Equivalent of Microsoft Application Verifier for managed applications - clr

Do you know of any equivalent of Microsoft Application Verifier for managed applications?
Thanks!

The question doesn't make a lot of sense. The best equivalent for Application Verifier in a managed app is Application Verifier. It works just as well, a managed program also allocates memory from the Windows heaps and uses locks and handles. The odds that it will ever find anything wrong are just rather low. Managed code just doesn't suffer from the kind of problems that make Application Verifier useful for code written in an unmanaged language.
Maybe you want to verify something else, it isn't clear exactly what. The FxCop tool is a good one that analyzes managed code for all kinds of oopses that are common in .NET programming. An entirely different set of problems than Application Verifier checks for. It is also a static analyzer. At runtime, the verifier built into the jitter and the strong argument validation in .NET framework code and the CLR keep you out of trouble. Managed code was inspired in no small part by the kind of problems that required a tool like Application Verifier.
But no, there is no equivalent tool for managed code

It turns out that there are cases where this functionality is required for managed code.
Unfortunately I'm in one of those situations right now.
Have a look at Microsoft Research CHESS: http://research.microsoft.com/en-us/projects/CHESS/
And the Channel 9 video demo, the developers of the tool mention that the behaviour of the tool is very similar to appverifier and that it can test managed code: http://channel9.msdn.com/shows/Going+Deep/CHESS-An-Automated-Concurrency-Testing-Tool/
Download from: http://research.microsoft.com/en-us/downloads/b23f8dc3-bb73-498f-bd85-1de121672e69/

Related

Electron with C++ backend - secure?

I have written a UI in Electron and I would like to connect it with my C++ code. However, I will be selling this product and so I would like to know if this makes it easier for people to crack my C++ code? Obviously I know compiled C++ can be cracked anyway, but does this affect it in any way?
Additionally, what is the best way to go about this while preserving maximum possible security?
Thanks.
EDIT: How about this? Is it possible to use c++ as back-end for Electron.js?
EDIT2: To clarify, my Electron app will be showing the status of operations being performed in the C++ program. As such, I will need to send lists, dictionaries, strings etc. from C++ to JS which will then render it. Additionally, buttons on my Electron app need to trigger actions in the C++ code, such as stopping or starting certain parts of the program.
I have written a UI in Electron and I would like to connect it with my C++ code ...
I would like to know if this makes it easier for people to crack my C++ code?
Using electron does not make any meaningful difference for protecting the C++ source code. (Your intellectual property)
The Javascript code running in electron will be very easy to reverse engineer though, which gives users a head start on experimenting with your C++ binary. Using minification and obfuscation tools can at least make that harder.
For the C++ side, connecting C++ to Electron can be done in at least these two ways:
By dynamically linking to a shared library (Node.js C++ Addons)
In this case your C++ API would be functions that get exported by the shared library. There are many tools to inspect shared libraries (DLLs) and view these functions.
By communicating with another process using some sort of Inter-process communication.
In this case your API would depend on the IPC method used. If it was TCP/UDP messages you could use Wireshark to inspect the packets between the processes. There are ways to inspect messages going over any type of IPC.
Either way, your application must be delivered to the end-user with a compiled binary. Preventing reverse engineering of the binary itself is impossible if you actually give the binary to your users.
You should also expect that a savvy end-user will have access to other tools that can inspect the API and implement third-party code that talks to that API.
Additionally, what is the best way to go about this while preserving maximum possible security?
By "maximum possible security", I will assume you are referring to preventing unauthorized use of the C++ code with other applications.
You would need a licensing system that can authenticate the application that is using your C++ binary's API. Explaining what that would be exactly is probably too large of an answer for a Stack Overflow, and you will have to do some research on how licensing systems are implemented.
It may be theoretically impossible to develop a perfect licensing system though. Look at the gaming industry, it takes just a matter of days to for the licensing software become circumvented for every new game that is released. The only software architecture that cracks haven't completely conquered are cloud-based applications, which don't actually deliver compiled code with their business logic to the end-user's computer.

Updating a VB6 application to .net

I know a lot of questions have been asked about VB6 migration (and I've read most of them), but I'm still not entirely certain on what the best way to go about this is.
We have a client that we built an order tracking application for about a decade back and they came to us this week saying they were having some issues with it. The app was written entirely in VB6, which has been something of a hassle as tracking down the necessary tools to work with a project so old took some considerable effort. In an effort to make any future maintenance less of a headache, my boss wants to pitch the idea to them of updating the app to .net and wants to know what exactly that would entail. I've never done anything like this before, but what I've read (both here and elsewhere) suggests that Microsoft's "auto-update" from VB6 to .net simply doesn't work very well and I'd pretty much have to rebuild the app from the ground up.
To get to the crux of my question: is this the case? Would I pretty much just need to rewrite it, or is there another means of going about this that could/would save me a lot of time/effort?
Any insight would be greatly appreciated.
VB6 and VB.NET are radically different. The syntax has changed, and so has the underlying structures, forms, custom controls, and almost every single aspect you can possibly think about.
A complete redesign and reassessment of needs and functionality is imperative. With .NET the plethora of new libraries and features supersede the antiquated VB6 libraries, OCXs, etc. Also if you feel bold, you can migrate your code to C# and other CIL languages aside from VB.
Out of hand, the Microsoft migration tool will not do much. Moreover, it also depends on whether you have your business logic well separated from your GUI. Otherwise, it will make it even harder. Depending on the size of your application, it might make it quite expensive. Another possible solution you might consider is to run your app in a virtual environment or on a remote app http://technet.microsoft.com/en-us/library/cc730673(v=ws.10).aspx that will ease the deployment pain.
I have also researched this topic.
Try the smart rewrite solution that converts 95% of the code automatically.
first, run your app through the assessment wizard to determine estimated costs and resources needed.
http://visualwebgui.com/Gizmox/Solutions/InstantbCloudmoveb/tabid/744/Default.aspx

Stream and direct access in Fortran

I realized that I can emulate stream access in a compiler without it using a direct access file of characters.
Are there any pitfalls or portability issues I should be aware of?
My program seems to work OK.
I found that direct access files are indeed sometimes used for this purpose. The example is library binstreams in FLIBS. The issues that comes with this approach are described there as well under implementation notes. This approach can be handy, because there sometimes not the newest compilers available on every HPC computer.

Development of a FIX engine

I am new in the FIX and have requirement to develop a small FIX engine to communicate trading system. As I know there are plenty of FIX engine available but here requirement is to develop it.
Could anyone provide me the reference on any open source or any good article to start it?
For C++ use quickfix
Java use QuickfixJ
For .NET use VersaFix
To refer to Fix message constructions.
Both the libraries(Quickfix) have the same nomenclature as mentioned in the FIX protocol standards. But they are little buggy here and there, but you can rectify them in your source code. I have used both of the libraries in a commercial project and say so after seeing the libraries work. But the code is quite simple and they have an online reference manual to work with.
But developing your own library will be a big task for only one developer, if you have a team it can be much easier. Remember other than parsing you have to incorporate network communications, configuration on how to run it and threading structures also.
Developing your own FIX engine is not easy, specially if you will be dealing with FIX session level details yourself. Synchronizing sequences through ResendRequest, GapFill and SequenceReset is not easy and it would be nice if you can just use a FIX engine that is already doing that for you.
Another problem with the FIX protocol is REPEATING GROUPS. It is not easy to parse them quickly as it requires recursion or alternatively a complex iterative implementation.
Moreover, most Java FIX engines produce a lot of garbage when they are parsing the message, which increases variance and latency due to GC overhead.
Lastly, an intuitive API design is crucial to accelerate FIX development. If you want a good example of a clean API, you can check CoralFIX.
Disclaimer: I am one of the developers of CoralFIX.
You certainly want to look at QuickFix.

Which is the programming language to retrieve info. such as OS info, memory, processes/threads, program version, DLL version etc?

I want to develop an application that can retrieve information such as, DLL version, DLL build mode(debug or release), info. regarding OS, memory, processer, processes/threads, program version etc. I am developing this mainly for Windows, but it'd be good if the application supports Linux too(wherever applicable).
I am basically a java programmer, and I know C, C++ to some extent.
Which programming language should I go for, that'd make my job easy? i.e. which language has APIs to fetch these kind of information?
Well... APIs are available regardless of the language... But the easiest way to get at what you are trying to do is going to be a C or C++ app. That doesn't mean it'll be easy (getting a DLL version is easy, getting memory and processor type is easy. The other stuff is certainly possible, but you may have to roll up your sleeves and learn the win32 API).
You might want to take a look at an application that already does exactly what you are asking about (Process Explorer) before you try to develop this yourself... It's going to be a big undertaking - and the folks at Sys Internals are really, really good at this stuff, and have already done it.
You commented on Kevin Day's answer that you would prefer to use Java for this.
Java is not very well suited for this, because the information you want to get is very platform-specific, and since Java is designed to be platform-independent, there are not a lot of ways to get at this kind of information from Java.
There are some methods in classes java.lang.System and java.lang.Runtime to get information about the platform that your Java program is running on. For example, class Runtime has a method availableProcessors() that tells you how many processors are available to the Java virtual machine. Note that this is not the same as the number of processors (or cores) that exist in the computer; the documentation even says that the number may change while the program is running.
Lookup the documentation for java.lang.System and java.lang.Runtime for more information.
Most likely you're not going to get exactly the information that you need by using pure Java - C or C++ will be better suited to get this kind of platform-specific information. If you would need this information from a Java program, you could write a small DLL or shared library and use JNI to call into it from your Java program.
Since DLLs are mentioned I presume we are talking about Windows.
I would recommend using WMI queries. They look very much like SQL and give you access to many very useful classes.
e.g. all info about the OS can be found here - in W32_OperatingSystem:
http://msdn.microsoft.com/en-us/library/aa394239(VS.85).aspx
You can use WMI classes from any language including C++.
As a side note - if you start a new application from scratch consider using PowerShell - new scripting language from Microsoft.

Resources