Microsoft has recently announced an open-source application software source code analysis tool, Application Inspector. Modern software development practices often require building applications from hundreds of existing components, whether they were written by another team in the organization, an external vendor, or someone in the open-source community. Although this will bring many benefits, such as faster development progress, software quality, and interoperability, etc., it will also bring hidden complexity and risks.
In response to this situation, Microsoft introduced that its internally used tool is Application Inspector, which is a software feature source code analyzer. It can identify software source code features by using static analysis and a customizable json-based rule engine to understand the function of the program. (link)
Use cases of Microsoft Application Inspector
- Identifying key changes made in a component’s feature over time to know about a potential a malicious backdoor or increased surface for attack.
- To identify and scrutinize high-risk components and components with unexpected features
Using Microsoft Application Inspector is fairly easy as it is a cross-platform, command-line tool that produces output in multiple formats such as JSON and interactive HTML.
GitHub
Additional links
MSTest is used for Managed C#, C++ Tests and Test Execution Command Line Tool (vstest.console.exe) for unmanaged C++ tests.
MSTest example:
>"C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\MSTest.exe" /testcontainer:managed_unitTest.dll /testsettings:mysettings.testsettings
Test Execution Command Line Tool example:
>"C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe" unmanaged_unitTest.dll /Settings:mysettings.testsettings /platform:x86
Additional links:
Portable and easy to use editor to write and test C++11 snippets. It integrates Notepad++ and Stephan T. Lavavej’s MinGW Distro (GCC 4.8.1). You can use F9 key to compile C++ files, and Ctrl+F9 to execute the compiled program.
homepage
Yesterday (22 Feb, 2014), Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.
more
Additional: goto fail and embedded C Compilers
#pragma warning – enables selective modification of the behavior of compiler warning messages.
Additional “pragma warning” parameter is suppress – pushes the current state of the pragma on the stack, disables the specified warning for the next line, and then pops the warning stack so that the pragma state is reset.
Also __pragma() can be used instead of #pragma which allows it to use inside macros:
#define __const_cond( c ) \
__pragma(warning(push)) \
__pragma(warning(disable:4127)) \
( c ) \
__pragma(warning(pop))
The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.
Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.
You can view the entire Sysinternals Live tools directory in a browser at live.sysinternals.com.
Or you can map the server to your drive:
net use y: \\live.sysinternals.com\tools
Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Read more…
Windows XP Mode and Windows Virtual PC, available on Windows 7 Professional and Windows 7 Ultimate, allow you to run multiple Windows environments, such as Windows XP Mode, from your Windows 7 desktop.
static LPTOP_LEVEL_EXCEPTION_FILTER m_previousFilter = NULL;
typedef BOOL (WINAPI *MINIDUMPWRITEDUMP)(HANDLE hProcess, DWORD dwPid, HANDLE hFile, MINIDUMP_TYPE DumpType,
CONST PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
CONST PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
CONST PMINIDUMP_CALLBACK_INFORMATION CallbackParam);
static LONG WINAPI MyUnhandledExceptionFilter(PEXCEPTION_POINTERS pExceptionInfo)
{
HMODULE hDll = ::LoadLibrary(_T("DBGHELP.DLL"));
MINIDUMPWRITEDUMP pDump = (MINIDUMPWRITEDUMP)::GetProcAddress(hDll, "MiniDumpWriteDump");
_MINIDUMP_EXCEPTION_INFORMATION ExInfo;
ExInfo.ThreadId = ::GetCurrentThreadId();
ExInfo.ExceptionPointers = pExceptionInfo;
ExInfo.ClientPointers = NULL;
MINIDUMP_CALLBACK_INFORMATION mci;
// HANDLE hFile - minidamp file name(for example, "test.dmp")
BOOL bOK = pDump(::GetCurrentProcess(), ::GetCurrentProcessId(),
hFile, 1, &ExInfo, NULL, &mci);
}
void main()
{
// setup our own ExceptionHandler
m_previousFilter = SetUnhandledExceptionFilter(MyUnhandledExceptionFilter);
// actial work
// befoe exit
if (m_previousFilter)
{
SetUnhandledExceptionFilter(m_previousFilter);
}
}
