Traversing the GC Heap with ClrMd

May 20, 2013

ClrMd is a newly released diagnostic library that wraps the CLR’s undocumented data access interfaces (a.k.a. “DAC”) in a friendly managed API. The underlying interfaces are what debugger extensions like SOS and SOSEX use to implement various diagnostic features, including enumerating the managed heap, detecting deadlocks, inspecting object contents, and dumping type/method information. Given my personal and professional interest in debugging tools and techniques, ClrMd is an incredible tool – I can now implement my own diagnostic features without relying on undocumented interfaces or parsing text output from debugging extensions (which also requires going through a debugger in...
3 comments

Obtaining Reliable Thread Call Stacks of 64-bit Processes

May 15, 2013

The x64 calling convention is a great improvement over the state of affairs in x86. Few would argue about this. After all, remembering the differences between __stdcall and __cdecl, when to use each, which API defaults to which calling convention, and which specific variation of __fastcall JIT compilers use when given the choice -- is not the best use of developer time and not the best in terms of debugging productivity. With that said, the x64 calling convention often makes it very difficult to retrieve parameter values from the call stack if you don't have private symbols for the relevant...
3 comments

Virtual Machines Are The New Processes

May 9, 2013

Once upon a time, threads were a new thing. Hardcore Unix architectures were processes-only, cheap forking, and would have none of this lightweight threads business. Some system architects -- stuck in the 1970s -- still produce architectures for modern operating systems that consist of dozens of processes. I have personally seen a complex UI application on Windows that relies on >35 processes, of which eight different processes display parts of the application's UI (at the same time!). There is much good to be said about the isolation benefits of multiple processes, but having a Unix-inspired fear of threads is...
one comment

Building the Next YouTube: Windows Azure Media Services

May 7, 2013

My third (and last) talk at the SELA Developer Practice was about Windows Azure Media Services. If you haven't explored it yet, it's a SaaS offering for uploading, encoding, managing, and delivering media to a variety of devices, scaled by the power of Windows Azure. A couple of months ago this blog featured a detailed overview of one of the proof-of-concept workflows I built with Windows Azure Media Services, so I won't repeat myself. If you are considering Windows Azure Media Services for your own application or service, feel free to contact me and I'll be happy to help. If...
2 comments

Attacking Web Applications

May 6, 2013

My first breakout session at the SELA Developer Practice covered the most common attacks against web applications and how to defend against these attacks. When planning this talk, I knew 60 minutes are hardly enough to cover all common vulnerabilities -- especially if I wanted to show any demos -- so I decided to focus on the three most prevalent vulnerability types, according to the OWASP Top 10: Injection (command injection and SQL injection) Broken authentication or session management Cross-site scripting (and CSRF as a bonus) I've demonstrated these common vulnerabilities in a series of demos using...
tags: , , ,
no comments

Next Week: Sela Developer Practice 2013

May 1, 2013

Next week, May 5-9, is our biggest developer conference yet. We have developers from more than 150 software companies attending more than 70 sessions and workshops taught by local and international speakers. We are very happy to host industry rockstars like Jesse Liberty, Shawn Wildermuth, and Udi Dahan -- and we're looking forward to make SDP even bigger and more interesting for software developers everywhere. We are expanding our technology reach beyond the traditional .NET stack, with talks on Node.js, PhoneGap, RavenDB, Hadoop, Solr, TypeScript, and more. Fourteen of the workshops have sold out, and some of the breakout session...
tags: ,
no comments