10 Developer-must-have apps

While so many bloggers have suggested the usable tools to their audience, how could i lag? Although Scott Hanselman have covered most, and it's a mountain high to climb, let me introduce my favourite top 10 developer-must-have apps:

1) Notepad++ (Language: neutral)
when you need it?
a) View Unix files in Windows platform, especially during Java development.

when you open a come-with-JDK Java file using notepad

when you open it using Notepad++, it's well-formatted

b) Need to probe the _ViewState of ASP .NET web page to see how stateless HTTP retains value after post-back, using base64 decode. (you can try it here)

A normal ASP .NET with its HTML source

Copy the content to Notepad++

Decode it to base64, you can see your state retained

c) Determine Byte-Order-Mark of a file, whether it's saved in following formats: UTF-8, UTF-16, UTF-16 (LE), UTF-32 (BE), UTF-32 (LE), UTF-7, UTF-1, UTF-EBCDIC, SCSU, BOCU-1. And it's exactly .Net method GetPreamble trying to do.

Did you see extra three bytes ahead your file content?

d) it's lightweight, unlike Visual Studio IDE, although Noah Coad might beg to differ.
e) Hey! "All I've mentioned above, other editors have the same features as well". Well, simply I like its UI also.

2) Unlocker (Language: neutral)
when you need it?
a) When you want to delete a file which is being viewed/locked by hidden host. That's nothing more annoyed than this.

b) When a file get locked by your app, especially using class File.IO to write it without closing the stream properly.
c) When you try to delete an old ASP .NET version 1.1 web projects in "Inetpub" that's being locked by IIS.

3) Dependency Walker (Language: native)
when you need it?
a) When you need to determine a EXE is a native exe or .NET managed exe. Why, because you can decompile the source accordingly later :)

A .NET exe

A VB6 dll

b) Of course, find the exe/dll dependencies, as the name implies. When you were in the pre-NET era with only Visual C++/Visual Basic 6 & Package Deployment Wizard, there's no such thing called MSI technology, which can help you to determine most of the dependencies for you.

4) Process Explorer (Language: neutral)
when you need it?
a) When you need to find out what process/apps/service is running secretly. You'll never know your employer have planted a window service for software inventory control on your laptop, until you run it.

b) Check the thread state of a stopped thread, probably due to Timeout of Three-Way Handshake in FTP uploading/downloading, when you suppose to have a multi-threaded app run without stopping FTP upload/download.


5) Microsoft Network Monitor (Language: neutral)

when you need it?
a) When you have written a FTP client app running well on uploading files, but FTP server complaint it never receive. You can show this to prove.


b) When you need to sniff network traffic, especially on FTP since all the commands are transferred thru' Cleartext.

Wow, you can see user-name and password!

6) Reflector (Language: .NET)
when you need it?
a) When you need to re-generate the source that lost and you do not have any source control previously, with the aid from plug-in, FileDisassembler

b) When you need to find the difference between the exe/dll you deployed, with the another aid from plug-in, Diff

7) DebugView (Language: native/.NET)
when you need it?
a) When your app only with issue happens intermittently, you need your app to run in verbose mode using Debug.Print without additional tracer running side-by-side, that might affect the performance, or introduce new bug/maintenance issue. This works well for native app too, using Win32.

8) 7Z (Language: neutral)
when you need it?
a) It supports most of the commercial format, yet without asking you to purchase every time it loads, eg. WinZip, Winrar. Furthermore, it able to compress more to save your disk-space.

b) When you need to find out how the zip file is created. Either SharpZipLib or Windows built-in zipping tool; compression method is either DEFLATE, Implode, or Store. You can get the Host OS and CRC as well.

this zip file is compressed using SharpZipLib with DEFLATE method

this zip file is compressed using Store method

this zip file is compressed using Windows built-in zipping tool

9) Microsoft Virtual PC (Language: neutral)
when you need it?
a) When you wish to be beta tester yet you do not want to jeopardize your existing system.
b) When you found virus, and you need to cultivate it in order to trace the originator, so that... counter-hack!
c) When you need to test your web app in different OS. MS has prepared it for you to use it until January, 2009. Flavours available: Windows XP SP3 with IE6 VHD file, Windows XP SP2 with IE7 VHD file, Windows XP SP3 with IE8 Beta 2 VHD file, and Vista Image with IE7 VHD file. (see: Internet Explorer Application Compatibility VPC Image)
d) When you wish to play around with different *-nix OS.

10) Windiff (Language: neutral)
a) Basically for file compare and directory compare. I have used it since development in Visual C++ 6.0. Though it might not user-friendly, eg, cannot compare in separate panes, cannot compare Unicode/UTF-8 files. But it comes with Visual C++ 6.0 and have been with me so long, I feel hard to say goodbye to it.

Probing thread state in .NET application

In multi-threaded application, some threads could be running fine, others might have problem. While trouble-shooting bug in a multi-threaded application, someone pointed me out that there are 2 set of thread id and thread state can be probed:
1) ThreadState Enumeration in System.Diagnostics (in system.dll)
2) ThreadState Enumeration in System.Threading (in mscorlib.dll)

While the enumerate members can be found in MSDN easily, the associate integer value is a bit tricky. And using Reflector, its values are:


and

While it's easy to use "Thread.CurrentThread" to check the state of the current thread, most of the time we need to monitor all the threads. Furthermore you will get a whole different set of thread id, if using property "Thread.CurrentThread.ManagedThreadId". Thus, classes like "ProcessThreadCollection":

For Each threCurr As ProcessThread In Process.GetCurrentProcess().Threads
Console.WriteLine("ID : " + CStr(threCurr.Id) + " ; State : " + CStr(threCurr.ThreadState))
Next

will be useful to enumerate all the threads in your application, especially you can simply use any other third party tool like Process-Explorer to probe all the thread easily, in real-time:

Red Gate has acquired .NET Reflector

Reflector is an useful tool for developer to figure out the inner work of .NET framework, and Red Gate, a software company that famous with the SQL tool likes SQL Compare, SQL Prompt, SQL Data Compare, has acquired it last week. Here's what's on Lutz Roeder's weblog. Hope it can remain free: The Future of Reflector

Reflector Addins

Last blog, I talked about the Reflector. After looking for more tool to smooth the work flow of debugging task, I found there are several add-ins that can make you life easier. Scott Hanselman even compiled the list of Codeplex-hosted add-ins in his site.
Well, I personally like the Diff and FileDisassembler, another add-in which is not hosted at the CodePlex. Diff is a tool that act like Windiff to your file compare, but it's used for assembly compare; while the FileDisassembler allows you to reverse-engineer the assembly to the source file, in case you loss your source code (and of course, if you wanna see how people code :-D), althought it might not 100% identical to the original code. (But hey, what you can ask for, since it is free!)

(Image from Reflector.FileDisassembler)

Must-have and go get it!

Encryption is not safe in .Net, even it encrypts 128-bit blocks, if you do normal compilation!

With the release of .Net Reflector from Lutz Roeder, even dummy developer can de-compile your 10-years-effort application within seconds. It has become a open secret in the NET developers group and I think this is the main reason Microsoft releases some of the source code of framework libraries, although they often claim .NET is open architecture.

Reverse-engineering of your application is possible, when your source code is not obfuscated. For security purpose, developer maybe will use cryptographic services to encrypt user name & password and store it in clients'(users themselves) PC for reloading purpose. (So the application can log-in again for the same user without asking user name & password). This kind of information often could be a .ini/.config/.xml or any other ASCII file.

Cryptographic services help your client stores private and confidential information from others. The higher the bits used to perform encryption/decryption, the more difficult the hackers can hack your code. But now the problem is not coming from the algorithm but the .NET itself, if you are writing normal codes without obfuscating it.

Let's have a sample from MSDN using RijndaelManaged Class:

(The demo here is to urge the developers to tighten-up the security, not to encourage hackers!)

1) Go to download .Net Relector from Lutz Roeder

2) Browse to the .NET application you wish to de-compile. Drag-and-drop it to the .Net Reflector. (Sample provided; remove the "Config.ini" file to re-generate)

3) Browse to the default namespace. You might ask: How do you know it is default namespace? Normally it is same name with the application. If not sure, just browse one-by-one, since you can de-compile all the them :-D

4) Browse to default class. You might ask again: How do you know it is default class? Same answer with step (3).

Browse to default form/module. You might ask for 3rd time: How do you know it is default form/module? For C#, normally developers will name it as frmMain/frmMDI/frmLogin. In VB .Net, the entry point should be modmain module. Else, just follow step (3) :-)

5) Until here, maybe you have no choice but to look into all the possible methods (sometimes you can find the possible method like : frmLogin_Load, btnLogin_Click, etc). Click the methods to check the disassembler in the right pane.

Now you can see the user name & password are decrypted, before they are used to validate/compare with the user input.


6) Remember the configuration file in the form constructor. It's useful later to find out the where the encrypted information stored.

7) Click on the any method on the disassembler pane to drill down. If it requires additional assembly, message box will be prompted. Just click OK.

8) Again, Click on the method on the disassembler. You can find the decryption method. It uses Rijndael algorithm.

9) Oh, my God! It comes with IV and key, embeded in the application.

10) Copy decryption method, IV, key and build a simple console application. (Sample provided)

11) Pass-in the encrypted string to the console application built previously.

Done! Now you are a hacker! Oops, sorry, I meant you must tighten-up you source code compilation for security purpose.

p/s: Even in java, there're tons of de-compiler tools available. It's not surprise, since .NET is modeling from Java.