Whatis Utility for Windows

Hi Community,

I’ve just come back to the office after rolling off from an engagement, so this week while being back to the bench I’ve been practicing  and studying some Qt for my upcoming certification, doing a few things around Raspberry Pi + Kinect + OpenKinect on Raspbian but at the same time I also built an utility that’s been missing in Windows, however available in any other *nix operating system and I’m referring to whatis command which I find very useful.

whatis displays information stored in manual pages description, so I thought that I needed to provide similar functionality, hence I chose to use ESENT that’s built-in to Windows. ESENT is a NoSQL ISAM database primarily for C/C++ developers that can be also used from managed code (ESENT Managed Interop on codeplex, for example).

My version of whatis stores information about any binary (DLL or EXE) that contains a VERSIONINFO resource in an ESENT database. This information is stored the first time the utility is called to query a file, and then subsequent calls retrieve it from the database. The solution contains a few classes being the ESENTCore the most important one because it acts as DAL to interact with ESENT. If the database is deleted, do not worry because it will get created again.

I thought it’d be a great idea to dissect the solution by firstly describing the method that creates the table used by whatis

vector<ColumnInfo> EsentCore::GetColumnDefinition() {

    vector<ColumnInfo> retval;


    retval.push_back(ColumnInfo{0, wstring(Pk_Id_Column), JET_COLUMNDEF{

        sizeof(JET_COLUMNDEF), NULL, JET_coltypLong, NULL, NULL, NULL, NULL,

        GetLengthInBytes(4), JET_bitColumnAutoincrement}});


    retval.push_back(ColumnInfo{0, wstring(Name_Column), JET_COLUMNDEF{

        sizeof(JET_COLUMNDEF), NULL, JET_coltypText, NULL, NULL, NULL, NULL,

        GetLengthInBytes(50), JET_bitColumnFixed | JET_bitColumnNotNULL}});


    retval.push_back(ColumnInfo{0, wstring(Location_Column), JET_COLUMNDEF{

        sizeof(JET_COLUMNDEF), NULL, JET_coltypText, NULL, NULL, NULL, NULL,

        GetLengthInBytes(MAX_PATH), JET_bitColumnFixed | JET_bitColumnNotNULL}});


    retval.push_back(ColumnInfo{0, wstring(Description_Column), JET_COLUMNDEF{

        sizeof(JET_COLUMNDEF), NULL, JET_coltypLongText , NULL, NULL, NULL, NULL,

        GetLengthInBytes(MAX_PATH * 5), JET_bitColumnMaybeNull}});


    return retval;


It is a simple structure (Primary key that’s auto numeric, file name, file location and file description). Data operations with ESENT have to be performed in the context of a transaction,  and the database must be prepared for these operations to occur, a good example can be seen in the InsertRecord method shown below

bool EsentCore::InsertRecord(const vector<ColumnType>& columns) {

    auto colIndex = 0;

    auto retval = false;

    auto columnInfo = GetColumnIds();

    auto newColumns = make_unique<JET_SETCOLUMN[]>(modifiableColumnCount);


    if (columns.size() > 0) {

        if (SUCCEEDED(JetBeginTransaction(m_sessionId)) && SUCCEEDED(JetPrepareUpdate(m_sessionId, m_tableId, JET_prepInsert))) {

            ZeroMemory(newColumns.get(), sizeof(JET_SETCOLUMN) * modifiableColumnCount);

            for_each(columns.begin(), columns.end(), [&](const ColumnType& column) {

                if (column.ColumnName != Pk_Id_Column && column.ColumnName != CreatedOn_Column) {

                    auto colInfo = columnInfo.at(column.ColumnName);

                    newColumns[colIndex] = JET_SETCOLUMN{0};

                    newColumns[colIndex].columnid = colInfo.columnid;

                    auto ptrData = make_unique<char[]>(MAX_PATH * 5);


                    if (colInfo.coltyp == JET_coltypText || colInfo.coltyp == JET_coltypLongText) {

                        auto wstr = reinterpret_cast<wchar_t*>(const_cast<void*>(column.ColumnData.pvData));

                        auto size = wcslen(wstr);

                        wcstombs(ptrData.get(), wstr, size);

                        newColumns[colIndex].pvData = malloc(size);

                        memcpy(const_cast<void*>(newColumns[colIndex].pvData), ptrData.get(), size);

                        newColumns[colIndex].cbData = size;



                    newColumns[colIndex].err = JET_errSuccess;





            retval = SUCCEEDED(JetSetColumns(m_sessionId, m_tableId, newColumns.get(), modifiableColumnCount)) &&

                SUCCEEDED(JetUpdate(m_sessionId, m_tableId, nullptr, NULL, NULL));


            // Free memory

            for (auto nIndex = 0; nIndex < colIndex; nIndex++)



            // Commit or rollback transaction

            if (retval)

                JetCommitTransaction(m_sessionId, NULL);

            else  JetRollback(m_sessionId, NULL);




    return retval;


I’m a generic programming aficionado that’s why I enjoy using templates in C++ or generics in .NET and they’re not the same in case you’re wondering as I had mentioned here. Speaking of which, there’s a template function (similar to a generic method in .NET) that based on the input parameter it behaves differently yet it returns the same data type

template <typename T>

WhatIsRecord EsentCore::GetRecord(const T* cols) {

    WhatIsRecord retval;

    vector<void*> values;

    JET_RETRIEVECOLUMN* colValues = nullptr;

    vector<ColumnType>* colDef = nullptr;

    strstream name, location, description;

    auto colType = typeid(T) == typeid(JET_RETRIEVECOLUMN);


    if (colType)

        colValues = (JET_RETRIEVECOLUMN*)cols;

    else {

        colDef = (vector<ColumnType>*) cols;


        for (auto index = 0; index < 3; index++) {

            auto colData = colDef->at(index + 1).ColumnData;

            auto ptrData = make_unique<char[]>(MAX_PATH * 5);

            auto wstr = reinterpret_cast<wchar_t*>(const_cast<void*>(colData.pvData));

            auto size = wcslen(wstr);

            wcstombs(ptrData.get(), wstr, size);


            ZeroMemory(values.at(index), colData.cbData);

            memcpy(values.at(index), ptrData.get(), size);




    name << reinterpret_cast<char*>(const_cast<void*>(colType ? colValues[1].pvData : values.at(0))) << endl;

    retval.Name = Trim(name);

    location << reinterpret_cast<char*>(const_cast<void*>(colType ? colValues[2].pvData : values.at(1))) << endl;

    retval.Location = Trim(location);

    description << reinterpret_cast<char*>(const_cast<void*>(colType ? colValues[3].pvData : values.at(2))) << endl;

    retval.Description = Trim(description);


    for_each(values.begin(), values.end(), [&](void* block) {free(block); });


    return retval;


The method mentioned above uses the typeid operator that’s one of the mechanisms in the language responsible to provide RTTI. This is the closest we can get to typeof operator in .NET. 

Strings are one of the trickiest things to deal with in native code, that’s something most managed code developers take for granted and they can easily use and handle, but fear not, in C++  we have STL’s strings and also streams to make our lives easier as shown in my implementation of Trim method below

string EsentCore::Trim(strstream& text) {

    string retval;

    string newString(text.str());


    for (auto index = 0; isprint((unsigned char) newString[index]); index++) 

        retval.append(1, newString[index]);


    retval.erase(retval.find_last_not_of(' ') + 1);


    return retval;


I’ve also created a project on codeplex – http://whatis.codeplex.com in case you want to use the utility or extend it… and yes, I know it’s got a very funny  URL Smile 

There’s one tool I use every time I have to work with an  ESENT database. It’s free, awesome and lightweight and that’s ESEDatabaseView by NirSoft. The image depicted below show the objects in my whatis database


as well as some of the contents of WhatIsCatalogue (Table used by whatis) with information loaded by running a PowerShell script described next

The following script retrieves all the executable images in System32, loops through the collection and with every iteration it adds the file information to whatis.db

$files = Get-ChildItem "C:\Windows\System32" -Filter *.exe


for ($i=0; $i -lt $files.Count; $i++) {

    $exe = "c:\windows\system32\whatis.exe"

    &;$exe  $files[$i].FullName



As mentioned earlier, images below correspond to whatis running on my three different development environments (Ubuntu LinuxOS X El Capitan and our custom version of the utility running on Windows 10




C Language – Tutorial

Hi Community,

I would like to share with you an interesting tutorial on C language kindly provided by the guys from Udemy. Long story short, I received an email from a nice lady called “Molly Elizabeth” (which I originally thought to be a bot) asking me whether I was keen on publishing their tutorial that I’ve found succinct and well-explained. Please find the tutorial here – C Tutorial: Learn C in 20 Minutes



Windows 10 and Visual Studio 2015 Resources

Hi Community,

Windows 10 and Visual Studio 2015 were successfully launched a few days ago, and with them a bunch of new features were introduced, being Universal Windows Apps one of the most exciting and expected features; so what I’ve done is to compile a table that contains links to useful resources and even offers available on these new technologies, please find it below

Reference Comments

Developer Tools Download

Download any Visual Studio SKUs, including VS 2015

AzureCon – September 29th Event

Join Live Q&As and interact with the architects and engineers who are building the latest features

.NET Native – What it means for Universal Windows Platform (UWP) developers

Great blog for UWP devs to understand .NET Native

Free Xamarin Subscriptions  for Windows Phone Developers

Offers expire on August 31, 2015

A Developer’s Guide to Windows 10

The latest Windows 10 developer training contents

How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise


* Developer for Windows 10 – What’s new
* Get Started
* Design
* Develop
* Publish

All the information developers may need to write applications for Windows 10

Windows 10 courses in MVA

Great site to get online courses on Windows 10

Channel 9

Another great online resource for Windows 10 related videos

MetaFS (Metadata File System for Windows)

FileSystems are the storage backbone for any computer system, in Today’s operating systems most of them provide a common functionality set like journaling, security and metadata among others. In my humble opinion, metadata is one of the most important ones, reason being is that they can tell users about the contents of the file without even opening it. Therefore, the information entered has to be accurate in order to make metadata important, otherwise it just doesn’t make sense to have it at all.

Starting with the principle of “allowing users capture the information the consider important in a flexible and customizable way” I started working on this project called “MetaFS”  a few months back (currently available on codeplex.com). I can humbly say that’s 85% percent complete, and I’m confident that the remaining bits can be completed with the help from developers in the community.

Unlike WinFS, MetaFS can have any database as metadata repository, but more importantly any given organization can create templates to capture the information that’s relevant to them, thus providing a personal touch to the solution. These templates can easily be customized per file types and even per user by extending the template which is based in XML.

The solution is comprised of the following elements:


  • MetaFsDriver: It’s a minifilter driver that monitors changes to the filesystem (similar to the way Antivirus and scanning software work) and if changes are detected, an event is raised to notify Windows Service which in turn interacts with Data Access layer (built with Entity Framework) to update metadata information in the database. Every file in windows has its own identifier FltQueryInformationFile function from the mini driver and then use the ObjectId member that contains this unique value. In MetaFS that has not been implemented yet but it’s the plan to have it, therefore it’s easier to update the metadata of a given file instead of using filenames (which is the current implementation). 


  • MetaFSAgent:  It’s a Windows Service that starts the mini driver but more importantly allows kernel mode notifications to be raised to user mode. I explain this on this post and this communication channel is enabled through a symbolic link. The service is also responsible for calling the data access layer to update metadata information in the database.


  • Shell Extension (Dynamic Property Page):  it’s a “dynamic” property  page (or sheet) that renders template definition at runtime. It’s dynamic in nature because the UI varies based on the template.  It’s an implementation of IShellPropSheetExt interface in the form of an ATL COM Library. This shell extension is loaded by the shell of the OS (Windows Explorer).


  • Managed Code: This component is responsible for data access and rendering the UI based on template definition in XML. So, what effectively happens is that Windows Explorer loads the custom shell extension (property page) that in turns creates an instance and embeds a .NET user control in it and in doing so Windows Explorer creates an AppDomain thus expecting a config file (explorer.exe.config) that contains the connection string to connect to our database.   The images below depict our template rendered at runtime, and the beauty is that if changes are made to the template definition those changes are reflected the next time I’ll right click on the file to see its properties.


If we start Spy++ we can inspect all the visual elements that comprise our custom template, and as you can see they’re all standard Windows Form controls. The purpose of this project was to enable and help users capture metadata through a customizable template approach, but this also opens a few opportunities to integrate with other systems (e.g.: To upload a file directly to SharePoint, for instance).


There are a few technical aspects in the solution, but there’s one however, that allows to intercept and replace the Dialog procedure so enabling calling .NET code from any of the existing defined buttons of the dialog (OK, Cancel and Apply). This code is shown below


// C++ Code    // 




#import "..\..\MetaFSPropPage\bin\x64\Debug\MetaFSPropPage.tlb" 




LRESULT CALLBACK CustomWndProc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) {

    FindChild* findChildWnd;

    auto retval = CallWindowProc(pWndProc, hwndDlg, msg, wParam, lParam);


    switch (msg) {

    case WM_COMMAND:

        auto selectedButton = LOWORD(wParam);

        if (selectedButton == IDOK || selectedButton == IDAPPLY || selectedButton == IDCANCEL) {

            auto enumChildProc = [](HWND hwnd, LPARAM lParam)-> BOOL {

                auto retval = TRUE;

                wchar_t buffer[MAX_PATH];

                auto lParamValues(reinterpret_cast<FindChild*>(lParam));


                if (GetClassName(hwnd, buffer, wcslen(buffer)) > 0) {

                    wstring className(buffer);

                    if (className.find(lParamValues->windowName) != wstring::npos) {



                        if (lParamValues->FoundTargetIndex()) {

                            lParamValues->hFound = hwnd;

                            retval = FALSE;




                return retval;



            EnumChildWindows(hwndDlg, enumChildProc, reinterpret_cast<LPARAM>((findChildWnd = new FindChild)));


            switch (selectedButton) {

            case IDOK:

                SendMessage(findChildWnd->hFound, WM_APP, IDOK, NULL);


            case IDAPPLY:

                SendMessage(findChildWnd->hFound, WM_APP, IDAPPLY, NULL);


            case IDCANCEL:

                SendMessage(findChildWnd->hFound, WM_APP, IDCANCEL, NULL);




            delete findChildWnd;





    return retval;



// C# Code //




protected override void WndProc(ref Message m) {

            switch (m.Msg) {

                case WM_IME_SETCONTEXT:

                    if (Controls[0].Controls.Count == 0)



                case WM_APP:

                    if (m.WParam.ToInt32().Equals(IDAPPLY)) {

                        if (HasChanges)



                    } else if (m.WParam.ToInt32().Equals(IDOK)) {





            base.WndProc(ref m);


Another important point to mention is the Windows Service registration, in .NET  Visual Studio does all of the scaffolding for us hence it provides the Service Installer but in MetaFS case,  our service is native so how can we install and register it? Fear not… That’s very easy to do Smile


//// Service Creation/Registration ///



sc create "MetaFSAgent" binPath="C:\Code\Community\VisualC\MetaFS\x64\Debug\MetaFsService.exe" DisplayName="MetaFS Agent" obj="MyPC\MetaFSAgentUser" password="MyPassword"

Sc description "MetaFSAgent" "Metadata File System Agent - Kernel Mode/User Mode Interaction"



//// Service Deletion/Uninstall    ///



Sc delete "MetaFSAgent"

and that’s pretty much it. Please feel free to contribute to the project here http://metafs.codeplex.com

Happy coding!


Building Native Windows Applications with CLION, GCC and CygWin

As a software developer and architect, I’m always looking at options for my customers whether they’re around technologies, tools, hosting, security and tenancy model (being the last three mandatory in a “cloudy” world) among some other factors and considerations. To me crafting software it’s more than cracking code and ensure it compiles, it’s more about building smart solutions that will help people, as well as enjoying the building process. What really makes it enjoyable are two things (in my humble and personal opinion: First, what the challenge and requirements are;  Second, technology to use and lastly, the IDE).

In regards to points 2 & 3, I have to say that C++ is an awesome and powerful language and similarly to C, they both have been standard and platform independent since their very first versions, something that was achieved by Java and subsequently by .NET (and its Linux implementation, Mono for instance). So what’s all this introductory fuss about then? well… This post is about building a very simple native Windows application using non-Microsoft technologies:

Our source code Today is pretty straightforward, it’s classic Win32 development and if you’re like me and keen on learning how to do this kind of development without any frameworks, I can mention two books that helped me a lot when I was learning (They’re not recent or new though and the OS has changed a lot since the books were originally published – They are a relic, actually)

petzold Norton

The code and a screenshot of the application running are shown below

#include <windows.h> HINSTANCE hInst; const char g_szClassName[] = "bonafideideasWindowClass"; int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){ MSG Msg; HWND hwnd; WNDCLASSEX wc; wc.lpszMenuName = NULL; wc.hInstance = hInstance; wc.lpszClassName = g_szClassName; wc.cbSize = sizeof(WNDCLASSEX); wc.cbClsExtra = wc.cbWndExtra = 0; wc.style = CS_HREDRAW | CS_VREDRAW ; wc.hbrBackground = (HBRUSH)(COLOR_WINDOW+1); wc.hCursor = LoadCursor(NULL, IDC_ARROW); wc.hIcon = LoadIcon(NULL, IDI_APPLICATION); wc.hIconSm = LoadIcon(NULL, IDI_APPLICATION); wc.lpfnWndProc = [=](HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) -> LRESULT { HDC hdc; RECT rect; TEXTMETRIC tm; PAINTSTRUCT ps; switch(msg) { case WM_CLOSE: if (MessageBox(NULL, "Are you sure you want to quit?", "Confirmation", MB_ICONQUESTION | MB_YESNO) == IDYES) DestroyWindow(hwnd); break; case WM_DESTROY: PostQuitMessage(0); break; case WM_PAINT: hdc = BeginPaint (hwnd, &ps) ; GetClientRect (hwnd, &rect) ; DrawText (hdc, TEXT ("Native Windows Development with CygWin and CLion."), -1, &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER) ; EndPaint (hwnd, &ps) ; return 0 ; default: return DefWindowProc(hwnd, msg, wParam, lParam); } return 0; }; if(!RegisterClassEx(&wc)) { MessageBox(NULL, "Window Registration Failed", "Error", MB_ICONEXCLAMATION | MB_OK); return 0; } hwnd = CreateWindowEx( WS_EX_CLIENTEDGE, g_szClassName, "Simplest Windows Native App built with CLion", WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 500, 250, NULL, NULL, hInstance, NULL); if(hwnd == NULL) { MessageBox(NULL, "Window Creation Failed", "Error", MB_ICONEXCLAMATION | MB_OK); return 0; } ShowWindow(hwnd, nCmdShow); UpdateWindow(hwnd); while(GetMessage(&Msg, NULL, 0, 0) > 0) { TranslateMessage(&Msg); DispatchMessage(&Msg); } return Msg.wParam; }



Now, let’s talk a bit of CLion… As previously mentioned it’s a cross-platform IDE (I’m writing a few things on Linux with it, actually).  It’s very similar to IntelliJ IDEA (Keep in mind it’s from the same company). The UI is easy to use and  functional (It’s not fair to compare to more mature products) and just to give you a glimpse


Besides providing with a good and decent Intellisense  support and fast parsing oh header files and libraries, good debugging experience and it also supports most of the new features in C++11 and C++14 Standards (This is because of using GCC as compiler).


Happy coding!,


Instrumenting SharePoint code via Performance Counters

Instrumentation is an important and integral part of every system because it allows (among some other things) to monitor the health of the system and/or components of it.  On a recent engagement, I had to architect a SharePoint solution that integrates with a core LOB system. The SharePoint solution comprises a few workflows that in turn do specific operations with the external system. Even when SEH, Tracing and Logging was implemented I needed something else, performance counters to provide IT staff with real-time information of the solution and in doing so, I leveraged one feature in the operating system as well as giving metrics on the performance of the solution.

Performance counters have been available in .NET since 1.0, however, it’s unusual to use them in a SharePoint solution. The way I approached this is described below:

  1. I usually use DI/IOC in my solutions (please note, not every solution benefits from this pattern though so implementing it might cause more headaches than expected results). Therefore, I defined my instrumentation capabilities in an interface IInstrumentationManager

    public interface IInstrumentationManager { /// <summary> /// Gets the perf counters. /// </summary> /// <value> /// The perf counters. /// </value> IPerfCounters PerfCounters { get; } /// <summary> /// Gets the logger. /// </summary> /// <value> /// The logger. /// </value> ILogger<ILogEntry> Logger { get; } }

  2. The performance counters are defined in IPerfCounters
    public interface IPerfCounters { /// <summary> /// Gets the created configuration. /// </summary> /// <value> /// The created configuration. /// </value> DateTime CreatedOn { get; } /// <summary> /// Gets the instance unique identifier. /// </summary> /// <value> /// The instance unique identifier. /// </value> Guid InstanceId { get; } /// <summary> /// Gets the <see cref="PerformanceCounter"/> with the specified counter name. /// </summary> /// <value> /// The <see cref="PerformanceCounter"/>. /// </value> /// <param name="counterName">Name of the counter.</param> /// <returns></returns> PerformanceCounter this[PerfCounter counterName] { get; } }

  3. Please note I have an indexer that uses an enum to access a specific performance counter.  The concrete class implements  IPerfcounters and IDisposable.
    public class PerfCounters : IPerfCounters, IDisposable { /// <summary> /// Gets the created configuration. /// </summary> /// <value> /// The created configuration. /// </value> public DateTime CreatedOn { get; private set; } /// <summary> /// Gets the instance unique identifier. /// </summary> /// <value> /// The instance unique identifier. /// </value> public Guid InstanceId { get; private set; } /// <summary> /// Gets the <see cref="PerformanceCounter" /> with the specified counter name. /// </summary> /// <value> /// The <see cref="PerformanceCounter" />. /// </value> /// <param name="counterName">Name of the counter.</param> /// <returns></returns> public PerformanceCounter this[PerfCounter counterName] { get { var retval = CountersAvailable.ContainsKey(counterName) ? CountersAvailable[counterName] : null; return retval; } } /// <summary> /// Gets or sets the counters available. /// </summary> /// <value> /// The counters available. /// </value> protected Dictionary<PerfCounter, PerformanceCounter> CountersAvailable { get; set; } /// <summary> /// Gets the counter data collection. /// </summary> /// <value> /// The counter data collection. /// </value> protected CounterCreationDataCollection CounterDataCollection { get; private set; } /// <summary> /// The disposed /// </summary> /// <value> /// <c>true</c> if this instance is disposed; otherwise, <c>false</c>. /// </value> protected bool IsDisposed { get; private set; } /// <summary> /// Gets or sets the configuration manager. /// </summary> /// <value> /// The configuration manager. /// </value> protected IConfigManager ConfigManager { get; set; } /// <summary> /// Gets or sets the impersonate helper. /// </summary> /// <value> /// The impersonate helper. /// </value> protected IImpersonateHelper ImpersonateHelper { get; set; } /// <summary> /// Initializes a new instance of the <see cref="PerfCounters" /> class. /// </summary> /// <param name="configMgr">The configuration MGR.</param> /// <param name="impersonateHelper">The impersonate helper.</param> public PerfCounters(IConfigManager configMgr, IImpersonateHelper impersonateHelper) { CreatedOn = DateTime.Now; ConfigManager = configMgr; InstanceId = Guid.NewGuid(); ImpersonateHelper = impersonateHelper; CounterDataCollection = new CounterCreationDataCollection(); CountersAvailable = new Dictionary<PerfCounter, PerformanceCounter>(); CreateOrInitializePerfCounters(); } /// <summary> /// Finalizes an instance of the <see cref="PerfCounters"/> class. /// </summary> ~PerfCounters() { Dispose(false); } /// <summary> /// Creates the original initialize perf counters. /// </summary> protected void CreateOrInitializePerfCounters() { NetworkCredential credential; var localAdmin = ConfigManager[Consts.LocalAdminKey]; if (!string.IsNullOrEmpty(localAdmin) && (credential = localAdmin.ConvertToNetworkCredential()) != null) ImpersonateHelper.Impersonate(CreatePerfCounters, credential); AddCountersToInstance(); } /// <summary> /// Creates the perf counters. /// </summary> private void CreatePerfCounters() { // Let's create Performance counter category if (!PerformanceCounterCategory.Exists(Consts.PerformanceCounterCategory)) { CounterDataCollection.AddRange(new[] { new CounterCreationData(Consts.TotalErrorCounter, string.Empty, PerformanceCounterType.NumberOfItems64), new CounterCreationData(Consts.TotalUnhandledErrorCounter, string.Empty, PerformanceCounterType.NumberOfItems64), new CounterCreationData(Consts.TotalTicketsProcessedCounter, string.Empty, PerformanceCounterType.NumberOfItems64), }); PerformanceCounterCategory.Create(Consts.PerformanceCounterCategory, Consts.PerformanceCounterCategory, PerformanceCounterCategoryType.MultiInstance, CounterDataCollection); } } /// <summary> /// Adds the counters to instance. /// </summary> private void AddCountersToInstance() { // Let's ensure category exists and create custom performance counters if (PerformanceCounterCategory.Exists(Consts.PerformanceCounterCategory)) { CountersAvailable.Add(PerfCounter.ErrorCount, new PerformanceCounter(Consts.PerformanceCounterCategory, Consts.TotalErrorCounter, Consts.PerformanceCounterCategory, false)); CountersAvailable.Add(PerfCounter.UnhandledExceptions, new PerformanceCounter(Consts.PerformanceCounterCategory, Consts.TotalUnhandledErrorCounter, Consts.PerformanceCounterCategory, false)); CountersAvailable.Add(PerfCounter.TotalTicketsProcessed, new PerformanceCounter(Consts.PerformanceCounterCategory, Consts.TotalTicketsProcessedCounter, Consts.PerformanceCounterCategory, false)); } } /// <summary> /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. /// </summary> public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } /// <summary> /// Releases unmanaged and - optionally - managed resources. /// </summary> /// <param name="isDisposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param> protected virtual void Dispose(bool isDisposing) { if (!IsDisposed) { if (isDisposing) { if (CountersAvailable != null && CountersAvailable.Count > 0) CountersAvailable.ToList().ForEach(x => { x.Value.Close(); x.Value.Dispose(); }); } IsDisposed = true; } } }

  4. Performance counters must be created and registered on the computer before they can be used, and in order to do that the user creating them must meet a certain criteria, this is usually done as a separate step in the deployment of the solution using the performance counters, however, I was able to do it by storing encrypted credentials of  user with right permissions on a SharePoint List, and this list entry was present then performance counters were created through impersonation of this user, if the list entry was missing nothing occurred.  The code responsible for impersonating user was passed in as a callback
    public class ImpersonateHelper : IImpersonateHelper { #region "Consts" private const int Logon32Interactive = 2; private const int Logon32ProviderDefault = 0; #endregion #region "Imported functions" /// <summary> /// Logons the user. /// </summary> /// <param name="lpszUsername">The LPSZ username.</param> /// <param name="lpszDomain">The LPSZ domain.</param> /// <param name="lpszPassword">The LPSZ password.</param> /// <param name="dwLogonType">Type of the dw logon.</param> /// <param name="dwLogonProvider">The dw logon provider.</param> /// <param name="phToken">The ph token.</param> /// <returns></returns> [DllImport("advapi32.dll", SetLastError = true)] private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); /// <summary> /// Closes the handle. /// </summary> /// <param name="handle">The handle.</param> /// <returns></returns> [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private extern static bool CloseHandle(IntPtr handle); #endregion #region "Impersonate code" #endregion /// <summary> /// Impersonates the specified code to impersonate. /// </summary> /// <param name="codeToImpersonate">The code to impersonate.</param> /// <param name="credential">The credential.</param> /// <returns></returns> /// <exception cref="System.NotImplementedException"></exception> public IExecutionResult Impersonate(Action codeToImpersonate, NetworkCredential credential) { var tokenHandle = IntPtr.Zero; var retval = new ExecutionResult() {Success = false}; if (codeToImpersonate != null && credential != null) { try { if (LogonUser(credential.UserName, credential.Domain, credential.Password, Logon32Interactive, Logon32ProviderDefault, ref tokenHandle)) { using (var newId = new WindowsIdentity(tokenHandle)) { using (var impersonatedUser = newId.Impersonate()) { codeToImpersonate.Invoke(); impersonatedUser.Undo(); } } retval.Success = true; } } catch (Exception ex) { retval.ErrorCondition = ex; } finally { CloseHandle(tokenHandle); } } return retval; } }

  5. Now, we’ve got so far out performance counters (creation and registration) but you might be wondering, where are we going to store it? Answer is very simple – in the  AppDomain. AppDomain is created when the CLR starts a new instance of any .NET application, at the same time developers can store information that’s not persisted once the application has been terminated, so it’s kind of a “property bag” in our application’s process memory.
    var defaultCounters = new PerfCounters(container.Resolve<IConfigManager>(), container.Resolve<IImpersonateHelper>()); RegisterPerfCounters(defaultCounters); container.RegisterInstance(typeof(IPerfCounters), defaultCounters); /// <summary> /// Registers the perf counters. // </summary> /// <typeparam name="T"></typeparam> /// <param name="instance">The instance.</param> /// <param name="instanceName">Name of the instance.</param> private void RegisterPerfCounters<T>(T instance, string instanceName = Consts.PerfCounterInstanceName) where T : IPerfCounters { if (AppDomain.CurrentDomain.GetData(instanceName) == null) AppDomain.CurrentDomain.SetData(instanceName, instance); }

  6. The InstrumentationManager then retrieves our IPerfCounters instance from the AppDomain through Unity
    public class InstrumentationManager : IInstrumentationManager { /// <summary> /// Gets the perf counters. /// </summary> /// <value> /// The perf counters. /// </value> /// <exception cref="System.NotImplementedException"></exception> public IPerfCounters PerfCounters { get { return AppDomain.CurrentDomain .GetData(Consts.PerfCounterInstanceName) as IPerfCounters; } } /// <summary> /// Gets the logger. /// </summary> /// <value> /// The logger. /// </value> /// <exception cref="System.NotImplementedException"></exception> public ILogger<ILogEntry> Logger { get { return GlobalService.Current.Container.Resolve<ILogger<ILogEntry>>(); } } }

  7. Then we increment or decrement our performance counter by accessing the right counter through an indexer that takes an enum
    var InstrumentationManager = GlobalService.Current .Container.Resolve<IInstrumentationManager>(); InstrumentationManager.PerfCounters[PerfCounter.TotalTicketsProcessed] .Increment();

When our solution is running, we can then open perfmon and see how it’s behaving


Communication between user and kernel-mode

As a follow-up post on Windows Services and Minifilters, Today I’ll explain one way we can send notifications from kernel-mode to an user-mode application.  Let’s remember Windows provides fault tolerance protection in the form of rings, thus an offending code in one of the rings should not compromise the stability of the system. My metadata filesystem project has a minifilter driver that notifies a Windows service when an important event (event I’m interested in) has occurred. 

The basics to do this are:

  1. Minifilter driver creates a device by calling IoCreateDevice and also creates a symbolic link through IoCreateSymbolicLink

    NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) { NTSTATUS retval = STATUS_SUCCESS; UNICODE_STRING DeviceName; UNICODE_STRING LinkName; PDEVICE_OBJECT EventDrvDeviceObject; UNREFERENCED_PARAMETER(DriverObject); UNREFERENCED_PARAMETER(RegistryPath); KdPrint(("MetaFsDriver::DriverEntry - Entered.\n")); g_FilterDriverObject = DriverObject; // Create Dispatch Entry Points. for (int x = 0; x <= IRP_MJ_MAXIMUM_FUNCTION; ++x) DriverObject->MajorFunction[x] = MetaFsDispatchPassThrough; DriverObject->DriverUnload = MetaFsDriverUnload; DriverObject->MajorFunction[IRP_MJ_CREATE] = MetaFsDispatchCreate; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MetaFsDispatchDeviceControl; // Create device object RtlInitUnicodeString(&DeviceName, MetaFs_NT_DEVICE_NAME); retval = IoCreateDevice( DriverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &EventDrvDeviceObject); if (!NT_SUCCESS(retval)) { return retval; } KdPrint(("MetaFsDriver::DriverEntry - Device Created.\n")); // Create symbolic links RtlInitUnicodeString(&LinkName, MetaFs_WIN32_DEVICE_NAME); retval = IoCreateSymbolicLink(&LinkName, &DeviceName); if (!NT_SUCCESS(retval)) { IoDeleteDevice(EventDrvDeviceObject); return retval; } KdPrint(("MetaFsDriver::DriverEntry - Symbolic link created.\n")); // Set FastIO dispatch table DriverObject->FastIoDispatch = &g_FastIoDispatch; retval = IoRegisterFsRegistrationChange(DriverObject, MetaFsNotificationCallback); KdPrint(("MetaFsDriver::DriverEntry - Exited.\n")); return retval; }

    Since code above is running in kernel mode, it’s a bit tricky to send any output to Visual Studio output window, but fear not we can always make use of KdPrint to send messages to the kernel debugger, at the same time we also need to use DebugView to  capture this messages


    Our minidriver details can be seen via DeviceTree


  2. Once our minifilter driver is running and it’s created a symbolic link, the user mode application  (in our case, a Windows service) creates an event by calling CreateEvent and then uses DeviceIoControl to send the event handle to the driver. In order to send our control code, we use the name of the symbolic link that was created by minifilter driver.

    VOID InitializeCommunicationWithDriver() { HANDLE hFile; DWORD cbSize; if ((hFile = CreateFile(TARGET_DRIVER, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) != INVALID_HANDLE_VALUE) { if ((g_filterEventHandle = CreateEvent(NULL, FALSE, FALSE, NULL)) != NULL) { if (DeviceIoControl(hFile, IOCTL_REGISTER_EVENT, &g_filterEventHandle, sizeof(g_filterEventHandle), NULL, NULL, &cbSize, NULL)) WriteEvent(EventInformation(EventType::INFORMATION_TYPE, L"Event successfully created....")); } CloseHandle(hFile); } }

  3. The call to CreateEvent creates a kernel mode KEVENT object and makes an entry into the application process’s handle table that points to the KEVENT. The HANDLE value returned to the application is essentially an index into the handle table. The handle isn’t directly useful to a WDM driver, though, for two reasons. First of all, there isn’t a documented kernel-mode interface for setting an event, given just a handle. Second, and most important, the handle is useful only in a thread that belongs to the same process. If driver code runs in an arbitrary thread (as it often does), it will be unable to reference the event by using the handle.

  4. It’s required to convert the handle to a pointer to the underlying KEVENT object. To handle a METHOD_BUFFERED control operation that the application uses to register an event with the driver

    HANDLE hEvent = *(PHANDLE) Irp->AssociatedIrp.SystemBuffer; PKEVENT pevent; NTSTATUS status = ObReferenceObjectByHandle(hEvent, EVENT_MODIFY_STATE, *ExEventObjectType, Irp->RequestorMode, (PVOID*) &pevent, NULL);

  5. ObReferenceObjectByHandle looks up hEvent in the handle table for the current process and stores the address of the associated kernel object in the pevent variable. If the RequestorMode in the IRP is UserMode, this function also verifies that hEvent really is a handle to something, that the something is an event object, and that the handle was opened in a way that includes the EVENT_MODIFY_STATE privilege.

  6. The Windows service can wait for the event to occur (This takes place in a separate thread created in ServiceMain)

    WaitForSingleObject(hEvent, INFINITE);

  7. The driver signals the event in the usual way
    KeSetEvent(pevent, EVENT_INCREMENT, FALSE);

  8. Eventually, the application cleans up by calling CloseHandle. The driver has a separate reference to the event object, which it must release by calling ObDereferenceObject. The object manager won’t destroy the event object until both these things occur.

That pretty much describes one way to communicate between user and kernel-mode. Two pieces of advice in regards to driver development:

  1. Wrap every entry point in your code
    1. DLL entry points
    2. Driver entry points
    3. Around all accesses to buffers passed to the driver
  2. Never trust a pointer
  3. Take care to protect data structures from thread conflicts
  4. Unload drivers properly and cancel any pending operations
  5. Test your drivers on a virtual machine, please!!!!

if you don’t do driver development the right way then you’ll see quite a few images like the one depicted below


Dynamically add event handlers to controls in a custom .NET control with C#

A few years back I came up with something called “FRF” (Forms Rendering Framework) which allowed me to render any UI (whether they are Web or Windows based) based on a template definition (Yes, this was long before Microsoft released XAML). Anyways, on one of my personal projects I had a requirement to dynamically create and host Windows controls inside native applications (property pages more specifically). The challenge here was being able to notify the container window (Property page) that something has been modified or changed in the contained user control and then being able to notify the property sheet’s window procedure of that change.  In my personal case, I had to monitor changes made to any textbox (TextChanged) inside the hosted control, the way I got it sorted is depicted below

private IEnumerable<Control> CreateHelper(ITemplateDefinition definition) { var retval = new List<Control>(); var flag = BindingFlags.CreateInstance | BindingFlags.Instance | BindingFlags.Public; var targetAsm = AppDomain.CurrentDomain.GetAssemblies() .FirstOrDefault(x => string.Equals(x.GetName().Name, " System.Windows.Forms", StringComparison.OrdinalIgnoreCase)); if (targetAsm != null) { definition.TemplateElements.ToList().ForEach(x => { try { var controlType = targetAsm.GetTypes() .FirstOrDefault(z => z.IsSubclassOf(typeof(Control)) && !z.IsAbstract && z.Name.ToUpperInvariant() .Contains(x.Class.ToUpperInvariant())); // Expected to have a default constructor without any parameters var control = controlType.GetConstructors(flag) .FirstOrDefault().Invoke(null) as Control; PropertySetter(control, x); // Does it have a TextChanged event? var ei = control.GetType().GetEvent("TextChanged"); if (ei != null) ei.AddEventHandler(control, new EventHandler((sender, args) => ChangeMonitor.HasChanges = true)); retval.Add(control); } catch (Exception ex) { Logger.LogError(ex); } }); } return retval; }

Pass information to .NET control from Native Code with Visual C++

As a follow up to this post on interoperability between .NET and native code, this post describes how we can host a .NET user control from an ActiveX control, but more importantly set properties that drive or change the behaviour of the .NET user control.

First of all, we need to define an interface with the properties that are required by the user control, but more importantly accessible to native code, and we declare it similarly we do with any other interface but we need to decorate it with a Guid attribute. In this case the control stores the path for a given file to do something, at the same time it’s important to note that if some operations are required to be done to the control then the control should return its HWND (as depicted below)

[Guid("EBD2C511-4EEB-488A-9BF1-EE14FB631C92")] public interface IMetaFsProps { /// <summary> /// Gets the control HWND. /// </summary> /// <returns>IntPtr.</returns> IntPtr GetControlHwnd(); /// <summary> /// Gets or sets the selected file. /// </summary> /// <value>The selected file.</value> string SelectedFile { get; set; } }

Then our .NET user control must implement the interface previously mentioned, but the user control class must also be decorated with a few attributes which are

[ClassInterface(ClassInterfaceType.None)] [ComSourceInterfaces(typeof(IMetaFsProps))] [Guid("917937B1-1AD8-4951-A417-3BED065089A0")] public partial class MyFileControl : UserControl, IMetaFsProps { /// <summary> /// Gets the control HWND. /// </summary> /// <returns></returns> public IntPtr GetControlHwnd() { return Handle; } /// <summary> /// Gets or sets the selected file. /// </summary> /// <value>The selected file.</value> public string SelectedFile { get; set; } }


In our Visual C++ COM object we instantiate and host the .NET user control as shown next

HRESULT MyNativeComponent::AddPages(IN LPFNADDPROPSHEETPAGE lpfnAddPage, IN LPARAM lParam) { HPROPSHEETPAGE hPage; PROPSHEETPAGE psp = {0}; auto retval = E_INVALIDARG; psp.dwSize = sizeof(PROPSHEETPAGE); psp.dwFlags = PSP_USEREFPARENT | PSP_USETITLE | PSP_DEFAULT; psp.hInstance = _AtlBaseModule.GetResourceInstance(); psp.pszTemplate = MAKEINTRESOURCE(IDD_EMPTYPAGE); psp.pszTitle = _T("My dialog's name goes here"); psp.pcRefParent = NULL; psp.lParam = reinterpret_cast<LPARAM>(new wstring(m_szFile.data())); psp.pfnDlgProc = [](HWND hwnd, UINT uiMsg, WPARAM wParam, LPARAM lParam)->LRESULT { switch (uiMsg) { case WM_INITDIALOG: CoInitialize(NULL); CComPtr<IDispatch> pUnk; CAxWindow container; auto psp = reinterpret_cast<PROPSHEETPAGE*>(lParam); shared_ptr<wstring> selectedFile(reinterpret_cast<wstring*>(psp->lParam)); container.Attach(hwnd); pUnk.CoCreateInstance(L"MyAssembly.MyFileControl", NULL); // We set the propery here!!! pUnk.PutPropertyByName(_bstr_t("SelectedFile"), &_variant_t(selectedFile->data())); container.AttachControl(pUnk, NULL); CoUninitialize(); pWndProc = (WNDPROC)SetWindowLongPtr(GetParent(hwnd), GWLP_WNDPROC, (LONG_PTR)&CustomWndProc); break; } return FALSE; }; if ((hPage = CreatePropertySheetPage(&psp)) != NULL) { if (!lpfnAddPage(hPage, lParam)) DestroyPropertySheetPage(hPage); retval = NOERROR; } return retval; }

Unit testing our Visual C++ code with Microsoft Unit Testing Framework

One of the things I love about unit testing (besides all of the well-known benefits) is the ability to test code without writing a tester or test harness application, but I can pretty much leverage what Microsoft have already built for us. Image below depicts an unit test I’ve written for this JNI .NET bridge or adapter to piggy back on existing libraries (adapters) provided by  Mulesoft 


More information here

My ramblings on computers and architecture