Monday, December 20, 2010

.NET code protection. Can it be achieved?

Recently I had a challenge that consisted in some sort of cracking. I won't say what was that application as it doesn't matter for this post. As you already understood the application was built on top of .NET Framework, version 2.0 actually.

What do you do if you want to dig in .NET app? Of course you use some reflector for that purpose, so do I. But that was the first time when Reflector just threw the meaningless exception when I tried to view the code. When I investigated the application a bit more, I found that it was protected with some tool called CodeVeil.

OK, having a little experience with packers for native code the first thing that I did was getting the memory dump from running application:) Simple? Of course, and you will be probably surprised to know how often it works with number of cheep application packers. And I hoped that it would work in my case because app was created in 2008 by some student which possibly just used the first .NET protector that he have found in the web. It's a pity but it hasn't work. As I investigated later on that version of CodeVeil (probably 1.2) encrypts methods in .NET executable. So when you run application and some method is called, then CodeVeil decrypts method's code, execute it, and encrypt back. That is why straightforward memory dump cannot help here.

So what can be done in this situation?
  1. Set breakpoint on encryption code and make memory dump then.
  2. Patch the encryption code  in memory with anything so after executing of some method it will be possible to grab the code.
I tried first way with my old friend OllyDbg but with no luck. As I understood CodeVeil also adds some antidebugging tricks and I didn't manage to deal with them with my lame experience in reverse engineering.

So how has that story finished? Ok, in some cases when you cannot break the code you can use it:) And that was my case)

In general I can say that yes, you can protect your .NET code from such lames as me. Anyway I think that for experienced cracker it is just matter of time to break your protection. So it is your decision if it is worth to pay for some good protection for your code.

Monday, December 13, 2010

Mr. Free Time, could you visit me more often?:)

More than two months... More than two months I haven't written to blog. Studies, work, different things - that's all that makes my free time close to non-existent.

Other cause why I didn't write to blog is laziness. Don't let it get you! At first you think something like "OK, I'm too tired today, maybe I'll do it tomorrow", later on you think "OK, it's a busy week, I think I can do it at the weekend". When weekend comes you think that you are very tired and you should relax on the weekend. Familiar situation?:)

But now I'm back) I hope that I'll manage to write more often in the coming days. About different things - studies, programming languages, ideas. I'm here, I'm still alive and with working brain:) Look for my next posts.

Monday, October 4, 2010

Brainbench Paper Certificate

Few months ago I heard for the first time about Brainbench online exams from friend of mine. So just for fun I tried to pass one of them which was free of charge at that time (I don't know if it is now). It was C# exam and I passed it with score 4.02 and it was enough to earn "Master" level by Brainbench gradation. Actually it was not too really hard. It is allowed by rules that you can use Internet resources during exam and it helps actually if you know where to search;)
In order to get any satisfaction from this achievement, I ordered paper certificate so that I can put it into the frame and hang on the wall when I'll have my own apartment:) Here it is how it looks like:

It looks not very astonishing especially after my local post service:) Maybe if the big red label "FRAGILE: DO NOT BEND" was wrote in Ukrainian, it could help. But I'm not really sure on this matter...

Saturday, October 2, 2010

English schools in Lviv

Oh, it has been almost a month since I wrote last blog post. It happens - you have many things during the day (work, university etc) and in the evening when you come home then you do not want to do anything. So promised post about English schools failed to appear "in the next days" as I wrote:) Let's try to fix this)

If you are the constant reader of my blog (one of the few of them) then you should already know that about a month ago I decided to start improving my English in some of the available schools in Lviv, the city where I live now. So I made quick search through the web and marked locations of found English courses using Google Maps. If it is useful for you, you could find this map here. Of course, this map is not full and there is other schools and private tutors as well - you are welcome to improve it.

As for me the main criterion for selecting the schools was the distance from my work in order to spend less time for traveling. Therefore I chose between two schools - International House and American English School. Both schools seem to be good so I think that you will be not wrong if you'll chose any of them. But my other requirement was the possibility to study in the morning or afternoon so that it will not interfere with the classes at the university. At International House I was told that morning classes will be in that case if they will get enough students. Hm, I didn't like the idea to pay for entrance test when I don't even know if it will be possible for me to study in time that they chose. So I enrolled in the American English School.

As yet I'm satisfied with the English classes. We are only 4 students in the group, so the teacher can devote enough attention to each of us. We teach grammar, some vocabulary, talk about different things. As part of homework we read English authentic literature, and then we discuss it in the class.

So I have some practice speaking English, and it makes me very happy:) But this is still not enough for me. Actually we have also speaking club at school on Saturdays but I usually cannot visit it. Do you know other ways to practice speaking English in non English speaking country? Did someone have the experience of using sites like sharedtalk.com? Any comments will be appreciated.

Thursday, September 9, 2010

More about 70-536 exam

As I wrote in previous post I passed Microsoft exam 70-536. Now I want to share some additional thoughts and tips about it.

So, how to prepare to it? First of all I think you should start with corresponding Self-Paced Training Kit provided by Microsoft Press. Be sure to own the second edition and check the errata when reading. It can be good starting point but actually it is not required to read this book. Why? Because it is not enough to read it.

Regardless whether you read book or not the MSDN Library is the best resource ever. Yes, for some topics it still lacks the information but it is rather the exception from the rule. It is good to check objectives of the exam and put all links to needed MSDN articles to some spreadsheet. It will be your checklist and helper in learning. Thanks for this idea to Niall Merrigan whose Excel file I used as the base of mine. I imported it to Google Docs and significantly updated it when studying. If you'll find it useful you can access it here.

What else? Use practice tests. You can find quite lot of them in the free access on the Web. As for me I used it to check what fields of exam objectives I'm bad in. And then I studied or refreshed about it with help of my checklist.

Actually it is all about the way I used to prepare. Last tip - be sure to pay attention to details. Like that GZipStream uses format which includes a cyclic redundancy check value in opposite to DeflateStream. I can provide more examples but I'm sure that you got the whole point.

As for exam I finished it for an hour instead of provided pure two and half hours for answering the questions. Some questions I didn't know for sure but I don't think that I could answer it correctly if I've meditated on it for more time. As I understood for one question I even changed answer to incorrect one, still it didn't matter actually.

I still have voucher for another one exam, but I'm not sure which to choose. I want to pass all of them!:)

Tuesday, September 7, 2010

One day of my life

They say that Monday is a hard day. Yes, it was that for me today. I took day off from my work to clear off some business. Now I'm tired and going to sleep but anyway I made decision to make post to by blog which was not updated frequently lately.

Today I had my first lesson in English school. I'll have two lessons in a week in the morning so I think it should be not too hard to find time for them. I liked my group, I think, and my teacher particularly. Maybe in next days when I'll have free time I'll post expanded post for this matter.

The next thing today was my scheduled Microsoft exam 70-536. Yeah, I passed it!:) It was not too hard, but I think it is because I studied hard last few weeks. Anyway I think that my result with score 907 could be better - some topics was not learnt thoroughly. BTW I was surprised that I got maximum score in section about security as I thought that it was the topic which I knew worst. I'm also planning to share my thoughts how to prepare, my checklist etc in the separate blog post. Maybe tomorrow, I don't know.

And last. I had the conversation today about the possibility to continue studying for PhD after finishing my Master program. But it seems that I need to work hard to accomplish this, so actually I'm not confident if it really needed for me, I'm still in doubt. If you have any opinions for this matter, please share them with me in comment, I'll really appreciate that.

Thanks for you time reading this and good night!;)

Monday, August 23, 2010

Microsoft Certification Exam 70-536: scheduled

Today I scheduled exam 70-536 "TS: Microsoft .NET Framework - Application Development Foundation" for myself on September 6. So cross your fingers on that day!:)
I trying to prepare to it in the evenings after work, but usually I'm tired and the material is boring in many cases, so preparing is not going very well. Anyway I hope that I'll overcome my laziness and will be ready on time.

Recently I got email from Microsoft about new offer - you can buy up to 5 exams together and get quite good discount as well as Second Shot voucher for each exam. Actually there are two type of discounts - 15% is you purchased 2 or 3 exams, and 20% if you purchased 4 or 5. There is also the special offer - you can pay additional 15% to regular price of single exam and get Second Shot for that. As for me the most interesting choice is to buy 2 exams - you do not need to pay large amount at once and you loose only 5% difference between discounts. So I purchased 2-exam pack and really happy to have additional chance for passing exam.

As for how to prepare I think it will be more fair to share my experience if I'll pass exam. Really, who cares about advises from the failure?:)

Wish me good luck and great patience!)

Saturday, August 14, 2010

How to hit the daily reputation cap on Stackoverflow

About two weeks ago when I had the free time at work (yeah, it happens sometimes:)) I carried out some kind of an experiment. I wanted to check if it is too difficult to reach the maximum daily reputation on stackoverflow.com, the extremely popular a question-and-answer website about the programming related stuff. I think you at least heard about it, most probably you saw it many times in search results when googling some programming question:)

All things on site are around the reputation points. The more you'll earn - more cool you'll be:) You can earn point if you questions or/and answer will be voted up by other members of the site. According to FAQ "you can earn a maximum of 200 reputation per day (although accepted answers are immune to this limit)". So I wondered how hard it is.

Actually it is not. You just have to spend some time on it or to post few but very useful answers. I'll describe a couple of ways of the reputation earning I figured out.

Easy question - fast answer. Actually you can earn quite good amount of point answering the trivial questions that usually asked by newbies in some technologies. Such questions receive relatively many answers and to earn the most point you should post on of the first and most full answers. Be aware, for such type of questions first answers appears for about one minute or even sooner:) The best strategy is to post right but not well-explained answer, and then to expand answer by editing it. Anyway hurry up!)

Situation-specific questions. The bunch of questions are like "I did this, expected that, but I got...". Probably you will be able to answer such questions only if you encountered the same situation in the past. In other case you should spend the pretty much time to investigate it (unless you are the real guru:)), and I think you just will not want to do it (only if you are not an altruist). Anyway you will not receive too much points for your answer (if any), because most likely it will be not useful for most other site members. More specific question will be - less point you'll earn, it is straightforward I think.

Subjective questions. Some questions posted on the site cannot really have the right answer. Too subjective questions will be closed at all, but some of them will be not if the community will consider this question and answers to it as useful. In this case you earn reputation if you'll post your original opinion that will be appreciated by other members.

Questions. Your questions. Of course you can ask your own questions and earn points for that. As for me I'm only asking questions when I really need answer for them. IMO it is strange to make questions intentionally for earning points) But if you are fine with it, well...

So how went the experiment? On the first day I received 175 points, and on the second day - 237 points and my Mortarboard badge (remember that accepted answers are immune).

Try hard and maybe some day you will be such famous man as Jon Skeet! :)

Thursday, August 12, 2010

The job interview. My ambiguous impressions

Recently I was invited for the job interview to some software company in my city. Actually I have the work now and I didn't plan to change it in the nearest time. But on the other hand why not to try if there is such opportunity? So I decided to go for it. It turns out now that it was a good decision as I learnt some things that can help me in the future study and the carrier growth.

I don't want to write about what exact questions were asked etc. I'll try to share with you my impressions and what conclusions I came to from this story. But I should notice that I do NOT want to accuse anybody in anything. But some bit of the criticism shouldn't harm anyone, should it?:)

Recruiters.
There were two of them. (massive attack?:) ) I believe that this part went quite well except some things.
  1. I really didn't like that my recruiters didn't bother even to read whole my CV. For example, one of the recruiters asked me whether I took some online tests like Brainbench. Damn, yes, and that was mentioned in my document! And this is just example...
  2. About the same Brainbench. There was noted in my CV that I got "Brainbench Master Certification in C#" and the recruiter complained that I didn't mention the exact score. When I answered that it was 4.02 she said "Fine! It is very good result!" What then is not "good" result if the master level requires to pass with a score of at least 4.0?:) Why are you asking about this test while are you not confident about it? (Actually I have no doubt that this test has no real value at all but it is subject for another story).
  3. I will be very appreciate if the recruiter try to investigate what is wrote in CV before the interview. Yes, I know that almost all people never heard about TopCoder, but is it too difficult just to google it and to get some basic information? I think it will the plus for me if they would know about Topcoder's standards and practices.
  4. And last. I really didn't like experiments like the provocative questions to view reaction of the interviewee.
Technical interviewers.
  1. Yeah, it will be very cool if in the next time someone will notify me in advance that I'll have technical interviews in the same day:) Especially in both Java and .NET:)
  2. I'm very disappointed that there wasn't ANY question for evaluating general skills like logic, the ability to solve problems etc. Just technical questions like "how many ways are to synchronize threads" etc. Yes, the working (!) knowledge is needed definitely for most positions, but is it the main constituent of the successful developer? What a hell, whom you need to hire?! Coding monkeys?!
  3. I had the luck to compare two very different persons as interviewers. While one just asked a number of questions to hear proper answers, another one impressed me from the good side. Funny guy, he helped me a lot to think in the right way about my carrier and the priorities. It seems he is quite good in evaluating of the interviewee's knowledge. When I didn't say something that he wanted to hear, he asked another question to check if I didn't know that or just forgot to say about it. And in general... +1 to him definitely :)
  4. The Java guy, if you sometimes read this, do not draw minuses on the paper when someone is continuing to answer the question and he sees what are you drawing.) And do not ask stupid questions like "Will be your code readable for others?".
What I learnt.
  1. I always thought that is not such important to learn deeply some technologies in advance. My principle was "you want it - I'll learn it", and it is important to know only some basic things about technology so you just can start work with it and the deep knowledge will come in the practice, in the development process. Not I realized that most companies wants you to be the guru, so you will know all answers without extra time for investigating. The learning of something in advance without immediate need was for me as wasting of time, but I'll considering to pay more attention in self-learning not for some certificate but for real knowledge.
  2. I have the dilemma now. Java or .NET?:) I always wanted to become good in both, but it seems that is not possible. You should concentrate on something one to be really good in it.
  3. And last I realized that my speaking English is not bad but VERY bad :) Yeah, even much more worse than my written English:) I was so disappointed in the brief examination of my speaking that I canceled my phone interview for the internship in USA. And now I'm considering in taking some additional English courses maybe focused in speaking.
 So what next? Now I should set my goals for some period of time and I should outline the plan how to achieve those goals. When you have the plan, you have the hope!:)

Monday, August 9, 2010

Everything what you might want to know about the Disposable pattern

Thought thrives on conflict. Today I had a discussion with my technical leader who ashamed me that I don't know how to implement IDisposable correctly. It turned out it was true as I really lacked in knowledge of the Disposable pattern. On the other hand my implementation was actually almost right even with my knowledge:)

So what we've got?

public class CustomWriter : IDisposable
{
    private readonly Stream _stream;

    public CustomWriter(Stream stream)
    {
        Helper.CheckNull("stream", stream);
        _stream = stream;
    }

    // some methods that deal with _stream
}

My first implementation of Dispose method was the simplest that can be only:)

public void Dispose()
{
    _stream.Dispose(); 
}

Is this code good?:) I think every experience .NET developer knows the right answer but question can be tricky for some junior developers.

Let's get deep into the problem.

The Disposable pattern. You can find it in MSDN, it is shown in example for the IDisposable interface. You should remember that you must throw ObjectDisposedException in the beginning of every method if object is disposed already. So in general the skeleton of the class implemented IDisposable can be like following:

public class DisposableClass : IDisposable
{
    // the boolean flag whether the current object is disposed or not
    private bool _disposed;

    // check if the current object is disposed
    private void CheckDisposed()
    {
        if (_disposed)
        {
            throw new ObjectDisposedException(GetType().FullName);
        }
    }

    public void SomeMethod()
    {
        // check if not disposed
        CheckDisposed();

        // some logic here
    }

    public void Dispose()
    {
        // dispose all managed and unmanaged resources
        Dispose(true);

        // suppress calling of the object destructor
        GC.SuppressFinalize(this);
    }

    protected virtual void Dispose(bool disposeManagedResources)
    {
        if (!_disposed)
        {
            if (disposeManagedResources)
            {
                // dispose managed resources here
            }
            // dispose unmanaged resources here
              
            // turn on the 'disposed' flag
            _disposed = true;
        }
    }

    ~DisposableClass()
    {
        // only unmanaged resources disposed here
        Dispose(false);
    }
}

Pattern is pretty straightforward. If the user of the class wants to release resources explicitly than he can call Dispose method which does all work. Also you should suppress calling of the destructor by the garbage collector as it is no need in this already.

The main point here that you should not try to release managed resources in destructor because they are in undefined state actually by this moment - the garbage collector might release some or all unmanaged resources already.

How differs the code above from example code from MSDN?
  1. The CheckDisposed method is created which should be called in the beginning of each other method.
  2. The argument of the parametrized Dispose method is renamed to disposeManagedResources. As for me the variable name disposing is not self-explanatory.
  3. The Dispose method made protected virtual. In this way you can redefine it in derived classes for actual needs.
The simplified pattern. What happens if our class will not have the unmanaged resources? Fine, the destructor will do nothing - kill it! GC.SuppressFinalize(this) is not needed anymore as we don't have the destructor - kill it! disposeManagedResources will be always true - kill it! Why we should have another Dispose method without parameter? Kill it too!:) So what we've got now:

public class DisposableClass : IDisposable
{
    // the boolean flag whether the current object is disposed or not
    private bool _disposed;

    // check if the current object is disposed
    public void CheckDisposed()
    {
        if (_disposed)
        {
            throw new ObjectDisposedException(GetType().FullName);
        }
    }

    public void SomeMethod()
    {
        // check if not disposed
        CheckDisposed();

        // some logic here
    }

    public void Dispose()
    {
        if (!_disposed)
        {
            // dispose managed resources here

            _disposed = true;
        }
    }
}

Notice the important moment. When we are talking about unmanaged resources we mean those resources which we should release on our own as the garbage collector cannot deal with them. Feel the difference - even if the Stream object operates internally with some unmanaged resources we don't care about it. From our side the Stream object is the managed resource and it is enough to call its Dispose method to be sure that all is done there.

So was my code so wrong in the beginning of this post?:) Apparently no. The only issue there that I could call _stream.Dispose() more than once. Actually it shouldn't be the problem (actually _stream.Dispose() will do nothing in further calls) but it is not good anyway. Adding the _disposed field and checking it is all what I needed to add.

Happy disposing for you!:)

NHibernate and MS Access - it's simple, but...

Recently I got the task to get some data from MS Access database using NHibernate. As for true it was my first coding experience with NHibernate and Fluent NHibernate, so I was very glad that I was present not too long time before on 4th meeting of Lviv .Net User Group where Andriy Buday made a quite good presentation about this ORM framework.

The code had to be very simple, and you should to change just couple of lines in the configuration to make it work with MS Access. If you use Fluent NHibernate (like me) for writing configuration, then you can get something like the following piece of code.

private static ISessionFactory CreateSessionFactory(string databaseFile)
{
    return Fluently.Configure()
        .Database(
            JetDriverConfiguration.Standard.ConnectionString(c => c.DatabaseFile(databaseFile))
        )
        .Mappings(m => m.FluentMappings.AddFromAssemblyOf<Person>())
        .BuildSessionFactory();
}

So everything was fine, I was proud with myself ("Yoo-hoo, I did!") , but when I tried to run tests...
Could not load file or assembly 'NHibernate.JetDriver' or one of its dependencies. The system cannot find the file specified.
 The reason is simple - NHibernate.JetDriver.dll is not part of the NHibernate distribution. You can find it in the NHibernate Contrib project on Source Forge. But don't try to find ready DLL - only source codes are available. Checkout out it with SVN here: https://nhcontrib.svn.sourceforge.net/svnroot/nhcontrib/trunk/src/NHibernate.JetDriver/. Build it in any way you wish. As for me I used included VS 2008 solution.

Fine, I got NHibernate.JetDriver.dll, I was proud with myself even more than in previous time, I tried to run tests again... What I got? Here it is:
 Could not load file or assembly 'NHibernate, Version=2.1.0.4000, Culture=neutral, PublicKeyToken=aa95f207798dfdb4' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
When you will build NHibernate.JetDriver.dll reference those DLLs from the NHibernate distribution that you are using in your project. The NHibernate version in NHibernate.JetDriver folder is 2.1.0.4000, and I used version 2.1.2.

So at last I managed to make NHibernate to work with MS Access. Returning to the title of this post - it's simple but it is tricky:)

P.S. If you are working under 64 bit Windows you can get additional exception "The 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine" for dessert. Make sure that you selected the target cpu to x86 in the advanced compiler options. There is not a 64 bit version of Jet.

Saturday, August 7, 2010

Another one blog? What for?

Hi all!

I decided to start my first blog. At long last!:) To be honest the idea of my own blog was nurtured by me quite a long time. Do you have a feeling sometimes that you know something that can be interested and useful not only for you? Yeah, that is exactly what I'm talking about.

But every time when I was considering on start blogging, I was afraid that I'll get bored with it too fast and that is why to loose time for nothing. I am still afraid, but anyway the decision is here!)

And who am I actually?) My name is Dmytro Dzyuma, I'm living, studying and working in my native country which name is Ukraine. I can point its location on the map if you have troubles with geography:)

What will be this blog about? Anything that will be interesting for me and I'll think that it will be interesting to someone else. Something about .NET, something about Java, something about something else)

This blog will be in English, even if this is not my first language as you may probably notice:). The reason is simple - this is the language that is one of the most common all over the world and this is the language of IT. I was considering of making Ukrainian versions for all posts, but... I'm not sure if it really needed right now, maybe later will, I don't know.

The last thing. Don't get accustomed to present blog design and layout, I'm going to play with it some time)

So let's start!:)