Creating Critical System Process in .NET

Yestreday, my home computer was infected by a worm - "Win32/Brontok.A". While cleaning it up I detected that I have TWO lsass.exe processes in the task manager. lsass.exe is a system process of the Microsoft Windows security mechanisms. The worm created lsass.exe in the My Documents folder, launched it and was happily operating on my machine.



And here's most interesting fact, when you try to kill lsass.exe process via task manager, you'll receive warning, like in the picture below.

I used Process Exloperer tool to kill that process and desinfect my computer.
However, it was interesting to see that Task Manager checks process name and not some special things about system process ( digital signature? ).

I created simple console application in C#, named it lsass.exe and voila - I have criticall system process :8-)

Financial education

This subject really bugs me for some time. I'm software developer, engineer. In school and university we didn't study that subject. Now I see that its one of the most important and SHOULD be studied, since everything in our life is connected with finances.

Good start to understand why financial education is so important is the books by Robert Kiosaki. For Russian and Ukranian readers there's e-version of his books here

Rather good blog about finances is Get Rich Slowly

Interested On How These Invisible Little Things Look Like?

When I was a child I really enjoyed studying different little things like leaves, insects and spores with microscope.

To pity that there were no such sites like this in that time.

Windows Live Writer Team Appears To Be Of Non Microsoft Origin

Rob Mensching recently met Windows Live Writer team. And it appears that this team was acquired by Microsoft.

Microsoft tries its best to enhance its Live initiative. Well, with such brilliant teams we can expect more interesting stuff to be released under Live.

Does your network application support IPv6?

One of the ways to find out about this is to add an IPv6 address to you computer, and make the application use it. If you observe no crashes and connectivity is fine, then you're okay and there is no need to read further :8-).

What can you do to be IPv6 "compatible"? At first start from here.

If your application is managed one and you use sockets for network I/O then the only thing you should remeber is to check IpAddress.AddressFamily property.

In code this can look like this (error checking is removed for simplicity's sake)

public void Connect(string host, int port)
{
   IPHostEntry ipHostEntry = Dns.GetHostEntry(host);
   //and now we're creating socket with appropriate address family
   IPEndPoint ipEP = new IPEndPoint(ipHostEntry.AddressList[0], port);
   Socket socket = new Socket(ipEP.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
   socket.Connect(ipEP);
}
 

Many developers are creating sockets assuming that there will always be IPv4. Generally this works as IPv6 addresses are not common these days. But times are changing and we have to be prepared...

Finance news from Ukraine

Once again I had to use Feedburner to convert feed fomat. The trick is the same as described here. This time it was http://news.finance.ua/ua/rss. I'm using IE7 RC1 and it doesn't recognize format of this feed.

So, here is new feed http://feeds.feedburner.com/Financeua in the RSS 2.0 format.

.NET: tricky enums with custom attributes

Sometimes, when we want to serialize data type we use attributes to give additional description for type itself and its fields.

Imagine that the type we want to serialize has enum field (SampleEnum)

public class ExtendedInfoAttribute : Attribute
{
string description;

       public string Description
       {
           get { return description; }
           set { description = value; }
       }

}


public enum SampleEnum
{
       [ExtendedInfo(Description="First value")]
       EnumValueOne,
       [ExtendedInfo(Description = "Second value")]
       EnumValueTwo
}

ExtendedInfo attribute provides additional info about enum fields. When serializing this attribute value can be used to provide some additional info about enum fields.

So, what's so special about getting these attribute values? Well, nothing special if you known where to look for :8-)

//errors checking is omitted for clarity
SampleEnum sEnum = SampleEnum.EnumValueTwo;

Type type = sEnum.GetType();
FieldInfo fieldInfo = type.GetField(Enum.GetName(type, sEnum));
ExtendedInfoAttribute[] attrs = (ExtendedInfoAttribute[])fieldInfo.GetCustomAttributes(
typeof(ExtendedInfoAttribute), false);
Console.WriteLine(attrs[0].Description);

Technocrati post

Please ignore... Technorati Profile

HTTP: Proxy Design Considerations.

At first let’s make short description of what HTTP proxy does.

Basically, it receives HTTP requests and routes them to remote web server or another proxy.

How does proxy know where to send requests?
Well, in order to known that proxy has to parse incoming HTTP requests and obtain URI part of the HTTP request.

Note:
HTTP request consists of header line, headers and values and possibly content. Header line with headers is terminated with double CRLF sequence ( CRLF stands for carriage return and line feed or  \r\n escape characters). Then may or may not come content (it depends on request type GET, POST etc).

So, the workflow will be: proxy receives HTTP request, parses/analyzes it and routes to appropriate server or another proxy.

How efficient is that?

Well, if we want proxy with ability to process HTTP content, then we'll design it in such a way that whole HTTP request's content will be received by proxy and then parsed/analyzed ( I will not cover that in this post). But if we want our proxy to merely route requests then the approach described above will be very inefficient. Because total size of HTTP request can be quite large, receiving it completely can lead to great memory consumption.

Solution here can be quite simple. HTTP header contains all the info proxy needs to route the request. So, proxy can be designed in such a way that it will receive only full HTTP header, parse/analyze it.  And if there is content pending it will be immediately routed to destination pointed out by request's header.
An indication of that fact that content is pending is: we have HTTP POST request, Content-Length header is bigger then 0. 

 This approach will be more efficient, since it assumes that less memory will be allocated to process one HTTP request. Also this approach will speed up traffic through proxy.

Windows Service Start Issues. .NET ServiceBase class

In .NET world Windows Service is represented by ServiceBase class
from System.ServiceProcess namespace. Service developer inherits her
own class from ServiceBase and overrides OnStart and OnStop methods.

Then to start service ServiceBase.Run(...) call is needed and here comes
an interesting part...

Usually process-wide initialization occurs in OnStart overload.
But what will happen if that initialization takes longer than 30 seconds?
( 30 sec. is the default time that Service Control Manager - SCM will wait
for the service to start ).

There are to ways not to get in troubles here:
(1) ask for more time to finish initialization, or
(2) do process-wide initialization in separate thread.

Both ways have advantages and disadvantages.
In first approach to ask for more time ServiceBase.RequestAdditionalTime(...) is used. Benefit here is that the code that starts service will know
for sure that service is up and running.

Second approach will give the illusion that service is up and running, while
internal initialization may not be finished. This can cause strange behavior.

First approach can be used when service is interacting with something (sends/receives data etc.).
While second approach will suit best for scenarios where service is a standalone application that is not communicating with anything except SCM :8-)