tag:blogger.com,1999:blog-60920641826622954132024-02-20T21:46:50.564+05:30Muthuraja IrullandiIf you have knowledge, let others light their candles in it. - Margaret FullerUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6092064182662295413.post-81538292372032225062016-05-31T12:02:00.001+05:302016-05-31T12:09:34.755+05:30Handling the application crash in Managed and Unmanaged code<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
Even though, if we handle the exceptions in our program, there are few scenarios which our application fail to catch those errors using the try… catch. In this article, I will be explaining a way to handle those kinds of exceptions in our program.<br />
<br />
<br />
When an exception occurs in our program, the operating system will try to find a handler for that exception in the program, if it didn’t find any exception handler for that exception, then it will call the top level exception handler program which is Dr.Watson. The path of the Dr.Watson is configured in the registry key and the operating system will use that information to call that program. We can also create our own exception handler program to replace the Dr.Watson.<br />
<br />
<u>Handling the “Unhandled Exception” in Unmanaged Code (C++/VC++)</u><br />
<br />
If we override the SetUnhandledExceptionFilter() method in our C++ program, that method will get called when all the exception handlers failed in our program. We need to call/register that function while starting of our program. We need to pass our method name to the SetUnhandledExceptionFilter() method as a parameter.<br />
<br />
<span style="color: blue;">#include "stdafx.h"</span><br />
<span style="color: blue;">#include <windows .h=""></windows></span><br />
<br />
<span style="color: blue;">LONG WINAPI UnhandledException(PEXCEPTION_POINTERS pExceptionPtrs) </span><br />
<span style="color: blue;">{ </span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">MessageBox(NULL,TEXT("Caught the unhanlded exception"), TEXT("Test Application"), 0);</span><br />
<span style="color: blue;">return EXCEPTION_EXECUTE_HANDLER; </span><br />
<span style="color: blue;">} </span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">int _tmain(int argc, _TCHAR* argv[])</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">::SetUnhandledExceptionFilter(UnhandledException); </span><br />
<br />
<span style="color: blue;">int *p =0;</span><br />
<span style="color: blue;">*p =0; //Generates the crash</span><br />
<br />
<span style="color: blue;">return 0;</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">}</span><br />
As dereferencing the NULL-Pointer and assigning a value to it in user mode is not allowed the operating system indicates a fault and throws a SEH-exception. Those exceptions cannot be handled even by try - catch statements. In this case, the UnhandledException() method will get called. Once that method gets called, as a programmer, we have the complete control of that exception. Here, we can create dump (mini dump) which will have the details information about the crash and this will be very much help ful for the developer to analyze the issue and provide the solutions.<br />
<br />
<br />
<u>Creating Mini dump</u><br />
<br />
To create a mini dump we can use the dbghelp.dll which is from Microsoft. That dll comes along with the Microsoft Debug diagnostics tool. I have modified the UnhandledException() method to generate the dump file when we get the crash.<br />
<br />
<pre><span style="color: blue;">#include "stdafx.h"
#include <windows .h="">
#include <dbghelp .h=""> //Has method to generate the crash.
// based on dbghelp.h
typedef BOOL (WINAPI *MINIDUMPWRITEDUMP)(HANDLE hProcess, DWORD dwPid, HANDLE hFile, </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h="">MINIDUMP_TYPE DumpType, CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h="">CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,</dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam);
LONG WINAPI UnhandledException(PEXCEPTION_POINTERS pExceptionPtrs)
{
MessageBox(NULL,TEXT("Caught the unhanlded exception"), TEXT("Test Application"), 0);
LONG retval = EXCEPTION_CONTINUE_SEARCH;
HWND hParent = NULL; // find a better value for your app
HMODULE hDll = NULL;
char szDbgHelpPath[_MAX_PATH];
if (GetModuleFileName( NULL, szDbgHelpPath, _MAX_PATH ))
{
char *pSlash = _tcsrchr( szDbgHelpPath, '\\' );
if (pSlash)
{
_tcscpy( pSlash+1, "DBGHELP.DLL" );
hDll = ::LoadLibrary( szDbgHelpPath );
}
}
if (hDll==NULL)
{
// load any version we can
hDll = ::LoadLibrary( "DBGHELP.DLL" );
}
LPCTSTR szResult = NULL;
if (hDll)
{
MINIDUMPWRITEDUMP pDump = (MINIDUMPWRITEDUMP)::GetProcAddress( hDll, "MiniDumpWriteDump" );
if (pDump)
{
char szDumpPath[_MAX_PATH];
char szScratch [_MAX_PATH];
if (!GetTempPath( _MAX_PATH, szDumpPath ))
_tcscpy( szDumpPath, "c:\\temp\\" );
_tcscat( szDumpPath, "SampleApp" );
_tcscat( szDumpPath, ".dmp" );
if (::MessageBox( NULL, "Something bad happened in your program, would you </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> like to save a diagnostic file?", "SampleApp", MB_YESNO )==IDYES)
{
// create the file
HANDLE hFile = ::CreateFile( szDumpPath, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL );
if (hFile!=INVALID_HANDLE_VALUE)
{
_MINIDUMP_EXCEPTION_INFORMATION ExInfo;
ExInfo.ThreadId = ::GetCurrentThreadId();
ExInfo.ExceptionPointers = pExceptionPtrs;
ExInfo.ClientPointers = NULL;
// write the dump
BOOL bOK = pDump( GetCurrentProcess(), GetCurrentProcessId(), hFile, MiniDumpNormal, </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> &ExInfo, NULL, NULL );
if (bOK)
{
sprintf( szScratch, "Saved dump file to '%s'", szDumpPath );
szResult = szScratch;
retval = EXCEPTION_EXECUTE_HANDLER;
}
else
{
sprintf( szScratch, "Failed to save dump file to '%s' (error %d)", </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> szDumpPath, GetLastError());
szResult = szScratch;
}
::CloseHandle(hFile);
}
else
{
sprintf( szScratch, "Failed to create dump file '%s' (error %d)", szDumpPath, </dbghelp></windows></span></pre>
<pre><span style="color: blue;"><windows .h=""><dbghelp .h=""> GetLastError());
szResult = szScratch;
}
}
}
else
{
szResult = "DBGHELP.DLL too old";
}
}
else
{
szResult = "DBGHELP.DLL not found";
}
if (szResult)
::MessageBox( NULL, szResult, "SampleApp", MB_OK );
return retval;
return EXCEPTION_EXECUTE_HANDLER;
}
int _tmain(int argc, _TCHAR* argv[])
{
::SetUnhandledExceptionFilter(UnhandledException);
int *p =0;
*p =0;
return 0;
}</dbghelp></windows></span></pre>
</div>
The created dump file can be analyzed/opened in Microsoft Visual studio or Microsoft Debug Diagnostics tool.<br />
<br />
Crashrpt (<a href="https://code.google.com/p/crashrpt/">https://code.google.com/p/crashrpt/</a>) is a open source exception handling framework available to handle the unhandled exception in our application. This tool also generates the crash dump and sent that report to the software vendor over the internet. <br />
<br />
<u>Handling the “Unhandled Exception” in Managed code (.NET WinForm)</u><br />
<br />
There are two event handlers are available to deal the unhandled exception in .NET<br />
<br />
<u>Application.ThreadException Event</u><br />
<br />
This event will only be raised when the unhandled exception occurs in WinForM UI thread.<br />
<br />
<span style="color: blue;">using System;</span><br />
<span style="color: blue;">using System.Collections.Generic;</span><br />
<span style="color: blue;">using System.Windows.Forms;</span><br />
<br />
<span style="color: blue;">namespace HandleCrash_CSharp</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">static class Program</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;">[STAThread]</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">static void Main()</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">Application.ThreadException +=</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">new System.Threading.ThreadExceptionEventHandler(MyApplication_ThreadException);</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">Application.EnableVisualStyles();</span><br />
<span style="color: blue;">Application.SetCompatibleTextRenderingDefault(false);</span><br />
<span style="color: blue;">Application.Run(new Form1());</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">public static void MyApplication_ThreadException (object sender, System.Threading.ThreadExceptionEventArgs e)</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">DialogResult result = DialogResult.Abort;</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">try</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">result = MessageBox.Show("Unhandled exception occured\n\n" </span><br />
<span style="color: blue;">+ e.Exception.Message + e.Exception.StackTrace, </span><br />
<span style="color: blue;">"Application Error", MessageBoxButtons.AbortRetryIgnore, MessageBoxIcon.Stop);</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">}</span><br />
<span style="color: blue;">finally</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"> if (result == DialogResult.Abort)</span><br />
<span style="color: blue;"> {</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;"> Application.Exit();</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;"> }</span><br />
<span style="color: blue;">}</span><br />
<span style="color: blue;">}</span><br />
<span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span><span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span><u>AppDomain.CurrentDomain.UnhandledException Event</u><br />
<br />
The UnhandledException event on AppDomain, any exception in the current AppDomain will trigger that event. This includes not only the main application thread (the UI thread), but any other threads as well.<br />
<br />
<span style="color: blue;">using System;</span><br />
<span style="color: blue;">using System.Collections.Generic;</span><br />
<span style="color: blue;">using System.Windows.Forms;</span><br />
<span style="color: blue;">namespace HandleCrash_CSharp</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;">static class Program</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">[STAThread]</span><br />
<span style="color: blue;">static void Main()</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">AppDomain.CurrentDomain.UnhandledException +=</span><br />
<span style="color: blue;">new UnhandledExceptionEventHandler(MyCurrentDomain_UnhandledException);</span><br />
<span style="color: blue;">Application.EnableVisualStyles();</span><br />
<span style="color: blue;">Application.SetCompatibleTextRenderingDefault(false);</span><br />
<span style="color: blue;">Application.Run(new Form1());</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">static void MyCurrentDomain_UnhandledException(object sender, UnhandledExceptionEventArgs e)</span><br />
<span style="color: blue;">{</span><br />
<span style="color: blue;">try</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">Exception ex = (Exception)e.ExceptionObject;</span><br />
<span style="color: blue;">MessageBox.Show("Unhandled exception occured\n\n" + ex.Message + ex.StackTrace,</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">"Fatal Error", MessageBoxButtons.OK, MessageBoxIcon.Stop);</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">finally</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">{</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">Application.Exit();</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">}</span><br />
<span style="color: blue;">}</span><br />
<span style="color: blue;"><br /></span>
<span style="color: blue;">}</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6092064182662295413.post-29007976118430485782016-05-31T12:02:00.000+05:302016-05-31T12:02:23.195+05:30A discussion with my application Hacker<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">In this article, I am
sharing my best/worst experience which was happened 5 years ago.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;">About the application<o:p></o:p></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;">I was working for a
company and there we have developed a web based </span></span><span style="font-family: "times new roman" , serif;"><span style="line-height: 18px;">eCommerce</span></span><span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;"> application for one
of our client. Since our client wants a Rich
User Interface, we have decided to use the Flash as a front-end. So, as per our
architecture the Flash application will to communicate with ASP.Net web service
to display/process any data and the web service will communicate with the
SQLServer for storing/retrieving the data. I this, I am the responsible to
developing web service and implementing the payment gate way which is credit
card payment process. This application launched in one of big cinema hall.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;"><br /></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;">Environment Setup<o:p></o:p></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">One day, our client
receives a shocking email by saying that “<span style="color: red;">I can book
you entire cinema hall for just Rs.1 and let me know if you need a solution, so
we can discuss further on this</span><span style="color: #0070c0;">”.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: #0070c0; font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">Since we are developers
the email has been forwarded to us for further actions. We have verified our database log and found
that a transaction was done for Rs.1. As per the log, that person continuously
tried that transaction for two days and he finally succeeds on his goal.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;">We have discussed a lot
about how come it is possible and we have also tried to find the loop hole in
our application. Only one thing we
thought could be a problem, which is, we are not </span><span style="line-height: 18px;">re validating</span><span style="line-height: 115%;"> the amount in web
service which we received from our front end.
Now, we have implemented that validation also, but we are not sure
whether that will solve this problem. We
are also studied few things about the Hacking and we </span></span><span style="font-family: "times new roman" , serif;"><span style="line-height: 18px;">didn't</span></span><span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;"> conclude anything
about the cause for this problem.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">So, we have updated all
our finding to the client and we have requested to reply to that email and
asked them to schedule a meeting.<span style="color: #0070c0;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;"><br /></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;">Discussion<o:p></o:p></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">The meeting is
scheduled and we are all waiting for the person who sent an email and a 17 year
old boy came to the meeting and he is the person who did this. Personally, I am
very much shocked know that a small boy is working this kind of activities. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">He explained what he
did to achieve his goal. As we all know,
when we browse the Flash based web site, the Flash file (swf) will get stored into
the local machine. He has a tool
(de-compiler) which can generate a entire source of the Flash file (swf), using
that he had generated the source for our Flash file. Then he ran that swf file
on this machine, and during the payment he changed the amount to Rs.1 in the
front end. Since we are also not having any validation on this, the entire
transition is success for him.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">There is another tool,
which prevents the Flash file to de-compile. He also shows the demo of that
tool. Finally we have modified our flash
file as per his suggestion and also we have re deployed our web service which
the amount validations check.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;"><br /></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-family: "times new roman" , "serif"; font-size: 14.0pt; line-height: 115%;">Conclusion<o:p></o:p></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">De-compilers are very
much use full, to regenerate the source code if we lost it.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;">As a developer, we are
all concentrating only on how to develop and implement our logic and we are not
thinking about de-</span></span><span style="font-family: "times new roman" , serif;"><span style="line-height: 18px;">compilers</span></span><span style="font-family: "times new roman" , serif; font-size: small;"><span style="line-height: 115%;">. Because of
this some time, our logic can be stolen by someone. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "times new roman" , "serif"; font-size: 12.0pt; line-height: 115%;">All COM dll/exe and Java
class files and .Net assembly can be de-complied. There are few tools are available to prevent
that.<o:p></o:p></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6092064182662295413.post-35974849324053574362016-05-31T12:01:00.000+05:302016-05-31T12:01:29.412+05:30Install Shield : Pass Product Name and Verion to ISCmdBld.exe<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In Installshield, if you compile the .ism then the name of the msi would be the same as file name. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">If you want to include the build version along with the name then those information needs to be passed dynamically during the compilation of ism. Also, the version number of the product can be passed dynamically. Hence, we no need to modify the ism file for the version change.</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="color: blue; font-family: "courier new" , "courier" , monospace;">"[InstallShield installed path]\2015\System\ISCmdBld.exe" -p [ism file path] -y %[productversion]% -z ProductName=%[productname]%</span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">For Standalone installation,</span><br />
<span style="color: blue; font-family: "courier new" , "courier" , monospace;"></span><br />
<span style="color: blue; font-family: "courier new" , "courier" , monospace;">"[InstallShield installed path]\2015 SAB\System\ISCmdBld.exe" -p [ism file path] -y %[</span><span style="color: blue; font-family: "courier new" , "courier" , monospace;">productversion</span><span style="color: blue; font-family: "courier new" , "courier" , monospace;">]% -z ProductName=%[</span><span style="color: blue; font-family: "courier new" , "courier" , monospace;">productname</span><span style="color: blue; font-family: "courier new" , "courier" , monospace;">]%</span><br />
<br />
<br /></div>
Unknownnoreply@blogger.com0