Daniel's blog

Wireshark is at version 1.0.0

2008-04-04T03:52:00Z

The current stable release of Wireshark is 1.0.0. It supersedes all previous releases, including all releases of Ethereal. You can get it from many locations, check http://www.wireshark.org/download.html for details. Thanks to its authors.

Because Wireshark opens/interprets each packet received by the networking card, it is essential to use a version which is up to date. This version contains update parser for the following protocols (from the release notes http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html):

AFS, ALCAP, ATM, BACapp, CIGI, DCC (renamed from DCCP), DCCP (renamed from DCP), DCERPC SPOOLSS, DCERPC NT, DHCP, DirectPlay, EtherCAT, FIX, GIOP, GTP, H.248, HTTP, ICMPv6, ICQ, IPv6, ISIS, JXTA, NCP, P_Mul, PCAP, PKIX1Explicit, PTP, RADIUS, Roofnet, RTCP, RTMPT, RTP, RX, SABP, SCSI OSD, sFlow, SMPP, SNMP, SSCOP, TAPA, TIPC, TPNCP, UNISTIM, X.25, X.509sat, XML .

Unrelated to this post, my group System Center Virtual Machine Manager is hiring software developers. If you are looking for a nice twist in your carrer send me a note (daniel at advancedwindowsdebugging dot com).

Chers,

Daniel

Advanced Windows Debugging sources moved to Codeplex

2008-04-02T04:24:00Z

After making several changes to a software project, you begin to understand why a source revision control system is a necessity. This is even more important when more than one developer contributes to the same project. I looked for an inexpensive source revision control server hosted on public location and I was surprised by the number of options that I found, some of them being sponsored by software corporation. We decided to host the source code project on Codeplex (project sponsored by Microsoft) because we like the client tools (free) offered as well as the project management interface. Now the project is live and our readers can check-in the bug fix in the code bugs sooner than we will be able to do it. The previous download location will continue to host a static version of the source files, as well as the associated binary and symbol files. It is impressive how easy it is nowadays for open source developers to use a professional source revision control with zero investment.

Keep on reading,
Daniel

The cost of software bugs

2008-03-17T04:33:00Z

After reading a relatively old article published in Wired Magazine about few nasty software bugs, I searched for similar list on the Internet. Wikipedia has an impressive list of software bugs that moved from the bug tracking systems into the history. Don't forget to check out the external links, they are very informative.

Do you have similar bug histories to share?

Thanks,

Daniel

Two sides of reliability

2008-03-11T05:38:00Z

One of the projects I finished recently was to assembly a microcontroller board and written the "driver" for the small LCD screen. The board uses an RISC AVR-microcontroller from ATMEL (ATmega8) with only 8K FLASH and 1K RAM and is connected to a 2x16 characters display. As you can see after few days of "debugging", the controller learns to spell "Advanced Windows Debugging", nicely centered on the LCD.

While working on this project I understood better the difference in the entry barrier between building hardware building software. What are exactly the differences?

First there are the tools.

For software development, the free tools can be found everywhere and we can use them after a simple download. For example, in "Advanced Windows Debugging" book we used WDK(free) to build the applications, we used Debugging Tools for Windows (free) to troubleshoot the applications which can be written created very well in any text editor(Notepad is free).

Looking for highly integrated or managed code development tools? Many are also available for free. For example Microsoft offers for download an "Express" version to all development tools for free.

If open source software is an option, you can easily find a tool that suits you needs.

The tools used in hardware development are not free for a good reason. With few exceptions most are physical objects. You cannot just download a COPY of a physical object, you have to pay the manufacturing and distribution costs. And you need tools from the moment you start building the hardware. Once the circuit is ready and powered on, you need measurement equipment for validating the design correctness. If the circuit uses processors, you must have another set of tools (usually expensive) to validate the application correctness and to debug the code running inside the embedded processors.

After the design is complete, the process of removing the remaining bugs from the products is also different. In software a bug is usually fixed by adding a code line, removing a code line, of even re-architecting a code section. In any case the cost of implementing those changes is relatively small.

The bugs discovered after the products release are easily fixed with a downloadable patch.

In hardware the problems are more difficult to fix dues to the high cost of prototyping and the cost of redesigning the circuits. And most important the bugs discovered by customers are causing product returns.

Although it seems that it is in fairly inexpensive and easy to release "bug-free" software products, we somehow accepted the error in software applications. When an internet browser crashes, we just restart it without any bad feelings. However, we have different expectation for a hardware device. If a cell phone, or a TV, or a music player freezes and require a "restart" we are not happy. When it happens too often, we end-up returning the products.

Due to the flexibility offered by providing some of the functionality in software the later devices incorporate more capabilities offered by software modules. Because this trend will continue and even accelerate, is interested what will happen with their reliability? We will learn to live devices that are not working properly or software running on such devices will be more reliable than the current desktop applications?

Windows Development Kit 6001 RTM

2008-02-17T21:37:00Z

I have started this blog immediately after we finished all the reviews for Advanced Windows Debugging (The Addison-Wesley Microsoft Technology Series) with the goal to supplement and correct, when necessary, the book content. With all the available hours, previously spent on the book project, I never thought that it will be hard to find time for blogging. However, I found a lot of tasks postponed since some time, waiting for completion. Now I should find more time for contributing to this blog.

What has been changed since the book has been completed?

In the last few days, Microsoft announced the release of Windows Server 2008 (formerly known as Longhorn) and the client version, Windows Vista SP1. The Microsoft Connect team promptly sent a notification mail to all Windows Development Kit (WDK) Beta users telling them that the WDK RTM version is ready for downloading. Because our samples designed to be compiled using WDK and a new version can affects many readers, it is better to evaluate its impact ourselves.

WDK is considered by many as one of the Microsoft best keep secrets, simply because it offers a simple, yet robust platform for creating, building and verification application targeted to multiple platforms. Even better, the footprint is fairly small by today's standards (less then 1.6 GB installed), the dependences of the guest operating system are minimal. The WDK is self contained, all compilers, libraries and tools are available for all target platforms. It even comes with ATL and MFC libraries. If you need to write a simple application that is happy with the OS installed CRT (msvcrt.dll), WDK is a very good option.

WDK's version is set to 6001.18000 that should also represent the build version of the Windows Server 2008 and the corresponding Windows Vista SP1.

C:\>set base
BASEDIR=C:\WinDDK\6001.18000

I just downloaded it and all the samples build without a surprise. As expected, the whole build process worked flawless and the samples are failing as designed.

What is new in the WDK 6001?

As with the previous version this one is available only as an ISO file. This version seems smaller than other versions and fit well in a CD image (the web site recommend burning it on a DVD). If you are looking for a free CD/DVD burner search the web for cdburn.exe or dvdburn.exe. Both are available from Microsoft in the Windows Resource Kit Tools.

The WDK 6001 contains many driver samples using both User Mode Driver Framework and Kernel Mode Driver Framework. There are new tools as well are extension to the existing tools (static verifier, prefast, etc.).

Perhaps the most important is the Microsoft hypervisor reference which is available as a role in Windows Server 2008. For people not familiar with the hypervisor, it can be described as a thin layer of software that runs above the physical hardware. It allows multiple operating systems to run "simultaneously" on the same physical computer and maintains the isolation between them. Each such virtual computer is called a partition.

The documentation contains a node describing the hypervisor implementations and the APIs available for creating hypervisor aware drivers and applications. The node is located strategically hidden under Device and Driver Technology|System|Hypervisor.

Because the debugger is so close to the hardware layer, the introduction of another layer between debuggers and the physical hardware layer brings some changes to the debugging process. In the future post I will analyze the impact that the hypervisor has to the techniques described in the book.

Wireshark is the newest version of Ethereal

2007-10-18T07:17:00Z

A network packet sniffer is a great tool for investigating network communication error. At the time of writing the book, Ethereal was one of the best tools network packet sniffer available and we used it to analyze the network communication between two different systems.

However, the last update to Ethereal has been made in April 2006 having the version 0.99.0, that is more than one and a half year ago. Since then, several vulnerabilities have been discovered in protocol parsers and because Ethereal opens/interprets each packet received by the networking card, it is essential to use a version which is up to date.

Due to trademark related issues, the latest packet sniffer version is offered under Wireshark name, last release being 0.99.6. This release fixes several security holes discovered in the previous releases of Wireshark and Ethereal.

Even if the sample capture files available on the website can be opened safely with the Ethereal, it is strongly advised to upgrade to the latest Wireshark version. This is even more important when the captured packets are not received from trusted servers. Wireshark opens the sample capture files described in the chapter 8 without any problem and provides the same user experience as the Ethereal.