machine for example it would be located in the following folder:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">C:\Program Files\Debugging Tools for Windows\winext</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Launch an instance of notepad.exe under the debugger using the following command line:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">C:\> <strong>ntsd notepad.exe</strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Once started, fix the symbols using:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><strong>.symfix</strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><strong>.reload</strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Issue the <em>handle</em> command to get a list of currently opened handles in the process:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">0:001> <strong>!handle</strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle c</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>File</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 770</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Section</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">...</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">...</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">...</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7cc</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Semaphore</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7d0</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>WindowStation</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7d4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Desktop</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7d8</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Event</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7dc</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Mutant</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7e0</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Directory</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7e4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Key</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7e8</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span><span> </span>WindowStation</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7ec</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Port</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><strong>Handle <em>7f0</em></strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><strong><span><em> </em></span>Type<span> </span>Directory</strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7f4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>File</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7f8</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>Directory</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Handle 7fc</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman"><span> </span>Type<span> </span>KeyedEvent</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">37 Handles</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Type<span> </span>Count</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Event<span> </span>5</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Section<span> </span>4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">File<span> </span>4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Port<span> </span>2</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Directory<span> </span>3</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Mutant<span> </span>8</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">WindowStation<span> </span>2</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Semaphore<span> </span>3</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Key<span> </span>4</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Desktop<span> </span>1</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">KeyedEvent<span> </span>1</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Pick a handle that you are interested in and use the <em>objsec</em> extension command on that handle. For example, I choose the Directory event with a handle of 7f0:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">0:001> <strong>!sdbgext.objsec <em>7f0</em></strong></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">The object type is Directory</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Security descriptor for object handle 7F0:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Owner: BUILTIN\Administrators</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Primary group: NT AUTHORITY\SYSTEM</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Revision: 1, Control: DaclPresent</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Dacl: Revision 2 Size 48 bytes used, 8 bytes free, 2 ACEs present</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Ace: Index 0 Flags: <empty> Type: AccessAllowedAce SecurityPrincipal: Everyone</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">AccessMask: Query Traverse ReadControl</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Ace: Index 1 Flags: <empty> Type: AccessAllowedAce SecurityPrincipal: NT AUTHORITY\SYSTEM</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">AccessMask: Query Traverse CreateObject CreateSubdirectory Delete ReadControl WriteDac WriteOwner</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Sacl: not present</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">The information resulting from executing the <em>objsec</em> extension command shows the security descriptor associated with the kernel object represented by process relative handle 7f0. Information such as owner, all the access control entries as well as access masks are displayed.</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">It is often necessary to analyze the security descriptor of any given object (for example when debugging access denied errors) and the <em>objsec</em> command of the sdbg extension DLL gives that power without having to revert to kernel mode debugging.</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">For more information on this excellent debugger extension, please see the following links:</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"><a href="http://www.valhallalegends.com/skywing/">http://www.valhallalegends.com/skywing/</a><br /><a href="http://www.nynaeve.net/?p=6">http://www.nynaeve.net/?p=6</a> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"></font> </p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Until next time.</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Cheers,</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Times New Roman">Mario</font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font face="Times New Roman" size="3"> </font></p> </article> <article> <h1>Available at the Microsoft Company Store in Redmond</h1> <p>marioh — Wed, 19 Dec 2007 20:03:00 GMT</p> The Microsoft company store in Redmond greatly expanded on their selection of technical books. As part of that expansion they brought in Advanced Windows Debugging. All books appear to be sold at a discount (range varies depending on the book). </article> <article> <h1>Advanced Windows Debugging Release Date</h1> <p>marioh — Mon, 29 Oct 2007 20:51:00 GMT</p> <p>Amazon is still reporting the book as being on pre-order. I've heard numerous accounts of buyers stating that they had received an email from Amazon that the book will be shipped on <strong>12/17/2007</strong>. This date is a misestimate as Amazon will be receiving copies of the book by end of this week or beginning of next week. The same timeframe should apply to other channels such as local bookstores. </p><p>Thanks!</p><p>Mario</p> </article> <article> <h1>VeriSign Organizational Certificate Digital ID</h1> <p>marioh — Thu, 18 Oct 2007 19:52:00 GMT</p> <p><span style="font-size:10pt;font-family:'Arial','sans-serif';">In chapter 13 of Advanced Windows Debugging we discussed the process by which a company can sign up for Windows Error Reporting. The WER service is a great mechanism to gauge the health of your application in the wild. It also allows you access to valuable information that can be used to debug problems postmortem. One of the requirements for establishing an account with WER is to obtain a code signing digital ID. While it is recommended practice to obtain ownership of code using this digital ID it also costs right around $400 to obtain. To remove the pricing obstacle and allow more companies the chance to participate in WER, VeriSign is now offering what is called an organizational Digital ID for the low cost of $99. This digital ID is used only as a mechanism to establish a WER account and cannot be used to sign binaries. Another limitation is that hardware submissions are not allowed using this digital ID. Even in light of these limitations, it is a great way to get on board with WER for a relatively low cost.</span></p><p><span style="font-size:10pt;font-family:'Arial','sans-serif';">More details on digital certificates for WER can be found here: </span></p><p><span style="font-size:10pt;font-family:'Arial','sans-serif';"><a href="http://www.verisign.com/code-signing/msft-organizational-certificates/index.html">http://www.verisign.com/code-signing/msft-organizational-certificates/index.html</a></span></p><p> </p> </article> <article> <h1>Wireshark is the newest version of Ethereal</h1> <p>daniel — Thu, 18 Oct 2007 07:17:00 GMT</p> <font size="3"><font face="Calibri"><div><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Calibri">A network packet sniffer is a great tool for investigating network communication error. At the time of writing the book, <span><a href="http://www.ethereal.com/" title="Ethereal">Ethereal</a> was one of the best tools network packet sniffer available and we used it to analyze the network communication between two different systems. </span></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Calibri"><span>However, the last update to Ethereal has been made in April 2006 having the version 0.99.0, that is more than one and a half year ago. </span></font></font><font size="3"><font face="Calibri"><span>Since then, several <a href="http://www.ethereal.com/appnotes/enpa-sa-00024.html" title="vulnerabilities">vulnerabilities </a>have been discovered in protocol parsers and because Ethereal </span></font></font><font size="3"><font face="Calibri"><span>opens/interprets each packet received by the networking card, it is essential to use a version which is up to date. </span></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Calibri"><span>Due to trademark related issues, the latest packet sniffer version is offered under <a href="http://www.wireshark.org" title="Wireshark">Wireshark</a> name, last release being 0.99.6. This release fixes several security holes discovered in the previous releases of Wireshark and Ethereal. </span></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Calibri"><span>Even if the sample capture files available on the website can be opened safely with the Ethereal, it is strongly advised to upgrade to the latest Wireshark version. This is even more important when the captured packets are not received from trusted servers. Wireshark opens the sample capture files described in the chapter 8 without any problem and provides the same user experience as the Ethereal. </span></font></font></p><p class="MsoNormal" style="margin:0in 0in 0pt;"><font size="3"><font face="Calibri"><span></span></font></font></p></div></font></font> </article> </main></body></html>