Martin Zugec blog

System.OutOfMemory and random errors

One of my (read "created by me") programs suddenly stopped working - to my surprise, for everyone else everything was working flawlessly - except me...

 It was giving me range of random errors (most common was System.OutOfMemory), even when I run it through debugger, it was crashing on random lines with really strange errors (psadi.dll was not found...)... That was really strange. And it was really strange that all other .NET applications were working fine. Most of the time System.OutOfMemory was throwing when reading 5 text files (all of them contained 1 line of text) - come on, we are not in middle age, modern computer should be able to handle it ;)

For all my applications (and many of my project) I really love to use Subversion - if you dont know it, drop me line and I will write some details about it.. I decided to revert to older version of application.

Because I also wanted to keep my current version, I saved file under different file name - and tadaaa - it was working flawlessly again. Then I tried to rename also my latest version - and now it was running smoothly. So I checked HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options - this is the key where all debuggers etc are hooking to application processes (including my tool Hook Application)...

 To my surprise MyApp.exe contained tons of subkeys with strange names like DangerousAPIs, Locks etc... I tried to rename this registry key - and application was working..

After small investigation I traced the root of problem to Application Verifier - and then I remembered that this week I had presentation where I showed also AppVerif - and I was presenting on my program.

To make long story short - if your application works after you rename main exe, check Image File Execution Options registry key and maybe it will help you.

Leet haxor?

Few days ago I posted small blog entry about using keyboard for navigating on Google - it is in fact quite old, I tried it few months ago, but few days ago I started to really use it and I found it quite usefull, so I wanted to share...

Today I received new comment (well, it was not published automatically and I received mail that there appears to be some spam in comments).

I read that comment - and that again and again, just to be sure that I am not missing something:

"u suck at hacking, i am able to control live webcmas using google, and also change wats on while tv is on, dont beleive me, than screw u, if this was supposed to be a hack, u suck, leave my hacking territory, because when u mess with the best, u will die like the rest!"

I am still not sure if I should smile or cry (well, or be scared that he could change my TV through Google :D)

Well, to make this post at least little bit useful: nice trick regarding that Google keyboard shortcuts is that if you are on last entry and you press J (go to next result), it will automatically go to next page (and that is maybe most useful function of that nice Google feature that you can read few pages of results pretty quickly)

How to open dialog for Active Directory search

Project I am working right now on requires from me to periodically search for something in AD... How to do it (dont expect anything new ;)):

Standart way:

• Start -> Run
• Hit enter
• Type mmc
• Hit enter
• Click file, select Add\Remove Snap-in
• Click Add
• Click on Active Directory Users and Computers
• Click Close
• Click OK
• Expand Active Directory Users and Computers
• Right-click on domain
• Select Find
• Type your object name
• Click on Find now

My modified way to achieve it was to use following procedure:

• Hit Winkey + R
• Type dsa.msc
• Hit enter
• Hit Ctrl+M
• Hit End
• Hit <that small button opposite winkey that shows context menu>
• Hit "i"
• Type object name
• Hit enter

Nothing really special, hehe :) Just wanted to make you more curious about my final result ;)

 So after going through all this again and again, I decided to make some use out of my favourite QLiner - so I mapped following line to one of buttons:

%windir%\system32\rundll32.exe dsquery.dll,OpenQueryWindow

 Pretty simple, heh? This command line just shows AD search dialog.

How to control Google using keyboard

Welcome all keyboard maniacs :)

 Long time ago I tried Google Keyboard shortcuts - experiment that allows you to navigate through Google results by using only keyboard. I thought it is quite nice, but I havent really tried it...

Today my wireless mouse run out of batteries and after few minutes I got tired of using trackball, so I decided to enable keyboard shortcuts - and I was really surprised that after little time I cant live without it :)

So if you want to test, head to http://www.google.com/experimental/#BetaShortcuts and select Keyboard shorcuts (or you can test any other experiment)...

Controls are quite simple:

• J - down
• K - up
• Enter\O - open
• / - go to search dialog

 Martin

New utility to detect COM objects

If you are deployment specialist or responsible for deploying applications AND keeping computers running afterwards, I think you agree that you always want to know what will installer do - therefore you prefer to use copy and paste installations...

 Even if that is not applicable and you are like me, you rather build your own script to copy folders\files and register some libraries instead of using some installer (or maybe you are not and I am really, really strange ;)).

 If you do so, then you probably encountered situation when you can see tens or hundres of DLLs in one folder and you are not sure which are static and which requires registration through regsvr32. Or you can run into situation when application suddenly stopped working and you are almost sure that it is due missing registration of one file.

 I run few times into this situation - and I decided to write small utility that is able to detect libraries that requires registrations... It is called COM Detector ;)

It is really easy to use it - just specify file or folder as input parameter and it will show you if file\files are COM objects (and requires registration prior to use) or they are not.

 This is output when scanning System32 folder (only few lines to show you):

bios4.rom:Not DLL or OCX file
bitsprx2.dll:COM
bitsprx3.dll:COM
blackbox.dll:COM
blastcln.exe:Normal library
bootcfg.exe:Normal library
bootok.exe:Normal library

You can see that bisprx2.dll, bitsprx3.dll and blackbox.dll are COM-based so you must register them in order to be able to use them.

To simplify parsing, delimiter is ":" - this is selected due to fact that you can`t use ":" in file\folder name because it is used for alternative data streams. 

There are two optional switches available, /Debug and /SkipNoCOM. /Debug is used for debugging and is not really important, when you specify /SkipNoCOM, only COM objects will be displayed.

Also known bug - if you encounter message box like "The application or DLL <File> is not a valid Windows image. Please check this against your installation diskette.", just ignore it - it is displayed by API and (so far) there is nothing I can do about it.

FileMon, RegMon... What about LibMon?

Recently I wrote small article about DLL Hell problem (http://msmvps.com/blogs/martinzugec/archive/2007/11/11/dll-help-is-there-any-solution.aspx).

Maybe you were also experiencing similar problems and you tried to use some tools to troubleshoot - best choice is usually FileMon\RegMon (or ProcMon), but usually they wont really help when working with libraries. This is specially case with legacy Visual Basic 6.0 applications, that just crashes with general error (Library not found).

 And maybe you also encountered tool called Dependency Walker (www.dependencywalker.com) from Microsoft. This is quick summary from website:

"Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules."

Maybe you also tried this utility - just to find out that it is quite useless, because most libraries (99%) are loaded dynamically and are not listed in tree view (usually you only see base system libraries):

Just by accident I found that new (silently released) version contains also functionality called Profiling (dont ask me why they choose such meaningless name instead of Monitoring or any other option).

This option allows you to run program and detect dependencies automatically (Profile -> Start Profiling). Of course output is much more detailed now:

Also attached log file can be extremely useful when troubleshooting:

 LoadLibraryExW("C:\Apps\Opera 9\Microsoft.Windows.Common-Controls.DLL", 0x00000000, LOAD_LIBRARY_AS_DATAFILE) returned NULL. Error: The system cannot find the file specified (2).

in above example, application I used was downloaded from ThinDownload - obviously during packaging they forget something, because I dont have C:\Apps.
I already used this tool few times and it can be extremely useful. For example when I noticed that one library is always returning something like Error: The specified procedure could not be found (127)., I knew that problem is not caused by missing library, but due to version mismatch.