2006-03-26

Microsoft MechCommander 2 Shared Source Release

Microsoft has released the source code for "MechCommander 2" under its Shared Source license.

"This release contains all of the source code and source assets required to build MechCommander 2."
The intent is to use it with the "Microsoft XNA Build March 2006 Community Technology Preview (CTP)"
"Microsoft® XNA™ Build is a tool which will help game studios manage the growing complexities of their game content builds. We invite you to install this pre-release into a non-production environment to learn more about how XNA Build will reduce development complexities."

2006-03-25

MakeMeCentral, MakeMeEastern

OK... I don't know what motivated this, but Microsoft has made available hotfixes that can be used to change the time zone setting on Windows Server 2003 and Windows XP systems "in an organization". There is a hotfix for "(GMT-06:00) Central Time (US & Canada)" and one for "(GMT-05:00) Eastern Time (US & Canada)".


"Sometimes, you may want to change the Time Zone setting on many computers at the same time. This hotfix lets you change the Time Zone setting on a computer"...


Interestingly, the files in the hotfixes are named:
MakeMeCentral.dll
MakeMeEastern.dll

I wonder if we'll see a "MakeMeMountain"...

2006-03-24

Anemic CPU Utilization?

VMWare posted a customer story to their website about curing "anemic CPU utilization". While I "get" it, I also thought it a bit atypical that a company would actually promote software that causes increased CPU usage.

int main( void ) {
    while( 1 );
    return 0;
}

2006-03-23

4294967295 bottles of beer...

I got a chuckle from Michael Howard's blog post "A useful primer to Integer overflows/underflows"...

2006-03-22

EventID 4226, Source TCPIP

I recently started seeing Event ID 4226 with source TCPIP (EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED) in my System event log. The message is "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." It sounded familiar, so I figured I had seen it before and filed it away as a low priority item to deal with when I got the time.

I tore into it a bit more because it was starting to bother me a bit. I use Avant Browser's "Groups" feature to open 30 or so web pages multiple times a day. This is fine and dandy, but during the process where Avant is trying to load all of the pages, my system's network connectivity would go downhill. So I figured Windows was imposing some artificial limit on the number of outgoing TCPIP connections. Sure enough, "Changes to Functionality in Microsoft Windows XP Service Pack 2 - Part 2: Network Protection Technologies" indicates:

Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed description
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system’s event log.

Why is this change important? What threats does it help mitigate?
This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

What works differently?
This change may cause certain security tools, such as port scanners, to run more slowly.

How do I resolve these issues?
Stop the application that is responsible for the failing connection attempts.

The interesting thing is that there's nothing to change this behavior - you're limited to what appears to be 10 "concurrent TCP connect attempts".

Well, maybe it's more accurate to say that there's no Microsoft-sanctioned way to change this behavior. There _is_ a utility at http://www.lvllord.de/ that patches TCPIP.SYS and allows one to set the limit (default is 50, up from 10). Of course, this annoys Windows File Protection, and the patched TCPIP.SYS can be replaced by an update from Microsoft, but it appears the utility's author keeps the utility up-to-date so that in little or no time one can re-patch TCPIP.SYS if necessary.

It worked for me... :) Thanks, LvlLord!

2006-03-10

MatrixParser?

This is kinda cool.
LogParser from Microsoft Downloads is a pretty neat utility. Spend some time playing around with it, and it can be your best friend in a lot of cases.

The current version is 2.2.10, released on 2005-04-20.

There's even an easter egg in the program...

Run a CMD prompt, and change to the LogParser install directory (default is "C:\Program Files\Log Parser 2.2"). Then, type in (for example):

logparser "select * from c:\ntldr" -o:neuroview
The key, of course, is the parameter specifying the output format ("-0"), "neuroview" in this case.

2006-03-07

User-Mode Driver Framework (UMDF) Resources

Ran across the following User-Mode Driver Framework (UMDF) resources:


UMDF drivers can run on Windows Vista. Support for UMDF on Windows XP is being considered for the Windows Vista release timeframe.

2006-03-06

Free Security Training for Developers

The MS Patterns and Practices group has some free security training modules for developers. There's an intro at J.D. Meier's blog, and Channel 9 has the Patterns and Practices Security Training Modules Index. I haven't had the chance to check things out yet, but I sure would love to if I could find the time...

2006-03-05

Determining the Versions and Service Packs of the .NET Framework Installed on a System

I've been getting involved recently in authoring installation programs. One of the things that comes up is how to determine what versions and service packs for the .NET Framework are installed. Usually, a "System Search" (in InstallShield) can be used to determine this. But what on the system should be searched?

There's this article from Macrovision / InstallShield that talks about the MsiNetAssemblySupport property available with Windows Installer 2.0 and later. The property uses the latest version of FUSION.DLL found on the system. The article then goes on to state:

Additional Information
For additional information, click the following link to view the article in the Microsoft Knowledge Base: http://support.microsoft.com/kb/318785


That KB article ("How to determine which versions of the .NET Framework are installed and whether service packs have been applied") provides a list of version stamps that correspond to a specific .NET Framework version and revision. The version stamps come from the MSCORLIB.DLLs that are installed by the various framework versions and revisions. So one is to search for all MSCORLIB.DLL files on the system and use the chart to determine what version(s) of the .NET Framework are installed.

Then, there's another MS KB article - "How to detect the installed version of the .NET Framework in a Visual Studio Setup and Deployment package" - that describes how to set up launch conditions in a Visual Studio Setup project to set properties based on the values of certain registry entries - specifically, entries residing in HKLM\SOFTWARE\Microsoft\.NETFramework\policy\vX.Y, where X is a major version and Y is a minor version number of the .NET Framework.

And finally, yet another MS KB article was published on 2006-02-28. This one is "How to use Visual C++ .NET to detect the .NET Framework versions and service packs that are installed on the computer". Again, one is instructed / directed to search in the registry for the answer. The keys referenced in this article are HKLM\Software\Microsoft\NET Framework Setup\NDP\vX.Y.Z, where X is a major version, Y is a minor version number, and Z is a "build" (or similar) number. For 1.1, and 2.0, that is. For 1.0, one is to check HKLM\Software\Microsoft\.NETFramework\Policy\v1.0 (like KB article 315291). To determine service pack levels, other registry values are checked.

Obviously, there are many different ways to do the same thing. But it would be nice if the MS KB was consistent. I think I prefer the method illustrated by "How to use Visual C++ .NET to detect the .NET Framework versions and service packs that are installed on the computer" because it seems the most straightforward - the registry value "Install" is set to 1 if the Framework version is installed, and the value "SP" is set to the level of the service pack of that version of the Framework that is installed. In this case, the .NET Framework 1.0 is a bit different, but it's pretty much a non-issue in my environment because we never officially released anything that ran on the .NET Framework 1.0.

2006-03-04

Using C++ in Kernel Mode Drivers

Found a page on the WHDC site at Microsoft.com that discusses using C++ in kernel mode drivers. Pretty interesting, for me at least. =8->

C++ for Kernel Mode Drivers: Pros and Cons

2006-03-03

.NET Framework 2.0 Configuration Tool, Part 3

See part 1 and part 2 of this topic...

Discovered some more info on the .NET Framework 2.0 configuration tool. I was using various tools to try to figure out what the console was doing. Just running MSCORCFG.MSC would yield the following dialog:


Obviously, something more needed to happen to get the MMC snap-in to work. I profiled MMC.EXE with Dependency Walker, and also monitored the process with FileMon and RegMon. I wasn't turning up much information. Then, in Dependency Walker, I noticed that MMC loaded MSCORMMC.DLL. MSCORMMC.DLL exported DllRegisterServer and DllUnregisterServer, so I figured that I needed to register the MSCORMMC.DLL with RegSvr32.

Running "regsvr32 mscormmc.dll" yielded the following series of dialogs:





After thinking a bit, I decided to extract the files from the .NET Framework 2.0 SDK and open up netfxsdk.msi in InstallShield. I don't know what Micosoft uses to author its installation programs, but InstallShield sure had trouble with it - 100% CPU utilization when moving from component to component. It took a while, but I finally determined that doing "regsvr32 mscormmc.dll" actually put the wrong registry entries in place.

What follows is a .REG representing the "correct" registry entries that the installation program for the .NET Framework 2.0 SDK apparently takes care of. Note that all 3 paths to MSCORMMC.DLL would need to be changed to reflect the system that this REG file would be run on. Also note that the REG file removes any existing settings that might be there - in my tests it wasn't enough to simply merge the correct REG settings with the garbage left by doing "regsvr32 mscormmc.dll" - the old settings actually needed to be removed.



Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}]

[-HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}]

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}]

@="Microsoft.CLRAdmin.CData"

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\InprocServer32]

@="C:\\Utils\\NetFW20Utils\\mscormmc.dll"
"ThreadingModel"="Both"
"Class"="Microsoft.CLRAdmin.CData"
"Assembly"="mscorcfg, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v2.0.50727"

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\InprocServer32\2.0.0.0]

"Class"="Microsoft.CLRAdmin.CData"
"Assembly"="mscorcfg, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v2.0.50727"

[HKEY_CLASSES_ROOT\CLSID\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\ProgId]

@="Microsoft.CLRAdmin.CData"

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}]

@="Microsoft.CLRAdmin.CAbout"

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}]

@=""

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}\InprocServer32]

@="C:\\Utils\\NetFW20Utils\\mscormmc.dll"
"ThreadingModel"="Both"
"Class"="Microsoft.CLRAdmin.CAbout"
"Assembly"="mscorcfg, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v2.0.50727"

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}\InprocServer32\2.0.0.0]

"Class"="Microsoft.CLRAdmin.CAbout"
"Assembly"="mscorcfg, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
"RuntimeVersion"="v2.0.50727"

[HKEY_CLASSES_ROOT\CLSID\{D8FE614D-4851-4a72-998D-D1F2E750A050}\ProgId]

@="Microsoft.CLRAdmin.CAbout"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}]

"About"="{D8FE614D-4851-4a72-998D-D1F2E750A050}"
"NameString"=".NET Framework 2.0 Configuration"
"NameStringIndirect"="@C:\\Utils\\NetFW20Utils\\mscormmc.dll,-30"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{A22B5BA1-D8CF-4db6-BC91-CFC1A04E2469}\StandAlone]

@=""

(Let's hope the formatting of the REG file doesn't mess up the formatting of the whole blog...)
The files required are:
-- mscorcfg.dll
-- mscorcfg.msc
-- mscormmc11.cfg
-- mscormmc.dll

All files should be placed in the same directory (anywhere), but it appears that mscorcfg.dll also needs to be placed in the GAC. Again, note that the REG file above requires one to change the path to mscormmc.dll in 3 places to reflect the actual path to the DLL on the system on which the REG file is merged.

2006-03-02

The Morning News

This dude is over the top. I laughed for hours. I was not surprised.

http://www.themorningnews.org/archives/spoofs_satire/be_not_afraid.php

And I love this IKEA RPG walkthrough:
http://www.themorningnews.org/archives/how_to/the_nonexpert_ikea.php
"IKEA is a fully immersive, 3D environmental adventure that allows you to role-play the character of someone who gives a **** about home furnishings."

2006-03-01

Get Perpendicular!

Perhaps this is what happens when geeks turn to Marketing?

Hitachi has a Flash Animation about hard drives that use perpendicular recording technology, which is expected to enable the manufacture of hard drives with 10 times the capacity currently available.

Was one of those bits John Travolta???