October 2004 - Posts

I've seen this behavior during a demo of mine today using notepad and a filesystemwatcher that monitors a single file. According to the Visual Studio .NET documentation (but you have to search a bit to find it): "This behavior is by design". The funny fact is that Notepad is in fact playing the evil role in this scenario. Let me paste this info here:

Multiple Created Events Generated for a Single Action

You may notice in certain situations that a single creation event generates multiple Created events that are handled by your component. For example, if you use a FileSystemWatcher component to monitor the creation of new files in a directory, and then test it by using Notepad to create a file, you may see two Created events generated even though only a single file was created. This is because Notepad performs multiple file system actions during the writing process. Notepad writes to the disk in batches that create the content of the file and then the file attributes. Other applications may perform in the same manner. Because FileSystemWatcher monitors the operating system activities, all events that these applications fire will be picked up.

Note   Notepad may also cause other interesting event generations. For example, if you use the ChangeEventFilter to specify that you want to watch only for attribute changes, and then you write to a file in the directory you are watching using Notepad, you will raise an event . This is because Notepad updates the Archived attribute for the file during this operation.

For more information (if you have VS.NET installed with MSDN): ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/vbcon/html/vbtbsTroubleshootingUNCPathNamesNotAcceptedOnNT4Machines.htm

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Get it directly from Mr Monad - Jeffrey Snover - on http://channel9.msdn.com/ShowPost.aspx?PostID=25506. For a short intro on what it is in the format of a PPT, refer to the PDC slidedeck on http://download.microsoft.com/download/3/8/1/38198a72-294d-46c3-93ba-faee5cf85d00/ARC334.ppt.

I've been playing around with Monad for quite some time now and it's really cool (and useful!). I hope I'll find the time to write a bit more about it shortly on my blog or somewhere else. I'll keep you posted.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Just gone through a nightmare of server configuration to get my mail up and running (finally) on Exchange 2003 (recipient policies, SMTP connectors, relaying, DNS configuration, you name it). Not that it is difficult, you just have to know it and play the game safe (make sure you don't have a SMTP open relay). Due to the migration (DNS, mail server) I've been offline via e-mail for quite some days but now I'm up and running again (better than ever I hope).

Sorry for the inconvenience but I've been relaxing during my off-line mode :-). I'll be glad to see your mails popping up in my box again.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

The .NET Compact Framework has no built-in support for strong-typed datasets as Windows Forms applications do. Or better, the Visual Studio tools do not support it directly, nor does the xsd.exe command. If you come across this problem, take a look at xsdcf.exe, which is a free download on http://www.tmgdevelopment.co.uk/xsdcf.htm (3rd party tool).Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

It's pretty useful to have the ability during a demo to "recognize" the role of a particular Virtual PC. To do so, I came across a nice (but rather dark) feature of Windows XP/2003 to change the boot screen of the system by altering boot.ini (thx to Mark Russinovich). The result looks as follows:

I really like this! On my master image of Windows Server 2003 I'm now having the configuration set right by default, the only thing I have to do is change the boot.bmp file in the Windows folder to have another text in it. General guidelines:

  1. Create a 640x460 16-bits BMP and store it as boot.bmp in the windows folder. This file will be the background for the boot logo during system startup and will appear shortly before the Windows logo appears as well. For this reason, use a black background and make sure you're writing on a position that's not being used by the boot screen elements (Windows logo, progress bar, copyright, etc).

    Note: you can change the logos of the bootscreen as well through various tools but this is much more dangerous since it's altering ntoskrnl.exe's embedded resources. By using boot.ini's KERNEL parameter you can point to another (tweaked) file that contains the kernel (a modified copy of the original file).
  2. Alter boot.ini like this (change is bold):

    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /fastdetect /bootlogo

That's it.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

According to Netcraft (http://uptime.netcraft.com/up/graph?site=www.nikhilk.net), Nikhil Kothari's server at Microsoft is now running for 251 days which means he has outperformed me on the field of system uptime. My record on www.bartdesmet.net (running Windows 2000 back then) was 250 days :-). Maybe he just has forgotten to have a server out there since the activity on his blog is rather low last time but I guess this is due to priorities @ work :-). Nikhil is a PM on the ASP.NET team and has written the bible (that's my private opinion) on "Developing ASP.NET Server Controls and Components". Interesting reading and if you're serious on ASP.NET development you should have it on your shelf.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

It sometimes happens (and it's not a good sign most of the time): you'd like to stop a Windows Service, and when you issue the stop command through the SCM (Service Control Manager) or by using the ServiceProcess classes in the .NET Framework or by other means (net stop, Win32 API), the service remains in the state of "stopping" and never reaches the stopped phase. It's pretty simple to simulate this behavior by creating a Windows Service in C# (or any .NET language whatsoever) and adding an infinite loop in the Stop method. The only way to stop the service is by killing the process then. However, sometimes it's not clear what the process name or ID is (e.g. when you're running a service hosting application that can cope with multiple instances such as SQL Server Notification Services). The way to do it is as follows:

  1. Go to the command-prompt and query the service (e.g. the SMTP service) by using sc:

    sc queryex SMTPSvc
  2. This will give you the following information:

    SERVICE_NAME: SMTPSvc
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
            PID                : 388
            FLAGS              :


    or something like this (the "state" will mention stopping).
  3. Over here you can find the process identifier (PID), so it's pretty easy to kill the associated process either by using the task manager or by using taskkill:

    taskkill /PID 388 /F

    where the /F flag is needed to force the process kill (first try without the flag).

Please be careful when you do this; it's useful for emergencies but you shouldn't use it on a regular basis (use it as a last chance to solve the problem or to avoid the need of a reboot in an exceptional situation). It can even be used to stop a service that has the "NOT-STOPPABLE" and/or "IGNORES_SHUTDOWN" flag set (e.g. Terminal Services on a Windows Server 2003 is non-stoppable), at least when it's not hosted in the system process. You can query all this information by means of the sc command.

For real freaks (don't do this on a production machine!): if you want to show the behavior of the "Blaster" worm which caused the RPC service to stop, try to stop the RPC service (but safe your work first :-)). It's pretty simple to do if you have administrative privileges (just a great example of why you should NOT run as a high-privileged user on the system). When you succeed in killing the process (pretty straightforward), you'll see the shutdown countdown popping up (if you've seen Blaster in action in the past, you'll have a deja-vu). You can stop this by typing the command shutdown -a (abort shutdown), as I posted previously in the Blaster-timeframe since this wasn't known very well and it was quite useful to abort the started shutdown in order to apply the patch. You can even restart the service then by using sc again. Notice that if the RPC is stopped, you can't even connect to the MMC console for the Services management (services.msc) since this relies on RPC. So, you really can't start the service again by using the MMC snap-in. The only way to start the service again is by using sc start <servicename>. The output of this (nice but at the same time ugly) demo looks like this (again, don't try this at home; I'm not responsible for any damage or data loss possible):

C:\Documents and Settings\Administrator>sc queryex rpcss

SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))

        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2332
        FLAGS              :

C:\Documents and Settings\Administrator>taskkill /pid 2332 /F
SUCCESS: The process with PID 2332 has been terminated.

C:\Documents and Settings\Administrator>shutdown /a

C:\Documents and Settings\Administrator>sc start rpcss

SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))

        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 2520
        FLAGS              :

C:\Documents and Settings\Administrator>sc queryex rpcss

SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))

        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2520
        FLAGS              :

If you decide to try it (ignoring my warnings), don't rely on the system afterwards since various applications will have suffered from this. I'm experimenting with these things myself only on a Virtual PC with undo disks enabled.

To go short: sc is one of my favorite commands to mess around with services (install, uninstall, etc) and to query for information on services. The sc command can also be used to query all the active drivers on the system. If you don't like system-beeps for example, you can use sc stop Beep to stop the according driver. But please again, be careful when you play with it. Fortunately, disastrous driver stoppings are not possible and will be denied by sc.

More info on sc.exe can be found via http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sc.mspx.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

I've been posting about this quite some time ago and in order to share it with others, I've posted a technical article on how to do this on the Microsoft Support KB on https://mvp.support.microsoft.com/default.aspx?scid=kb;[LN];555205. Enjoy it :-)Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Please check out this article asap: http://www.microsoft.com/security/incident/aspnet.mspx. The vulnerability can have to do with a canonicalization issue in the ASP.NET runtime that causes forms authentication to fail (or better, an attacker can bypass the forms authentication).

As a first countermeasure, Microsoft has released an HTTP Module that checks for canonicalization issues with ASP.NET on http://support.microsoft.com/?kbid=887289. The included installer will update the machine.config file and register the module in the GAC so that all sites are protected. As the vulnerability is still under investigation, please follow up this issue since the posted fix only addresses canonicalization issues known at this moment.

Extract from the TechNet page:

Microsoft is continuing to investigate a reported vulnerability in Microsoft ASP.NET. Reports have indicated that an attacker could send specially crafted requests to a Web server running ASP.NET applications and bypass forms based authentication or Windows authorization configurations, and potentially view secured content without providing the proper credentials. Our initial investigation has revealed that all versions of ASP.NET could be affected, independent of the installed IIS version or IIS components.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Woohoo :-) I just received a mail concerning my re-nomination as an MVP. This time, I'm MVP on C#. It will be a pleasure for me to continue with my community support in the next 12 (and more) months. Hope to see you on the ASP.NET Forums or elsewhere on-line.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

More Posts