random technical notes

Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities.

This is achieved by monitoring a native application’s interaction with the Windows operating system, profiling its use of objects, the registry, the file system, and Win32 APIs (including heaps, handles, locks, etc), and indicating issues when and where they are discovered.

Application Verifier also includes checks to predict how well an application may perform under various account privileges. These compatibility tests are used in Windows Logo program.

Print verification tests are also available to verify your usage of the print subsystem.

Download

Additional links:

• Using Application Verifier Within Your Software Development Lifecycle
• Windows 7 Client Software Logo Toolkit (WSLK)
• Testing Applications with AppVerifier
• Application Verifier для программиста: тестирование Windows-приложений

VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process’s committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.

Besides flexible views for analyzing live processes, VMMap supports the export of data in multiple forms, including a native format that preserves all the information so that you can load back in. It also includes command-line options that enable scripting scenarios.

VMMap is the ideal tool for developers wanting to understand and optimize their application’s memory resource usage.

Download VMMap

Run VMMap now from Live.Sysinternals.com

Development packages

• Microsoft Windows Software Development Kit
• DirectX Development Center
• Doxygen is a documentation system for C++, C, Java, Objective-C, Python, IDL (Corba and Microsoft flavors), Fortran, VHDL, PHP, C#, and so on.
  • Doxygen Manual
  • Special Commands

Assembler

• “Windows Programming in Assembly” is Randy Hyde’s book
• Flat Assembler
• Netwide Assembler – (it’s used for compiling OpenSSL)
• GSS Visual Assembler
• High Level Assembly
• HIDE is an HLA (High Level Assembler) IDE
• MASM Builder
• masm32
• RadASM Win32 Assembly IDE
• ResEd Resource Script Editor
• WASM.RU

C/C++ language

• See “C/C++ Language” page

UI Libraries

• See “Libraries – UI” section at “C/C++ Language” page
• See “Libraries – UI” section at “.NET” page
• BusinessSkinForm, DynamicSkinForm, SkinAdapter, SmartFlash and SmartEffects (Delphi)

Web

• Winginx – local web server for PHP5, MySQL, MongoDB – a handy tool for web development!
• XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use – just download, extract and start
• SiteFusion is a server-based development environment. Applications are written in pure object-oriented PHP and work through a thin XUL client. SiteFusion applications look and behave like native system applications but run on a server generating JavaScript commands.
• WebMatrix is a free web development tool from Microsoft that includes everything you need for website development. Start from open source web applications, built-in web templates or just start writing code yourself. It’s all-inclusive, simple and best of all free. Developing websites has never been easier.

Subversion

• The coolest Interface to (Sub)Version Control (TortoiseSVN) – TortoiseSVN is an easy-to-use SCM / source control software for Microsoft Windows and possibly the best standalone Subversion client there is. It is implemented as a Windows shell extension, which makes it integrate seamlessly into the Windows explorer. Since it’s not an integration for a specific IDE you can use it with whatever development tools you like.
• Commit-monitor for Subversion repositories (commitmonitor) – Monitors Subversion repositories for new commits and shows a notification to the user when that happens.
• VisualSVN makes your life easier with a reliable plug-in that integrates Subversion seamlessly with Visual Studio.
• VisualSVN Server makes the Subversion server easy and convenient to install and administer on Windows.
• Slik SVN
• Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface.
  • Mercurial Source Control Plugin for MS Visual Studio
  • Hg Init: a Mercurial tutorial

Git

• Wikipedia: Git. Russian and English articles
• Git SCM to Windows
• SourceTree – a free Git client for Windows or Mac
• TortoiseGit
• GitHub is the best way to collaborate with others. Fork, send pull requests and manage all your public and private git repositories.
• Articles

File compirising

• WinMerge
• Beyond Compare – file comparison and merge application
• DiffMerge – DiffMerge is an application to visually compare and merge files for Windows, Mac OS X and Linux. Configuring TortoiseSVN to use DiffMerge.
• KDiff3

Testing

• MouseController – Records and plays back mouse actions
• WinUnit
• Microsoft Application Verifier
• MiniFuzz – is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. This tool creates multiple random variations of file content and feeds it to the application to exercise the code in an attempt to expose unexpected and potentially insecure application behaviors.

Debugging

• Visual Leak Detector for Visual C++ 2008/2010/2012/2013
• The Debug Diagnostic Tool (DebugDiag) is designed to assist in troubleshooting issues such as hangs, slow performance, memory leaks or fragmentation, and crashes in any user-mode process. The tool includes additional debugging scripts focused on Internet Information Services (IIS) applications, web data access components, COM+ and related Microsoft technologies.
• Debugging Tools for Windows (part of Windows Driver Kit (WDK))
• VMMap
• DebugView for Windows
• !exploitable Crash Analyzer
• Microsoft Application Verifier
• SymStore – (symstore.exe) is a tool for creating symbol stores. It is included in the Debugging Tools for Windows package. SymStore stores symbols in a format that enables the debugger to look up the symbols based on the time stamp and size of the image (for a .dbg or executable file), or signature and age (for a .pdb file). The advantage of the symbol store over the traditional symbol storage format is that all symbols can be stored or referenced on the same server and retrieved by the debugger without any prior knowledge of which product contains the corresponding symbol.
• gDEBugger CL it will bring gDEBugger’s advanced Debugging, Profiling and Memory Analysis abilities to the OpenCL developer’s world, helping OpenCL developers find bugs, optimize parallel computing application performance and memory consumption.
• TraceTool 12.4 – the Swiss-Army Knife of Trace
• APISpy32
• FocusFlasher
• WinSpy++
• MiniSpy
• API Monitor – is a software that monitors and displays API calls made by applications. Its a powerful tool for seeing how Windows and other applications work or tracking down problems that you have in your own applications. The current version include Filters to monitor the following API Categories.
• InspectExe – lets you explore and diagnose problems with Win32 applications. It is integrated directly into the Windows® Explorer and adds as a set of extra pages in the Properties sheet for the selected executable file. Look at the screen shots atthe bottom of this page to see examples of the information it displays.
• Dependency Walker – is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.
• dumpbin from Visual Studio tools (VC\bin folder) can help here:
  dumpbin /dependents your_dll_file.dll
• Network Sniffers
  • Fiddler
  • Wireshark

Tools

• Expresso – The premier regular expression development tool. The award-winning Expresso editor is equally suitable as a teaching tool for the beginning user of regular expressions or as a full-featured development environment for the experienced programmer or web designer with an extensive knowledge of regular expressions.
• Edraw Max is an all-in-one graphics software that makes it simple to create professional-looking flowcharts, organizational charts, network diagrams, business presentations, building plans, mind maps, fashion designs, UML diagrams, workflows, program structures, web design diagrams, electrical engineering diagrams, directional maps, database diagrams and more.
• WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

Tools – JSON

• JSON Viewer

Tools – Development process

• TestTrack Pro – Tracking defects, issues, and feature requests is a critical component of any software development and quality control process. The earlier and quicker bugs are resolved, the lower your development cost and the higher your product quality. TestTrack Pro puts improved quality, communication, and reporting within reach. Use TestTrack Pro and create better software in less time.
• Perforce is a proven SCM solution for your valuable code and digital assets.
• TaskJuggler is a modern and powerful, Free and Open Source Software project management tool. Its new approach to project planing and tracking is more flexible and superior to the commonly used Gantt chart editing tools. TaskJuggler is project management software for serious project managers. It covers the complete spectrum of project management tasks from the first idea to the completion of the project. It assists you during project scoping, resource assignment, cost and revenue planing, risk and communication management.
• Agile Planner – this tool is for agile project teams, who currently are using sticky notes on the wall. With this tool stories, backlog and iterations are managed in a graphic designer, saved as files within visual studio projects and can be exported to images, reports and etc.

Tools – Build

• Hudson – extensible continuous integration server

Tools – SQL

• see SQL page

Tools – UML

• PlantUML – is a component that allows to quickly write : sequence diagram, use case diagram, class diagram, activity diagram, component diagram, state diagram and object diagram.
• UMLet – Free UML Tool for Fast UML Diagrams. UMLet is an open-source UML tool with a simple user interface: draw UML diagrams fast, export diagrams to eps, pdf, jpg, svg, and clipboard, share diagrams using Eclipse, and create new, custom UML elements.
• Violet UML Editor –  is a UML editor with these benefits: Very easy to learn and use. Draws nice-looking diagrams. Completely free. Cross-platform. Violet is intended for developers, students, teachers, and authors who need to produce simple UML diagrams quickly.
• StarUML is an open source project to develop fast, flexible, extensible, featureful, and freely-available UML/MDA platform running on Win32 platform. The goal of the StarUML project is to build a software modeling tool and also platform that is a compelling replacement of commercial UML tools such as Rational Rose, Together and so on.
• ArgoUML – is the leading open source UML modeling tool and includes support for all standard UML 1.4 diagrams. It runs on any Java platform and is available in ten languages.
• BOUML – is a free UML 2 tool box allowing you to specify and generate code in C++, Java, Idl, Php and Python.
• Dia – is a GTK+ based diagram creation program for GNU/Linux, Unix and Windows released under the GPL license.
• WebSequenceDiagrams –

Utilities – Windows SysInternals

• Process Explorer
• Autoruns for Windows
• Handle – is a utility that displays information about open handles for any process in the system.
• ListDLLs – is able to show you the full path names of loaded modules – not just their base names.
• VMMap – VMMap is a process virtual and physical memory analysis utility.
• DebugView for Windows – is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP.

Utilities

• Notepad2
• Notepad++
• RegEx Helper. Notepad++ plugin for testing and editing regular expression
• SCREENPRESSO gives professional look to your screenshots!

OS

• Embedded
• DOSBox
• KolibriOS
• osFree
• React Operating System

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

!exploitable Crash Analyzer – MSEC Debugger Extensions –  !exploitable (pronounced “bang exploitable”) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment. The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown. There is more detailed information about the tool in the following .pptx file or at http://www.microsoft.com/security/msec. Additonally, see the blog post at http://blogs.technet.com/srd/archive/2009/04/08/the-history-of-the-exploitable-crash-analyzer.aspx, or watch the video at http://channel9.msdn.com/posts/PDCNews/Bang-Exploitable-Security-Analyzer/.

API spying utilities are the most powerful tools for exploring the internal structure of applications and operating systems. They provide tons of information and enable the user to explore the “guts” of the application under test. Unfortunately, most API spying utilities can monitor only one application at a time and also have the tendency to break apart when used with large pieces of code. APISpy32 is a different type of API interceptor which solves most of these problems. It monitors API calls made by ALL active Windows applications and logs the values of input parameters. This version works under Windows 9x/NT/2000 and ME.

Download local version of APISpy32.

Homepage

This utility will continuously track the focus input. It updates itself every second, displaying information about the window, which currently has focus. In a sense it is very similar to the popular SPY++ utility from the Developer Studio package, but it is easier to operate and may give you faster results.

Download local version of FocusFlasher.exe (source code)

Homepage

WinSpy++ is a handy programmer’s utility which can be used to select and view the properties of any window in the system. WinSpy is based around the Spy++ utility that ships with Microsoft Visual Studio.

Download local version of WinSpy++ 1.7 (source code).

Homepage

Download local version of MiniSpy.exe (source code)

!exploitable (pronounced “bang exploitable”) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment. The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown. There is more detailed information about the tool in the following .pptx file or at www.microsoft.com/msec.

This tool was created by the Microsoft Security Engineering Center (MSEC) Security Science Team. For more information on MSEC and the Security Science team, please visit www.microsoft.com/security/msec. To see what’s being worked on presently, visit the Security Research and Development blog at blogs.technet.com/srd/.

The project home page