Monday 7 July 2014

Strong name signing fails on C++/CLI project on Visual Studio 2010 SP1

Introduction

On C++/CLI projects, we may specify a strong name key for the output module on AssemblyInfo.cpp, like this:

[assembly: AssemblyDelaySign(false)];  
[assembly: AssemblyKeyFile("..\\strong.snk")];

The first line explicitly sets that we are not going to use delay-signing whilst the second line specifies the key file to sign with. This syntax is legit and should produce a strong name signed .Net module. However, sometimes it doesn't, with producing this warning: 

mt.exe : general warning 810100b3: ??????.dll is a strong-name signed assembly and embedding a manifest invalidates the signature. You will need to re-sign this file to make it a valid assembly.

You might think let's just ignore it, but probably this will make your runtime crash upon loading this module with "System.IO.FileLoadException" which complains about the missing strong name signature on the module. Again - I definitely set the syntax to put a strong name key in the module but the file is not produced so. What's going on inside? 

Under the bonnet 

Let's focus on the warning back - "embedding a manifest invalidates the signature". It sounds like the module had been successfully built with the given strong name key, but then a manifest was embedded, which broke the strong name signature. Perhaps it's possible not to embed a manifest but this is not a right thing to fix the problem. 

So what's happening? Does Visual Studio support a syntax which is not fully implemented? Maybe, yes. The syntax should automatically re-sign the assembly after embedding a manifest, but by some reason it does not do that, yet. Even worse, the Visual Studio versions lower than 2010 did not generate that warning at all so that the developers wasted much time to get to know what was going on there. 

Solution 

Having said that, all we need to fix (or workaround) the issue is to re-sign the module. 

1. Define a post-build custom action using SN.EXE

On Visual Studio 2010 command prompt or Microsoft SDK command prompt, SN.EXE (Strong Name Tool) is available for strong name signature works. Open this link http://msdn.microsoft.com/en-us/library/k5b5tt23(v=vs.100).aspx for details of this utility. Please note that the options of that tool are case-sensitive

To re-sign the module, this syntax can be used on a new custom post-build event (Project property - Configuration Properties - Build Events - Post-Build Event):

  Command Line: sn.exe -Ra "$(TargetPath)" <snk file name/path>

"-Ra" option is to re-sign an assembly which is already signed, which means AssemblyInfo.cpp should still have the strong name key syntax as shown on "Instruction". 

2. Set "Key File" and "Delay Sign (false)" on project properties

Visual Studio introduced "Key File" and "Delay Sign" fields on C++/CLI projects, which can be used to set a key file explicitly. (Project property - Configuration Properties - Linker - Advanced) Please don't forget that you should apply this on all configurations such as "debug" and "release". 
  • Set "Key File" as what you set on [assembly: AssemblyKeyFile] field on AssemblyInfo.cpp
  • Set "Delay Sign" to false
  • Mind you, the counterparts on AssemblyInfo.cpp should be removed as they conflict.
The build process automatically re-sign the module after embedding a manifest, if these fields are set correctly. Even if you have done this before, you may need to do this again because the internal field syntaxes on the project had been changed on Visual Studio 2010 SP1. If you already set that on RTM and upgraded Visual Studio 2010 to SP1, the settings won't be recognised. If your team has a mixed environment of RTM and SP1, it'll be better to upgrade all to SP1. 

If the problem persists, please refer to the links listed on "References" as many people encountered this issue and succeeded in fixing/workarounding it in various ways. 

References 
Posted by at 2 comments:

What is "delay-signing" and how to use / test / prohibit it for testing

Introduction 

In .Net, we have some new concepts of "strong name key" and "strong name signing" to ensure that the modules we supplied to users are from our side. Although it's basically optional, the most of commercial projects use this for security. Microsoft calls the strong name signed assemblies as "Strong-named assemblies". (If you're interested more details, please refer to http://msdn.microsoft.com/en-us/library/wd40t7ad(v=vs.110).aspx ) Please note that this concept is different from "digital signature" which appears on the file properties on Windows Explorer. Strong name key-related information does not appear on Windows Explorer. 

With this information, we understand that there are two sort of modules in terms of strong name signature; "strong-named modules" and "non-signed modules". But what is "delay-signed" ones? 

Why "Delay-Signing" is needed 

To give a strong name to a module, we need a key file which has ".snk" as extension. For security reasons, some company don't open this for all of their developers. Instead, they apply the signatures via a batch process or open/close the file periodically. This means, most of test builds are not allowed to use the snk file whilst they should be built correctly and able to be tested without changing the Visual Studio project properties every time. This is why we have the third option of "delay-signing". 

"Delay signing" does not actually sign binaries but just leave blanks on the binaries in order to really sign them later. These "delay-signed" binaries won't throw an error of "Referenced assembly does not have a strong name" so the build will pass. However, it is still true that the modules don't have valid strong name signatures so that the runtime will crash with "System.IO.FileLoadException" but there is a second chance to re-sign them with a valid strong name key file with SN.EXE (Strong Name Tool). This is a console application which can be run via Visual Studio Command Prompt or Microsoft SDK Command Prompt. Please refer to http://msdn.microsoft.com/en-us/library/k5b5tt23(v=vs.100).aspx for details of this tool. 

How to set "delay sign"

(C#) 
  1. Go to "project properties - Signing". 
  2. Tick "Sign the assembly" and then "Delay sign only"
  3. Set a strong name key file as what you are expected to use for 'real' signing later. 
(C++)
  1. Go to "project properties - Linker - Advanced"
  2. Set "Key File" field
  3. Set "Delay Sign" to "Yes". 
Or, the same thing is achievable on AssemblyInfo.cs or AssemblyInfo.cpp. 

(C#)
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyKeyFile("myKey.snk")]

(C++)
[assembly:AssemblyDelaySignAttribute(true)];  
[assembly:AssemblyKeyFileAttribute("myKey.snk")];  

 We can set delay-signing on modules to pass the build. Do we still need a valid strong name key to run the binary? 

I said that the build would pass but the runtime would throw an exception due to security checking. Does this mean that this is only for build pass? Of course not. There is another step to "ignore" the signature verification for internal testing. Using SN.EXE, it is possible to register assemblies for verification skipping by specifying -Vr <assembly> option. (Be careful - the option is case-sensitive.) For example, 

  sn.exe -Vr myassembly.dll

This will add an entry on verification skipping list and the loader procedure won't throw the exception. It makes sense that the list is stored locally on a machine and cannot turn off the verification permanently as this procedure is only for internal testing. 

Not to mention, the "real" signature should be put on the modules before shipping. The procedure will be like this. 

  sn -R myAssembly.dll sgKey.snk

This is useful if the actual signing should be done by someone else or the key file is not open for every developer. 

Isn't it a security hole as we can run the binary anyway, without a valid strong name signature? 

That's absolutely correct, but at least we can print out the verification skipping list to check if any exception is defined on the machine, by doing this: 

  sn.exe -Vl

If no entry is defined, it will say "No verification entries registered". As the list exists on registry, it is also possible to visually see the table on regedit. Check these keys when/if your runtime seems to work incorrectly by malicious modules and you're not ready to install Visual Studio or SDK on the target machine.
  • HKLM\Software\Microsoft\StrongName\Verification
  • HKLM\Software\Wow6432Node\Microsoft\StrongName\Verification   (only for x64)
It is also important to ensure that there is no entry here on test machine to perform final test before product release. To do the same thing, there is another useful thing to ensure that there is no exception entry; Create a DWORD entry set to 0 named "AllowStrongNameBypass", under: 
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework  (only for x64)
References
Posted by at No comments:

Setup web browser (Google Chrome) search engine for TFS2013

Introduction 

On TFS 2013 Web Interface, it is possible to search any item with new custom queries. However, sometimes it takes too long time if we just need to search items with a short keyword. e.g. "Crash", "Password", ... It's really ineffective to define a new custom query every time for this purpose, indeed. 

Luckily, TFS supports WIQL syntax directly on URL so we can easily setup browser search engine by pre-setting WIQL syntax with keyword replacements. I'm illustrating how-to for Google Chrome, but the same idea can be used in other browsers. 

Keyword Search
  1. ​​Go to settings
  2. Click "Manage search engines" on "Search" tab
  3. Put a new search engine with the following:
    • ​name: TFS title and contents 
    • keyword: tfs 
    • url: http://<TFS web interface base URL>/_workitems#_a=query&wiql=SELECT [System.Title], [System.State], [System.AssignedTo], [Microsoft.VSTS.Scheduling.RemainingWork] FROM WorkItemLinks WHERE (Source.[System.Title] contains '%s' or Source.[System.Description] contains words '%s' or Source.[System.History] contains words '%s') and ([System.Links.LinkType] = 'System.LinkTypes.Hierarchy-Forward') ORDER BY [Microsoft.VSTS.Common.BacklogPriority], [System.Id] mode(Recursive)
      • The base URL is usually the home address of your project. e.g. http://my-tfs-01/tfs/org/TheProject
  4. ​Click "done" 
This is an example result with search keyword 'Evolution':



Item ID search 

Similarly, it is also possible to setup another search engine with TFS ID number. For this case, the configuration will be like this:
  • ​​name: TFS ID
  • keyword: tfsid
  • url: http://<base URL>/_workitems#_a=query&wiql=SELECT [System.Title], [System.State], [System.AssignedTo], [Microsoft.VSTS.Scheduling.RemainingWork] FROM WorkItemLinks WHERE (Source.[System.Id] = %s) and ([System.Links.LinkType] = 'System.LinkTypes.Hierarchy-Forward') ORDER BY [Microsoft.VSTS.Common.BacklogPriority], [System.Id] mode(Recursive)​

Posted by at No comments:

Thursday 17 April 2014

Visual Studio macros don't work and prompt to save "MyMacros" every time



From a few months ago, I've been getting this prompt on Visual Studio 2010 and 2008, which is really nasty. Microsoft announced that one of Windows Updates on Feb 2014 introduced this issue. As per MS, this issue seems to be a side effect of MS14-009 update. 

How to fix (x64 Windows): 
  1. Close all Visual Studio instances. 
  2. Search vs*.exe.config files under C:\Program Files (x86)\Common Files\Microsoft Shared. It will display a few of vsmsvr10.exe.config and vsaenv10.exe.config.
  3. Search devenv.exe.config under C:\Program Files (x86)\. It will also display a few of them. 
  4. Open those config files and append this information on all of them.  
    •   <configuration>      <runtime>          <AllowDComReflection enabled="true"/>
References

Evernote helps you remember everything and get organized effortlessly. Download Evernote.
Posted by at No comments:

Thursday 27 March 2014

GetMySQLDateTime - tiny utility to get MySQL-style date on your clipboard

This is a very simple HTA-based utility to display current time stamp and get it on the clipboard. 


Feel free to use, modify and/or redistribute this for any purpose.


Evernote helps you remember everything and get organized effortlessly. Download Evernote.
Posted by at 2 comments:

Thursday 20 February 2014

Providing unique ID on managed object using ConditionalWeakTable (C#)

Introduction

​I was asked how to get a unique ID or something like this to distinguish managed objects and I answered object.GetHashCode() would do that. However, this answer is not perfect because sometimes GetHashCode() can return same values for different object instances. It is just for making hash codes for collections like hash maps so not perfect. 

Actually every managed object is represented by its reference which is unique and can be used for checking equity (e.g. Object.ReferenceEquals method) but sometimes it's difficult to use that because holding references block GC from collecting garbages. 

Luckily, .Net 4.0 introduced a new collection of ConditionalWeakTable<key, value> which doesn't affect on garbage collecting so that it's perfect to use for providing unique IDs on managed objects, by setting up an internal collection of ConditionalWeakTable<object, A_Counter_Class>. Its original purpose is to attach some extra data on alien objects but its characteristics allow us to track managed objects as well. 

Code

* I've just implemented and tested it by myself so please note that this code might not be perfect and can be (or should be) enhanced by yourself. ​

               class ObjectRecorder
              {
                      ConditionalWeakTable<object , object> _cwt = new ConditionalWeakTable<object , object>();

                      private static int _uniqueId = 0;

                      public void Add( object x )
                     {
                            try
                           {
                                   _cwt.Add (x, ( object)Interlocked .Increment( ref _uniqueId));
                           }
                            catch (System .ArgumentException) {}
                     }

                      public int GetValue( object x )
                     {
                            object id ;
                            if (_cwt .TryGetValue( x, out id))
                           {
                                   return (int )id;
                           }
                            return -1;
                     }

                      public ConditionalWeakTable <object, object> Cwt
                     {
                            get
                           {
                                   return _cwt ;
                           }
                     }
              }

The essential part of this class is _cwt as ConditionalWeakTable which manages a sort of map to store object reference in conjunction with its unique ID. If an attempt is made to add the same object instance again, it will do nothing. GetValue() method is to retrieve the ID connected to the given reference. 

Usage & Examples

               static void Main( string[] args )
              {
                      object a = new object();
                      object b = new object();
                      object bb = b;

                      List<int > lista = new List <int>();
                      List<int > listb = new List <int>();
                      List<int > listbb = listb;

                      object c = (object)0;
                      object d = (object)0;
                      object e = d;

                      ObjectRecorder x = new ObjectRecorder();
                      x.Add (a);
                      x.Add (a);
                      x.Add (b);
                      x.Add (bb);
                      x.Add (lista);
                      x.Add (listb);
                      x.Add (listbb);
                      x.Add (c);
                      x.Add (d);

                      Console.WriteLine ("a:" + x.GetValue (a). ToString());
                      Console.WriteLine ("a:" + x.GetValue (a). ToString());
                      Console.WriteLine ("b:" + x.GetValue (b). ToString());
                      Console.WriteLine ("bb:" + x.GetValue (bb). ToString());
                      Console.WriteLine ("lista:" + x.GetValue (lista). ToString());
                      Console.WriteLine ("listb:" + x.GetValue (listb). ToString());
                      Console.WriteLine ("listbb:" + x.GetValue (listbb). ToString());
                      Console.WriteLine ("c:" + x.GetValue (c). ToString());
                      Console.WriteLine ("d:" + x.GetValue (d). ToString());
                      Console.WriteLine ("e:" + x.GetValue (e). ToString());
                      Console.WriteLine ("x:" + x.GetValue (x). ToString());
               }

As per the expectation, it should be able to count "same references" only and not to count "same values". Here's the output. ​​​​


​​It definitely displayed the same IDs for the same references only so it actually works! 

Conclusion​​
  • Different ​GetHashCode() values mean different references, but the same values don't mean they are the same references as it's just a hash generation function which is not guaranteed to be unique per object. 
  • The real unique value is the reference itself but it doesn't come in handy for reference comparison in some cases as keeping references interferes garbage collection.
  • ConditionalWeakTable, introduced in .Net 4.0, is a good solution for this purpose as it doesn't impact on garbage collection whilst it can hold additional information per managed object. 
References
  • http://msdn.microsoft.com/en-us/library/dd287757(v=vs.100).aspx
  • http://stackoverflow.com/questions/750947/net-unique-object-identifier
Evernote helps you remember everything and get organized effortlessly. Download Evernote.
Posted by at No comments:

Understanding yield return, yield break in C# for C/C++ programmers

Introduction

These two things are very simple keywords in C# which don't exist on C/C++. I am writing this article for somebody learning C# with C/C++ background.

Basics

IEnumerator: An iterator which can perform the following; Just imagine POSITION in MFC or iterator in STL. 
  • MoveNext(): Get next value
  • Reset(): Return to the initial position
  • Current: Current value 
IEnumerable: A set of iterators. One of great advantages to use this type is "foreach" statement which is also supported in STL and the new C++11 standard. But this supports much more - data query, conversion, ... 

Example of IEnumerator & yield return / break 

(Code 1 - a function to return IEnumerator) 
               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerator< int> GetNaturalEnumerator ()
              {
                      for (int i = 1; i < 99999999; i++)
                     {
                            Console.WriteLine ("GetNaturalEnumerator - Before YieldReturn");
                            yield return i;
                            Console.WriteLine ("GetNaturalEnumerator - After YieldReturn");
                            if (i > _threshold)     // threshold = 3 
                           {
                                   Console.WriteLine ("GetNaturalEnumerator - Before YieldBreak");
                                   yield break ;
                                   Console.WriteLine ("GetNaturalEnumerator - After YieldBreak"); // unreachable code
                           }
                     }
              }

               static void Main( string[] args )
              {
                      for (var j = GetNaturalEnumerator(); j .MoveNext(); )
                     {
                            Console.WriteLine (j. Current);
                            Console.ReadLine ();
                     }
              }
  
Let's see the for loop in Main() function - it initialises "j" as IEnumerator<int>, but the function itself does nothing. Say, if I set a breakpoint at the function body, it won't hit. Instead, j.MoveNext() actually triggers the breakpoint. This means, a function that returns IEnumerator (or IEnumerable - will be covered next) works differently. ' var j = GetNaturalEnumerator() ' statement sets up the connection between the enumerator variable and the function body and the actual function body won't run until somebody calls MoveNext() on the enumerator. 


This is the first stage of execution, where the process is waiting for a line of console input at Console.ReadLine(). As per the string displayed, the function had run until "yield return i" statement. 
I hit the enter key and got this. This means, the function body resumed its work just after "yield return i" statement. This happens over and over until it gets the end of function or "yield break" statement. 
As the threshold was 3, "yield break" was hit when the number was 4. The final Console.WriteLine("...After YieldBreak") didn't run as it was unreachable. 

Example of IEnumerable & yield return / break 

(Code 2 - a function to return IEnumerable) 
               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerable< int> GetNaturalNumbers ()
              {
                      for (int i = 1; i < 99999999; i++)
                     {
                            Console.WriteLine ("GetNaturalNumbers - Before YieldReturn");
                            yield return i;
                            Console.WriteLine ("GetNaturalNumbers - After YieldReturn");
                            if (i > _threshold)
                           {
                                   Console.WriteLine ("GetNaturalNumbers - Before YieldBreak");
                                   yield break ;
                                   Console.WriteLine ("GetNaturalNumbers - After YieldBreak"); // unreachable code
                           }
                     }
             }

               static void Main( string[] args )
              {
                      foreach (var i in GetNaturalNumbers ())
                     {
                            Console.WriteLine (i);
                            Console.ReadLine ();
                     }
              }
  
Did you see? The function body of GetNaturalNumbers() is identical to GetNaturalEnumerator() on Code 1. However, see the Main() which now uses "foreach" keyword. In this example, the 'foreach' code block does the same thing as the previous 'for' code block on Code 1. 'yield return' & 'yield break' do the exactly same things. 
I bet you think now - you may ask, "why should we have a duplicate"? Of course not, because IEnumerator and IEnumerable are convertible to each other. Let me show you the 3rd example. 

Example of converting IEnumerable to IEnumerator and vice versa 

(Code 3 - modified GetNaturalEnumerator)

               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerator< int> GetNaturalEnumerator ()
              {
                      foreach (var i in GetNaturalNumbers ())
                     {
                            yield return i;
                     }
                }

               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerable< int> GetNaturalNumbers ()
              {
                      for (int i = 1; i < 99999999; i++)
                     {
                            Console.WriteLine ("GetNaturalNumbers - Before YieldReturn");
                            yield return i;
                            Console.WriteLine ("GetNaturalNumbers - After YieldReturn");
                            if (i > _threshold)
                           {
                                   Console.WriteLine ("GetNaturalNumbers - Before YieldBreak");
                                   yield break ;
                                   Console.WriteLine ("GetNaturalNumbers - After YieldBreak"); // unreachable code
                           }
                     }
             }
  
Check out the changed function body on GetNaturalEnumerator(). As IEnumerable supports 'foreach', each member can be returned by doing that. 

(Code 4 - modified GetNaturalNumbers) 
               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerator< int> GetNaturalEnumerator ()
              {
                      for (int i = 1; i < 99999999; i++)
                     {
                            Console.WriteLine ("GetNaturalEnumerator - Before YieldReturn");
                            yield return i;
                            Console.WriteLine ("GetNaturalEnumerator - After YieldReturn");
                             if (i > _threshold)
                           {
                                   Console.WriteLine ("GetNaturalEnumerator - Before YieldBreak");
                                   yield break ;
                                   Console.WriteLine ("GetNaturalEnumerator - After YieldBreak"); // unreachable code
                           }
                     }
              }

               /// <summary>
               /// Iterate natural numbers until threshold reaches
               /// </summary>
               public static IEnumerable< int> GetNaturalNumbers ()
              {
                      for (var j = GetNaturalEnumerator(); j .MoveNext(); )
                     {
                            yield return j. Current;
                     }
               }
  
How about this? I showed that they were convertible to each other and the results were all the same.

Just for fun 

I also bet you might think "what would happen if IEnumerable wanted to rehash IEnumerator whilst IEnumerator wanted to rehash IEnumerable again???" Seeing is believing. 

(Code 5 - just for fun) 
               public static IEnumerator< int> GetNaturalEnumerator ()
              {
                      foreach (var i in GetNaturalNumbers ())
                     {
                            yield return i;
                     }
                }

               public static IEnumerable< int> GetNaturalNumbers ()
              {
                      for (var j = GetNaturalEnumerator(); j .MoveNext(); )
                     {
                            yield return j. Current;
                     }
                }

               static void Main( string[] args )
              {
                      for (var j = GetNaturalEnumerator(); j .MoveNext(); )
                     {
                            Console.WriteLine (j. Current);
                            Console.ReadLine ();
                     }

                      foreach (var i in GetNaturalNumbers ())
                     {
                            Console.WriteLine (i);
                            Console.ReadLine ();
                     }

              }
  
Guess what? 

LOL - nobody was doing the job correctly and finally crashed whilst delegating to each other, which is really common in our real-life. :) 

Conclusion 
  • 'yield return' and 'yield break' statements are designed for IEnumerator and IEnumerable to iterate data collection easily.
  • The functions to return them work quite differently from usual functions. 
  • The next works after 'yield return' will be continued when the iterating function is called again. 
  • The next works after 'yield break' won't work at all. 
  • Functions to return IEnumerator and IEnumerable are convertible to each other in most cases but don't forget to implement one of them. :) 


Evernote helps you remember everything and get organized effortlessly. Download Evernote.
Posted by at No comments:
Subscribe to: Posts (Atom)