Friday, July 5, 2013

Windows SysInternal Tools every IT Pro should have

Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators

Sysinternals Live

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

Sysinternals Suite

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

The Suite is a bundling of the following selected Sysinternals Utilities

Sysinternals File and Disk Utilities

AccessChk

This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

AccessEnum

This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

CacheSet

CacheSet is a program that allows you to control the Cache Manager's working set size using functions provided by NT. It's compatible with all versions of NT.

Contig

Wish you could quickly defragment your frequently used files? Use Contig to optimize individual files, or to create new files that are contiguous.

DiskExt

Display volume disk-mappings.

DiskMon

This utility captures all hard disk activity or acts like a software disk activity light in your system tray.

DiskView

Graphical disk sector utility.

Disk Usage (DU)

View disk usage by directory.

EFSDump

View information for encrypted files.

FileMon

This monitoring tool lets you see all file system activity in real-time.

Junction

Create Win2K NTFS symbolic links.

LDMDump

Dump the contents of the Logical Disk Manager"s on-disk database, which describes the partitioning of Windows 2000 Dynamic disks.

MoveFile

Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files.

NTFSInfo

Use NTFSInfo to see detailed information about NTFS volumes, including the size and location of the Master File Table (MFT) and MFT-zone, as well as the sizes of the NTFS meta-data files.

PageDefrag

Defragment your paging files and Registry hives!

PendMoves

See what files are scheduled for delete or rename the next time the system boots.

Process Monitor

Monitor file system, Registry, process, thread and DLL activity in real-time.

PsFile

See what files are opened remotely.

PsTools

The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

SDelete

Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this

DoD-compliant secure delete program.

ShareEnum

Scan file shares on your network and view their security settings to close security holes.

Sigcheck

Dump file version information and verify that images on your system are digitally signed.

Streams

Reveal NTFS alternate streams.

Sync

Flush cached data to disk.

VolumeID

Set Volume ID of FAT or NTFS drives.

Sysinternals Networking Utilities

AD Explorer
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.

AD Insight
AD Insight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications.

AdRestore
Undelete Server 2003 Active Directory objects.

PsFile
See what files are opened remotely.

PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

ShareEnum
Scan file shares on your network and view their security settings to close security holes.

TCPView
Active socket command-line viewer.

Whois
See who owns an Internet address.

Sysinternals Process Utilities

Autoruns
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

FileMon
This monitoring tool lets you see all file system activity in real-time.

Handle
This handy command-line utility will show you what files are open by which processes, and much more.

ListDLLs
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded modules.

PortMon
Monitor serial and parallel port activity with this advanced monitoring tool. It knows about all standard serial and parallel IOCTLs and even shows you a portion of the data being sent and received. Version 3.x has powerful new UI enhancements and advanced filtering capabilities.

Process Explorer
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.

PsExec
Execute processes remotely.

PsGetSid
Displays the SID of a computer or a user.

PsKill
Terminate local or remote processes.

PsList
Show information about processes and threads.

PsService
View and control services.

PsSuspend
Suspend and resume processes.

PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

RegMon
This monitoring tool lets you see all Registry activity in real-time.

ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.

Sysinternals Security Utilities

AccessChk
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

AccessEnum
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

Autologon
Bypass password screen during logon.

LogonSessions
List active logon sessions

NewSID
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID.

PsExec
Execute processes with limited-user rights.

PsLoggedOn
Show users logged on to a system.

PsLogList
Dump event log records.

RootkitRevealer
Scan your system for rootkit-based malware

SDelete
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.

ShareEnum
Scan file shares on your network and view their security settings to close security holes.

ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.

Sigcheck
Dump file version information and verify that images on your system are digitally signed.

Sysinternals System Information Utilities

ClockRes
View the resolution of the system clock, which is also the maximum timer resolution.

Coreinfo
Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.

Filemon
This monitoring tool lets you see all file system activity in real-time.

Handle
This handy command-line utility will show you what files are open by which processes, and much more.

LiveKd
Use Microsoft kernel debuggers to examine a live system.

LoadOrder
See the order in which devices are loaded on your WinNT/2K system.

LogonSessions
List the active logon sessions on a system.

PendMoves
Enumerate the list of file rename and delete commands that will be executed the next boot.

Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.

ProcFeatures
This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection.

PsInfo
Obtain information about a system.

PsLoggedOn
Show users logged on to a system

RegMon
This monitoring tool lets you see all Registry activity in real-time.

WinObj
The ultimate Object Manager namespace viewer is here.

Sysinternals Miscellaneous Utilities

AD Explorer
Active Directory Explorer is an advanced Active Directory (AD) viewer and editor.

AdRestore
Restore tombstoned Active Directory objects in Server 2003 domains.

Autologon
Bypass password screen during logon.

BgInfo
This fully-configurable program automatically generates desktop backgrounds that include important information about the system including IP addresses, computer name, network adapters, and more.

BlueScreen
This screen saver not only accurately simulates Blue Screens, but simulated reboots as well (complete with CHKDSK), and works on Windows NT 4, Windows 2000, Windows XP, Server 2003 and Windows 9x.

Ctrl2cap
This is a kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys. Filtering at this level allows conversion and hiding of keys before NT even "sees" them. Ctrl2cap also shows how to use NtDisplayString() to print messages to the initialization blue-screen.

DebugView
Another first from Sysinternals: This program intercepts calls made to DbgPrint by device drivers and OutputDebugString made by Win32 programs. It allows for viewing and recording of debug session output on your local machine or across the Internet without an active debugger.

Desktops
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.

Hex2dec
Convert hex numbers to decimal and vice versa.

PsLogList
Dump event log records.

RegDelNull
Scan for and delete Registry keys that contain embedded null-characters that are otherwise undeleteable by standard Registry-editing tools.

RegJump
Jump to the registry path you specify in Regedit.

Strings
Search for ANSI and UNICODE strings in binary images.

ZoomIt
Presentation utility for zooming and drawing on the screen.

Monday, March 18, 2013

Shallow Copy vs Deep Copy

Hi,

Shallow copy : is where the value type members of an object are copied to a new object where as for reference type objects the reference of the original object is stored in new object so any changes in new object will be reflected to the old object.

Deep Copy: Is where the value type & reference type members of an object are copied to a new object so any changes in the new object does not reflect to the old object.

A Deep Copier sample method which can be very useful.

using System;
using System.IO;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters.Binary;

/// <summary> /// Provides a method for performing a deep copy of an object. /// Binary Serialization is used to perform the copy. /// </summary>

public static class CopierFactory
{

/// <summary>
/// Perform a deep Copy of the object.
/// </summary>
/// <typeparam name="T">The type of object being copied.</typeparam>
/// <param name="sourceobject">The object instance to copy.</param>
/// <returns>The copied object.</returns>

public static T Clone<T>(T sourceobject)
{
if (!typeof(T).IsSerializable)
{
    throw new ArgumentException("The type must be serializable.", "source");
}

// Don't serialize a null object, simply return the default for that object

if (Object.ReferenceEquals(sourceobject, null))
{
    return default(T);
}

IFormatter formatter = new BinaryFormatter();
Stream memorystream = new MemoryStream();
using (memorystream )
{
     formatter.Serialize(memorystream , sourceobject);
     memorystream.Position =0;
     return (T)formatter.Deserialize(memorystream );
}
}
}

Static Members in Memory

Where are static members stored in .net?

They are stored in Heap, irrelevant of it being of a reference type or a value type. This heap is a special heap called "High Frequency Heap" which is unique for each application domain.

Thursday, March 14, 2013

Disadvantages of Inheritence

Hi,

Till now I have never thought as Inheritence will also have some disadvantages. But I tried to find the other side of complexity of inheritance and I get to know many other details which you might be knowing but have never noticed it.

Inheritance results in a very tight binding between a superclass and its subclasses.

Removing or swapping out a superclass will usually break subclasses. Subclasses are entirely dependant on their superclass to function effectively.

It's inflexible. You are burdened by methods and behavior defined in a more general superclass, making down-the-line changes and customization difficult. Decisions made early on haunt the entire class hierarchy. See the fragile base class problem. [1]

Inheritance relationships generally can't be altered at runtime.

In many OOP languages, you can only inherit from a single class without introducing the problems associated with multiple inheritance. This can be restrictive. For example, if you have a Person class, with the subclasses Student and Employee. What if you have a person who is both a Student and an Employee?

[1] http://en.wikipedia.org/wiki/Fra...

Hope this little thing might have given you a chance to look at the world of oops in a different manner.

Thursday, February 28, 2013

Dynamic Typing and Late binding in C#

Static Binding in C#

That is, unlike JavaScript, or, PHP, we had to specify the type of the variables at compile time. As long as compiler was unhappy with the variable type declarations, we had to make correction of the types in order to be able to compile and run the program.

Some example of static binding

int a = 5;

string s = "Hello world";

int c# 3.0 a new arrived keyword var was thought to be a dynamic binding

var a = 5;

var s = "Hello world";

but it was a mith as var is just another form of static binding, which infers its actual type at complie time.

so at compile time it actually becomes

int a= 5; // for var a= 5;

and

string s = "Hello world"; // for var s = "Hello world";

And what u cant do with var.

var a;

a= 5; // This is now allowed

In var you will be able to know in the intelisese of visual studio the correct type of the object which shows you that is binded at complie time and not at runtime.

Dynamic Binding in C#

In c# 4.0 a new keyword as introduced "dynamic" which allows to bind variables declared to be bound with there types at runtime.

dynamic a = 5;

The complier does not know the type of the variable till the time the statement is executed as in intelisense also it does not show you the correct type of it.

so in dynamic it is leagl to declare vairable as below.

dynamic a;

a= 5;

Azure Fabrics questions

Q: How does the fabric know that an instance has failed, and what actions does it take to recover that instance?

A: There are a series of heartbeat probes between the fabric and the instance --- Fabric <-> Host Agent <-> Guest Agent (WaAppAgent.exe) <-> Host Bootstrapper (WaHostBootstrapper.exe) <-> Host Process (typically WaIISHost.exe or WaWorkerHost.exe).

If the Fabric <-> Host Agent probe fails then the fabric will attempt to restart the host. There are heuristics in the fabric to determine what to do with that host if a restart fails to resolve the problem, taking more aggressive actions to remedy the problem until ultimately the fabric may determine that the server itself is bad and it will create a new host on a new server and then start all of the affected guest VMs on that new host.
If the Host Agent <-> Guest Agent probe fails then the Host will attempt to restart the Guest OS, and this also includes a set of heuristics to take additional actions including attempting to start that Guest VM on a new server. If the Host <-> Guest probe succeeds then the fabric no longer takes action on that instance and any further recovery is handled by the guest agent within the VM.
The only recovery action that the guest agent will take is to restart the host stack (WaHostBootstrapper and all of its children) if one of the child processes crashes. If the probe times out then the guest agent assumes the host process is busy working and lets it continue running indefinitely. The guest agent will not restart the VM as part of a recovery process.

See http://blogs.msdn.com/b/kwill/archive/2011/05/05/windows-azure-role-architecture.aspx for more information about the processes and probes on the Guest OS.

Q: How does the load balancer know when an instance is unhealthy?

A: There are 2 different mechanisms the load balancer can use to determine instance health and whether or not to include that instance in the round robin rotation and send new traffic to it.

The default mechanism is that the load balancer sends probes to the Guest Agent to request the instance health. If the Guest Agent returns anything besides 'Ready' then the load balancer will mark that instance as unhealthy and remove it from the rotation. Looking back at the heartbeats from the guest agent to the host process, this means that if any of those processes running in the Guest OS has crashed or hung then the guest agent will not return Ready and the instance will be removed from the LB rotation.
The other mechanism is for you to define a custom LoadBalancerProbe in your service definition. A LoadBalancerProbe gives you much more control over how the load balancer determines instance health and allows you to more accurately reflect the status of your service, in particular the health of w3wp.exe and any other external dependencies your service has. Make sure your probe path is not a simple HTML page, but actually includes logic to determine your service health (eg. Try to connect to your SQL database).

Q: What does the load balancer do when an instance is detected as unhealthy?

A: The load balancer will route new incoming TCP connections to instances which are in rotation. The instances that are in rotation are either:

Returning a 'Ready' state from the guest agent for roles which do not have a LoadBalancerProbe.
Returning 200 or TCP ACK from a LoadBalancerProbe element.

If an instance drops out of rotation, the load balancer will not terminate any existing TCP connections. So if the client and server maintain the TCP connection then traffic on that connection will still be sent to the instance which has dropped out of rotation, but no new TCP connections will be sent to that instance. If the TCP connection is broken by the server (ie. the VM restarts or the process holding the TCP connection crashes) then the client should retry the connection, at which time the load balancer will see it as a new TCP connection and route it to an instance which is in rotation.

Note that for single instance deployments, the load balancer considers that instance to always be in rotation. So regardless of the status of the instance the load balancer will send traffic to that instance.

Q: How can you determine if a role instance was recycled or moved to a new server?

A: There is no direct way to know if an instance was recycled. Fabric initiated restarts (ie. OS updates) will raise the Stopping/OnStop events will be raised, but for unexpected shutdowns you will not receive these events. There are some strategies to detect these events:

The most common way to achieve this is to write a log in the RoleEntroyPoint.OnStart method. If you unexpectedly see an instance of this log then you know a role instance was recycled and you can look at various pieces of evidence to determine why.
If an instance is moved to a new VM/server then the Changing/Changed events will be raised on all other roles and instances with a type of RoleEnvironmentTopologyChange. Note that this will only happen if you have an InternalEndpoint defined. Also note that an InternalEndpoint is implicitly defined for you if you have enabled RDP.
See http://blogs.msdn.com/b/kwill/archive/2012/09/19/role-instance-restarts-due-to-os-upgrades.aspx for information about determining when an instance is restarted due to OS updates.
The guest agent logs (reference the Role Architecture blog post for log file location) will contain evidence of all restarts, both planned and unplanned, but they are internal undocumented logs and interpreting them is not trivial. But if you are following #1 and you know the timestamp for when your role restarted then you can focus on a specific timeframe in the agent logs.
The host bootstrapper logs (reference the Role Architecture blog post for log file location) will tell you if a startup task or host process failed and caused the guest agent to recycle the instance.
The state of the drives on the guest OS can provide information about what happened. See http://blogs.msdn.com/b/kwill/archive/2012/10/05/windows-azure-disk-partition-preservation.aspx.
If the above doesn't help, the support team can help investigate through a support incident.

.Net Programming by Mehul