TestClass is a class that has a property of type List<int>:

class TestClass
{
    public List<int> Value { get; set; }
}

Goal: create an instance of this class, set the property and print the second element in the list. Simple, huh? The code without reflection is:

TestClass c = new TestClass();
c.Value = new List<int>() { 4, 5, 6 };
Console.WriteLine(c.Value[1]);

Seems straight forward to use reflection for this, right? Here is my attempt:

//TestClass c = new TestClass();
object c = new TestClass();
//c.Value = new List<int>() { 4, 5, 6 };
Type t = c.GetType();
PropertyInfo prop = t.GetProperty("Value", BindingFlags.Public | BindingFlags.Instance);
prop.SetValue(c, new List<int>() { 4, 5, 6 }, null);
//Console.WriteLine(c.Value[1]);
int valueToOutput = (int)prop.GetValue(c, new object[] { 1 });
Console.WriteLine(valueToOutput);

Can you see the glitch? I can tell you that line 10 throws TargetParameterCountException. You know why?

Looking at the IL disassembled code for the program without reflection gives the answer (I added some comments for clarity and removed unnecessary lines):

//TestClass c = new TestClass();
IL_0001:  newobj     instance void ConsoleApplication1.TestClass::.ctor()
//c.Value = new List<int>() { 4, 5, 6 };
IL_0008:  newobj     instance void class [mscorlib]System.Collections.Generic.List`1<int32>::.ctor()
IL_0010:  callvirt   instance void class [mscorlib]System.Collections.Generic.List`1<int32>::Add(!0)
IL_0018:  callvirt   instance void class [mscorlib]System.Collections.Generic.List`1<int32>::Add(!0)
IL_0020:  callvirt   instance void class [mscorlib]System.Collections.Generic.List`1<int32>::Add(!0)
IL_0027:  callvirt   instance void ConsoleApplication1.TestClass::set_Value(class [mscorlib]System.Collections.Generic.List`1<int32>)
//Console.WriteLine(c.Value[1]);
IL_002e:  callvirt   instance class [mscorlib]System.Collections.Generic.List`1<int32> ConsoleApplication1.TestClass::get_Value()
IL_0034:  callvirt   instance !0 class [mscorlib]System.Collections.Generic.List`1<int32>::get_Item(int32)
IL_0039:  call       void [mscorlib]System.Console::WriteLine(int32)

Line 3 in the original program gets translated to a property get in order to obtain the List<nt> object and then, on that object, the get_Item method is called with the same arguments as the indexed property. This is where I was wrong, I was calling the property with the arguments that were supposed to be for method and, of course, not invoking the method. The correct approach is (changed lines are highlighted):

//TestClass c = new TestClass();
object c = new TestClass();
//c.Value = new List<int>() { 4, 5, 6 };
Type t = c.GetType();
PropertyInfo prop = t.GetProperty("Value", BindingFlags.Public | BindingFlags.Instance);
prop.SetValue(c, new List<int>() { 4, 5, 6 }, null);
//Console.WriteLine(c.Value[1]);
object listObject = prop.GetValue(c, null);
MethodInfo mtd = listObject.GetType().GetMethod("get_Item", BindingFlags.Public | BindingFlags.Instance);
int valueToOutput = (int)mtd.Invoke(listObject, new object[] { 1 });
Console.WriteLine(valueToOutput);

In the end, two observations:

1. A method can’t have a default indexer and a method get_Item with the same argument. The following code will not compile because the method is defined twice.

class TestClass
{
    public int this[int index]
    {
        get
        {
            return 0;
        }
    }
    public int get_Item(int index)
    {
        return 0;
    }
}

2. You can replace indices with calls to get_Item. This method is hidden by the Visual Studio Intellisense but it perfectly legal.

TestClass c = new TestClass();
c.Value = new List<int>() { 4, 5, 6 };
//Equivalent with Console.WriteLine(c.Value[1]);
Console.WriteLine(c.Value.get_Item(1));

Well… If you have a programming background and you like to format the code then, such a task takes 1 hour, otherwise… 5 minutes.

So, I wrote a batch file (just part of it displayed here):

SET /P config=Configuration to deploy (1 = Debug; 2 = Release):
ECHO Setting up folders...
SET instpath = %ProgramFiles(x86)%
IF %config% == 1 (set drop = source\bin\x86\Debug)
IF %config% == 2 (set drop = bin\x86\Release)

Which is incorrect. Can you spot the mistake?

I will highlight one of the lines for you, maybe you can spot it then.

SET /P config=Configuration to deploy (1 = Debug; 2 = Release):
ECHO Setting up folders...
SET instpath = %ProgramFiles(x86)%
IF %config% == 1 (set drop = source\bin\x86\Debug)
IF %config% == 2 (set drop = bin\x86\Release)

Another hint: lines 5, 6 and 7 are incorrect.

Let me fix it and maybe you’ll see the problem.

SET /P config=Configuration to deploy (1 = Debug; 2 = Release):
ECHO Setting up folders...
SET instpath=%ProgramFiles(x86)%
IF %config% == 1 (set drop=source\bin\x86\Debug)
IF %config% == 2 (set drop=bin\x86\Release)

Can you see the difference now? Some of you might not…

In BAT files:

SET instpath=%ProgramFiles(x86)%

and

SET instpath = %ProgramFiles(x86)%

are not the same. The first one will set the variable, while the second one will fail (without warning/error). Apparently, there should be no space between the variable name and the equal sign when setting a value.

I like OneNote. I use it to store different code snippets and links to tech pages with useful information. It is not the ideal tool for doing this – IMO there is no tool, yet, that can replace a physical notebook – but I got used to it. Especially I enjoy the search feature because is impossible to do it on paper.

Until a few months ago, a solution for sharing the notebook between PCs was Mesh (or DropBox, or similar services), solution about which I wrote here. Since Office Live, this task was simplified – not that it was complicated before. With Office Live you can now save the notebooks online and edit them directly. Moreover, it allows sharing notebooks between computers connected to the Internet.

To do this you need a SkyDrive account (actually a LiveID). Then you can go on the website and create a new notebook. Give it a name and add information in it;do (almost) whatever you were doing in the OneNote client.

Now, if you choose Open in OneNote it will add that notebook to the application and… the best part… it will keep it synchronized with the live version.  You still have a local copy but if you lose it, only the changes since the last sync are gone – if  you are connected to the Internet then the last sync is, probably, 2 minutes ago. If you change the notebook in one place (on the website or in the local application), the changes will be reflected everywhere.

You can open the notebook on two or more computers and it will be updated on all of them. Even if one of them is offline, the changes are stored on the Internet and when you connect, you get the updated version.

• WinDbg
• CFF Explorer

The second part of the article discusses how to modify binaries that are obfuscated. For simplicity and clarity, I will not use obfuscated binaries. Doing this, allows the reader to understand what is actually happening. In the demo I will completely ignore the name of the methods or the actual, non-obfuscated, code.

I recommend reading the first part, if you didn’t already. It provides some information that might be needed to understand theis second part.

The same ‘TrialApp.exe’ binary is used. The current approach, as opposed the the former one, is:

1. Load the application in debugger and break the execution when the trial message is displayed.
2. Get the call stack
3. Find the address of the trial check method
4. Remove the call

1. Load the application in debugger and break the execution when the trial message is displayed

WinDbg can be obtained for free from Windows SDK (see the Microsoft Downloads website). If you are running a 64 bit OS, make sure you start the 32bit version of WinDbg (should be in Program Files (x86)).

Load ‘TrialApp.exe’ in WinDbg by clicking File -> Load Executable. In order to run it you have 3 options:

1. Type ‘g’ and press ENTER
2. Press F5
3. Click Debug -> Go

The application will start and the execution will stop when the message box is displayed. Is actually waiting for the user to click OK. At this point break the execution by pressing Debug -> Break.

Before being able to debug the .NET application, 2 DLLs needs to be loaded. They help the debugger ‘understand’ the .NET internals. The actual paths might differ on your configuration. Anyway, make sure you load the 32 bit version of these files (the 64 bit version are in the Framework64 folder). The .load command loads external libraries.

.load c:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
.load c:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

2. Get the call stack

A call stack is associated with a thread. Before getting the stack we need to figure out which is the thread for which we want it. Execute the following command and inspect the output…

!threads

There are two thread having IDs 0 and 2. Is quite easy to decide which is the main thread since just one of them is Single Thread Apartment (STA). Switch to the main thread and display the CLR stack using the following commands:

~0s
!clrstack

3. Find the address of the trial check method

OK! You’re still with me? If yes, then take a look at the result of the last command. It displays the call stack of the main thread. Notice that OnCreateControl calls OnLoad, OnLoad calls From1_Load, etc. In the case of obfuscated code, the name would probably be strange and you would have to analyze each method in depth. Because the code was JIT compiled the call to the trial check was inlined.

Let’s take a look at the IL code for Form1_Load. To do this, first we need the address description of the MethodDesc structure of method. The ip2md command returns the structure. The argument is the IP address of the method. After this, just dump the IL for the address specified in MethodDesc. I want to make on observation here: if you look at the MethodDesc structure you can see the mdToken field. This field specified the table and the row in the table for the this method (the row corresponding to this method is the 6^th, because the index starts at 0).

!ip2md 003f01f9
!dumpil 00176304

In case of obfuscated code, you would probably see just a call instruction to some cryptic method. It makes no difference. We can see that at IL_0001 (relative to the start of the method) we have a call and this instruction uses 5 bytes in the file (0006-0001 = 0005; in hex)).

Having the size of the instruction, its position and the row of the method in the methods table we can proceed further. Open CFF Explorer and load the assembly.

Navigate to .NET Directory -> MetaData Streams -> #~ -> Tables. Look for the Method table in the new tree and select the entry with number 5. Copy its RVA value.

4. Remove the call

With the RVA in hand (on clipboard :-) ), remove the call just like in the first part of the article. Replace the call bytes with zeros. One observation: we must also remove the instruction before the call (ldarg_0; opcode 02; no arguments). So, zero 6 bytes starting at the first in the method.

In other words, replace:

00 00 0A 02 28 08 00 00 06 2A 1E 02 28 06 00 00
06 2A 66 02 7B 02 00 00 04 2C 10 72 01 00 00 00

with

00 00 0A 02 28 08 00 00 06 2A 1E 00 00 00 00 00
00 2A 66 02 7B 02 00 00 04 2C 10 72 01 00 00 00

Run the application. The trial check is gone.

For example: I was using Microsoft Live Mesh in order to synchronize and backup my files with the cloud. But MS also offered the Office Workspaces where you could store documents. So, I was using 2 services but it was impossible to edit/view a document from Mesh in the SharePoint workspace.

Another example is SkyDrive, with the new feature for editing documents (Office Live Apps). A nice addition, but my documents were in Mesh, not in SkyDrive. So, again, I had everything except the interaction between applications.

I am really excited to say it: they finally (started to) merge all the services! Seems that SkyDrive will the place where everything goes merged:

• SkyDrive offers 25 GB for storage
• Live Mesh will be replaced by Live Sync, which will upload the files on SkyDrive (just 2 out of 25 GB storage limit – strange)
• Office 2010 supports loading and saving from and to SkyDrive
• Office Live Apps are on SkyDrive and documents uploaded through Sync can be edited there Seems that synced files cannot be edited :(
• Live Workspace will be replaced (integrated?) by Office Live Apps

With the Outlook connector I can keep my calendar, contacts and e-mail synchronized with the same cloud. Hopefully a feature for synchronizing tasks will be added soon. Also, mobile synchronization is a must – for my WM phone.

Is really nice that MS is doing a homogeneous environment where everything can be accessed from everywhere. However, the integration is not complete and it would be nice if they could integrate everything from My Phone to Messenger and social networks. Just imagine a single place from where you can do everything without being forced to use many services… [I'm dreaming, right?]

Before reading any further you should understand that each protection measure (as long as the cracker can access the source code) is useless. Is just a matter of time, for a motivated person, before she will bypass any protection.

For the demo, we are going to use a very simple Windows Forms Application that will display a message box with a trial message and will exit after that. The goal is to show a few techniques that will prevent the application from exiting (and will remove the trial message).

The code for the ‘trial’ application is kept in just one class. There is just one variable for checking the trial and we’ll consider that is always true – it makes no difference if there was a function call to determine if the trial has expired.

public partial class Form1 : Form
{
    bool hasExpired = true;
    public Form1()
    {
        InitializeComponent();
    }
    private void Form1_Load(object sender, EventArgs e)
    {
        CheckTrialApp();
    }
    private void CheckTrialApp()
    {
        if (hasExpired)
        {
            MessageBox.Show("Trial has expired");
            Application.Exit();
        }
    }
}

The binary used was compiled on the x86 Release configuration with VS2010 having .NET 4.0 as target framework. The IL Disassembler from VS2010 and a free application called CFF Explorer are used to view and edit the binary.

Opening the ‘TrialApp.exe’ file (the target binary) in IL Dissasembler will reveal all the statements from each method. This is important but, more important is the RVA of the method containing the trial check, the bytes for each statement and their position relative to the RVA.

By knowing the RVA you are able to navigate to that address using CFF explorer and locate the bytes for the calls. Even without seeing the actual bytes, one is able to locate the calls (and their length) by looking at the offsets (ie: the byte 2C is located 0006 bytes from the beginning of the implementation) – more on this in Part2.

Having access to all this information gives not one but many possibilities of bypassing the trial check:

1. Remove the two calls to Application.Exit and MessageBox.Show.
2. Change the if check.
3. Remove the ‘CheckTrialApp’ call from ‘Form1_Load’.

This post will cover just the first two possibilities, since the third is similar to the first.

1. Remove the calls to Exit and Show

The bytes from the method implementation:

         02 7B 02 00 00 04 2C 10 72 01 00 00 70
28 16 00 00 0A 26 28 17 00 00 0A 2A

A call to a method has the opcode 28. The next 4 bytes following the opcode represent the location of the method in the methods table (you can see this table using CFF explorer).

Now here comes the magic: in order to remove the calls to Exit and Show, one must  replace with NOP, all the bytes associated with these methods. Basically we are going the introduce a NOP byte (00) for each byte in the call.

         02 7B 02 00 00 04 2C 10 72 01 00 00 70
00 00 00 00 00 26 00 00 00 00 00 2A

That’s all. Save the file and the trial is bypassed.

2. Change the if check

If you look in the disassembled IL you can see that at offset 0×6 we have a brfalse.s opcode. This is a branch instruction that will branch to offset 0×18 (IL_0018) if false. However, in the case of ‘TrialApp’, since hasExpired is always true, the branch will never take place and the code following it will be executed.

In order to change the meaning of the code – in other words “give the trial message if the application has NOT expired” – the check will be changed. Currently, is checking against false using the instruction brfalse.s, having the opcode 2C. By looking on MSDN, the opcode for brtrue.s can be found: 2D. Replacing 2C with 2D will make the branch happen always.

The method inside the binary, after replacing the brfalse.s opcode:

         02 7B 02 00 00 04 2D 10 72 01 00 00 70
28 16 00 00 0A 26 28 17 00 00 0A 2A

That’s all. The message box will not be displayed since the body of the if statement is no longer executed.

There are some techniques that will make cracking difficult. Obfuscating the code is one of them. However, part 2 of this article will cover the modification of obfuscated binaries.

If you somehow use a non-fractional data type for storing the result, you will always get the result 3. And that should not surprise you.

int result = 7/2; //expression is 3

However, if you choose to use a fractional data type, things will change …

double result = 7/2;

… or not. The value stored in the variable result is still 3 (actually 3.0 or something really close to 3.0 – since floating point data types store the approximation of a number).

Why is this happening?

Let’s take a look at the expression, result = 7/2. There are two operators: / and =. Based on their precedence, the first evaluated is the division operator; it is a binary operator so, it has two operands. The general definition of the / operator in C# is:

public static TYPE1 operator /(TYPE2 op1, TYPE3 op2)

In our case 7 and 2 need to be matched to TYPE2 and TYPE3. In most languages, the operators for primitive types are defined only for the same type of operands (TYPE2 = TYPE3). In this way, for n types n operator overloads have to be defined, otherwise it could go up to n² overloads.

The compiler will try to match the operands with one of the operator signatures. In our case, both operands are integer so, it will call operator / (int, int) which returns int (!!). The expression on the right hand side (RHS) of = is evaluated as an int.

After that, the = operator will be evaluated. Because its RHS operand is an int, a conversion will be performed to double, in order to match the type of the left hand side of the operator. At this point, is to late to get the fractional part because it was already disposed. The final result will be an integer represented as a double.

The following drawing shows the abstract syntax tree and its evaluation for the previously mentioned expression.

In order to fix the problem, you need to explicitly state that a certain part of the expression must be evaluated as double. The best way to do this is to make one of the operands double. For example:

double r1 = 7.0/2;
double r2 = 7/2.0;
double r3 = 7.0/2.0;
double r4 = 7d/2d;
double r5 = ((double)5)/2; //This is not recommended but will work

In this above cases, the conversion node will be evaluated sooner, before any precision is lost, hence allowing you to get the expected result. The next image shows the AST for the expression double result = 7 / 3.0.

Understanding how an expression is evaluated is very important because non trivial statement can make your life harder. Take a look at the following examples and try to guess the results (r4 is similar to a bug we encountered).

double r1 = 7 / 2;
double r2 = 6.0 + 7 / 2;
double r3 = 5 / 2 + 7 / 2;
double r4 = DateTime.Now.Millisecond * (1000 / 3600);
double r5 = 6.5 / (1 / 2);
double r6 = 10.0 * (1 / 2);
double r7 = 11.0 * 1 / 2;

1. Application
2. E-Mail Interview
3. Phone Interview
4. On Site Interview

I will tell you my story and how I went through the four phases.

1. Application

My blog’s title (Ex Nihilo Nihil Fit) means “Nothing Comes Out of Nothing”. You can’t get a job at Microsoft by not doing anything – this is true for anything else. The first step you need to complete is the application process.

For this, many options are available. You can…

• … apply online on Microsoft’s Careers website as I did
• … send your CV to different e-mail addresses (there are some dedicated e-mails for different positions)
• … apply through some 3rd party organization (job shop, campus recruitment, job agency, etc)

On MS Careers you just have to post your CV and choose the job you want. That’s all! No recommendation letter, no cover letter, no nothing. Of course, not every CV passes the selection process. Here are some tips for improving your resume (worked for me):

1. Don’t write it just before applying! Write a draft version, wait a few days and then review it. This way you will find a lot of mistakes and stupid things you wrote initially. If you review it immediately after writing, your mind will not be criticism oriented and will just ignore mistakes. Repeat the write-wait-review process as many times as necessary, until you find that the review revealed no mistakes.
2. After you did the final review and the CV is bullet-proof, ask others to review it. They will definitely find inconsistencies and mistakes and this will make you feel stupid. This is good because will open your eyes will make you go into an ‘I want to improve’ mode. You’ll try to correct everything. After you come up with a modified version go again through steps 1 and 2. Repeat this as many times as necessary. [Special thanks to Lucian Sasu, Nadia Comanici, Andrei Ciobanu, Monica Balan and Lavinia Tanase for reviewing my CV!]
3. Make it short and give only relevant facts. Initially, I come up with a 5 pages CV because I wrote every single technology with which I worked. There were a lot irrelevant things, I wrote Windows Workflow Foundation just because I played with it for a few days. I added extensive descriptions for every project, made a personal details section (name, birth date, address, etc) of 1/2 page. Others suggested to cut everything that was not necessary. You don’t need to give extensive descriptions, just add a few words. For example, I wrote “VS Image Visualizer – Visual Studio 2008 debug visualizer for images” and added a link to the project’s page – you submit formatted andcan embed links.
4. Add something that makes it different. I don’t know if this makes a difference, but I added some lines to separate items just like in the picture below. Definitely Microsoft gets thousands of CVs per day. You need something special.
   
5. Don’t lie! Tell exactly what you did and what is the proficiency level of your skills. For example, don’t write “Advanced” for UML if you don’t know the difference between composition and aggregation. Be realistic and don’t under/over estimate yourself.
6. Use the spell chick. Make sure everything is written in correct English and there are no grammar/spelling mistakes. Noddy likes a WC with grammar mi takes. You mght fail just because of that.

Once you completed your CV, choose the job that suits best your needs, apply and wait… The waiting is a problem because all these big companies like Microsoft, Google, Mozilla, Apple, etc. will contact you only if they find something interesting in your application. If you’re not suitable, then no rejection is sent.

I applied for an Intern Software Development Engineer position at Microsoft Redmond. I cannot apply for a full time position because I want to finish the master program on time, in the next summer – an internship is just what I need.

2. E-Mail Interview

January 20, 2010. Two months since I submitted the CV. I wasn’t hoping anymore that MS will contact me, when I got an e-mail titled: “Victor Hurdugaci ES DK” from Holly Peterson saying:

Hi there,
My name is Holly and I work with the Microsoft International Internship recruitment program.
We recently received your CV and would like to consider you for one of our technical internship positions in Denmark in 2010.
[...]
Please respond by the end of the day if possible
[...]

Wow! Now this was a good news. The possible bad side was that the internship was going to take 12 months. This might be a problem. However, it solved really well after talking to my professors. They understood the value of this internship and considered that will be possible to go for 12 months in Denmark and do my thesis there.

The e-mail also contained a set of 15 questions that I was supposed to answer when sending the response. The topic of the questions was not the same. Some asked HR questions like:

• In what city/country will you be residing in June 2010?
• Describe your ideal job
• Have you interviewed with Microsoft before?

Others were a little tricky and technical:

• How many lines of code would you estimate you personally have written in the last year?
• How would you test a function that is supposed to calculate the factorial up to 1000?

I tried to be as specific as possible, but still give exhaustive answers, trying to cover all possible uncertainties present in the question’s text. By the way, you can’t send an e-mail back to ask for more details or clarifications. I don’t think I am allowed to post my answers to questions. I will just leave them as homework for you.

Replied the same day (actually the next day at 00:20 in the morning) and I waited again. Now was better because they are going inform me about the decision, no matter if is positive or negative. It was just a matter of time.

You might have more than one e-mail interview. I met someone who had two with less questions.

Few days later, another e-mail arrived. They continue to consider me as a candidate. Someone from Microsoft Development Center Copenhagen (MDCC) will contact me to schedule a phone interview.

3. Phone Interview

This is where it gets interesting. Until now everything was asynchronous and for all questions I had time to think. During a phone interview you have to come up with (almost) instant solutions.

I was contacted by Mario Lucich who proposed an interview on March 5^th at 10:00. That time was not convenient for me and I asked to postpone the call. The new time, 13:00, was good. If you get to the phone interview and the proposed time-slot is not good for you, don’t be afraid to ask for changes.

March 5th, around: 12:30. I was preparing for the interview: a piece of paper, a pencil, a glass of water and I was really cool with this.

March 5th, around 12:50. I was nervous, I felt like I wasn’t ready for this and I was expecting for a bad interview.

March 5th, around 13:00. Mario calls on Live Meeting (we decided to use this application instead of phone – is more convenient).

The start of the interview was a relief because we both had problems with the headset and there was a period with “Can you hear me? No? Click-click. How about now? No? Click click … “. This showed that the interview was not going to be formal. Good!

After we solved the headset problems and went through the usual “Hello. How are you? Fine. How about you?”, we got straight into questions.

From what I read on the Internet, each phone interview is different. Each individual got a different set of questions. Again, no answers will be provided. I was asked:

1. Suppose <some name> will give you 1M dollars. What project would you start?
2. You are supposed to hire an assistant. For what qualities are you looking? [HINT: short skirt, big boobs, etc. are not good answers]
3. If you wouldn’t work in software development for what other job would you look?

An interview, usually, lasts for 30-45 minutes. After 10 minutes, the interviewer, dropped a bomb: “Victor, I’ll say this directly. I don’t think we should go any further with this interview”. Ups… I got upset and I said to myself: “Victor, you are so stupid. You provided the worst answers possible and now you missed your change”. And then he said: “… because you convinced me and you will be invited for another interview at MDCC”. I was completely amazed! After just 10-15 minutes the interview was over and it was a success.

I was expecting to technical questions. Other had quite a lot of them, but I got no technical question. The only technical part was when I talked about expert systems – my Bachelor thesis.

Again “someone will contact you in order to schedule the interview and all the details”.

Tips for interview:

1. Don’t lie! Tell the truth even if it might sound silly. They want to know how are you and not how you pretend to be.
2. If you need time to think, ask for it. Don’t say “I don’t know”. Take your time to think and say the best solution you come up. Express your thoughts and say what you think.
3. Try to be calm, wait for the interviewer to finish each question before coming up with an answer.
4. Stay in a quiet place and don’t be tired. Try to maximize the chances of coming up with good answers.
5. Don’t search for answers on Internet! Don’t type at computer! Usually, if the interviews hears this, is bad. Use just your mind (and eventually pen/paper).
6. Take notes. You might even want to write down the question you are supposed to answer.

4. On Site Interview

As agreed, I was contacted by someone to schedule the date of the on site interview. I was supposed to fly on March 4th to Copenhagen, sleep that night at Raddison Blu Scandinavia hotel and have the interview in the next morning. This is how it happened.

The flight with KLM was really nice! I am quite afraid of flight, but I enjoyed this one. The plane was not full so I had 3 seats to seat on :) The same thing happened when I was returning to Holland (with a minor difference. More on this below).

The plane ticket was prepaid by Microsoft. The same thing didn’t happen with the hotel room. I had to pay it and money will be reimbursed. Be careful that Raddison Blu Scandinavia is not accepting Maestro cards! I was really lucky to have a VISA card with me.

So, after a good sleep and a delicious breakfast I took the taxi to MDCC. The taxi driver said he knows where are we going and after a few minutes started to look on the map for the location. He didn’t know where we were supposed to go. I used my phone to find the location and I think he made a huge detour because I had to pay twice as much as others. The good side is that this expense will be reimbursed.

I arrived at MDCC 1 hour before the schedule. The interview was scheduled at 10:30 and I arrived at 9:30. I was hoping to take a walk through the campus, but it was too cold to stay outside. The lady at the front desk invited me to wait there, on a couch. I read some brochures and had some water.

At 10:30 I met Scott Simmons, the person who was going to be my guide in that day. He took me to another room with other interviewees (~10 . They were coming from Romania, Austria, Germany, Russia, Moldavia and Finland) and a table full of snacks and drinks. Whooo party! In that room was also a Microsoft Surface with which we played during the day – unfortunately is not as impressive as in commercials.

Near our room, was another full of interviewers. They were coming out when someone was supposed to be interviewed and they were going back in when the interview finished. After 10 minutes, one interviewer asked for me. We went to another room, in another building and the interview day started.

The first interview was really direct. I was expecting an introduction or something, but went straight to the blackboard and said: “You are given two arrays: before: {3, 3, 5, 8, 1} and after: {5, 3, 2, 4}. Determine what numbers were removed/added from/to the ‘before’ array in order to obtain ‘after’.” I had to write code on blackboard. I choose to write C# code and I implemented the solution using a dictionary. After this, I was asked about the complexity of the algorithm and the discussion went really deep in the implementation and complexity of dictionary (hash table) – “What elements to you add to a dictionary in order to make the Contains method run, always, in O(n), where n is the number of KeyValuePairs in dictionary?”. After a few hints, I was able to come up with the solution, which is not really simple even after knowing it. Can you figure it out?

After that he explained me what is his role at Microsoft and how the development process works – he was a developer team lead. We had a chat on our way the waiting room, in the other building. Drinks, Surface, chat with the other for another few minutes.

My second interviewer comes out from ‘The Room’ and we are going to a room in the same building. This was great because outside was really, really cold. It was the interview I enjoyed the most. After each of us telling his story – he told me about his life at Microsoft, I told him how I got to Netherlands and what I like to do – he told me to design a Tetris game, on blackboard. This wasn’t hard – I did some UML diagrams, explained each design decision and in the end had to write some code that will show a design pattern which can be applied to that design. I implemented a pseudo observer pattern and quite messed it up, but seems it wasn’t so bad after all. The interview ended with me asking for feedback about my design.

The third interview, thinking back now, was supposed to be the easiest. I had to design a function that takes a string as argument and reverses the order of the words, preserving spaces. Imagine that I spent 1 hour and I managed to come with a crappy implementation. First I tried something with regular expressions which didn’t worked eventually ending up by manually splitting the phrase in words and groups of spaces. What disoriented me was, that between words, you can have multiple spaces or tabs. After arriving home I found the solution in 1-2 minutes. I really performed bad in that interview and I don’t think the interviewer was impressed at all.

The last interview session was not really technical. I talked with one product manager who wanted to know what I want to do there and I think he was trying to understand on which position – tester or developer – I fit better. The discussion was awesome because I found some more information about the development and shipping process of Microsoft products.

I was getting tired, nervous and anxious after the four interviews. In the waiting room there was just me and a guy from Austria. The person responsible for me comes out of the room and asks me if I am someone else. He apologies and after a few minutes comes back again. We were still waiting. We gather around a table and he tells us that we both are going to get a job at Microsoft! None of us knew how to react. Then, he gave us some more details about the internship program and how are we going to proceed further.

After four hours of interviews, everything ended up with success. Me and the Austrian went to the train station, waited for a train which was more that one hour behind the schedule and finally arrived to the airport. We had dinner and a beer (duh!!) and each of us went to his plane – we’ll meet again in summer. There is an cool commercial in Kastrup Airport (after you pass the security check) – see the picture on right.

The flight back to Netherlands was quite good. We had some turbulence before landing, but otherwise it was OK. There were some lousy guys in the plane which amused me.

My tips for the on-site interview (you can find many others on Internet):

1. Take time and think. Don’t go straight into coding. Take a few minutes, simulate different solutions in your head and implement the best one.
2. Be goal oriented! If you need to choose between a crappy implementation that will work and not doing anything, go for the former. A working solution is better than none. You can say, as I did, that the implementation is not the best but you cannot see a better one now.
3. Sleep before the interview. Try to maximize you chances as much as possible. Not being tired gives you a good boost.
4. Don’t eat to much in the morning. Might sound silly but have a light breakfast even is you are tempted by all the good meals at the hotel’s restaurant. The last thing you want is to have problems with your stomach.
5. Don’t think you have to be perfect. The interviewer are aware that everyone mistakes and they will not kill you :) Think loud, explain your solution, try to prove its correct and don’t panic if you find mistakes (or the interviewer points some). Correct what you can and that’s it.
6. Socialize with the other candidates. No matter if you are competing or not with the others for the job don’t forget to be nice and socialize. Is good to have connections all over the world.

Yesterday, March 12^th, I received my employment contract which will start in summer and will last 12 months. Finally, I’ll go where I always dreamed.

Resources

When you are preparing for the interview you are searching for as many information as possible. I will make your job a little easier and share the best resources I used (in random order):

• Kristian Kristensen on My Job Interview at Microsoft Development Center Copenhagen (MDCC)
• Gary Daniels and Evan Goldring – Mock whiteboard problem – “Here’s a mock whiteboard session to see what an interviewer looks for during that stage of the interview.”
• Get Hired @ Microsoft, Episode 1: Write a Killer Resume
• Get Hired @ Microsoft, Episode 2: Partner with your Recruiter
• Zoe Goldring and Gretchen Ledgard – What is it like to interview at Microsoft?
• Zoe Goldring and Gretchen Ledgard – Riding the Recruiting Shuttle

If you use Windows Vista/7 then you know that buttons and links which elevate privileges are preceded by a shield icon. This is the way Microsoft decided to inform the user about the effect of clicking that control.

The first idea that might pop up is the reinvention of the wheel (or shield). In other words you could draw the shield on a button. This is OK except that:

1. Is not easy
2. Will require you to recompile the interface if Microsoft decides to change the icon
3. You need the icon in many sizes 16×16, 24×24, 32×32, etc. (extract it from MS’ DLLs)
4. Will create a lot of overhead with layout (position icon relative to text size/position)

The second method is easier, safer and recommended by MS. All you need to do is send a specific message (BCM_SETSHIELD) to the button if the user has limited privileges and pressing that button will trigger the UAC window. Actually there is a second, tricky, thing that must be done: the style of the button must be “System” (in C# “System.Windows.FlatStyle.System”). Without this you will not be able to see the shield.

The code provided in part 1 of this article will be modified in order to display the shield on the two buttons. Moreover, the shield will be displayed only when the user runs under an account with limited privileges or non-elevated administrator.

In order to display the shield one needs to send the BCM_SETSHIELD (=0x0000160C) message to the button. This can be done by using the SendMessage function from user32.dll. This article will not cover what is and how to use SendMessage, if you need more information about it follow the previous link.

To set the shield of the “Elevate this application” button one needs to send the message in the following way:

SendMessage(btnElevate.Handle, BCM_SETSHIELD, 0, 1);

The first parameter is the handle of the button, the second one is the message, the third one is not used and must be ’0′ and the last argument must be non-zero in order to draw the shield, zero otherwise.

If you try this it will not work :) Remember the ‘tricky’ thing told before? This is the full code to display the shield for btnElevate:

btnElevate.FlatStyle = FlatStyle.System;
SendMessage(btnElevate.Handle, BCM_SETSHIELD, 0, 1);

There is only one thing that must be done in order to work properly. Remove the shield if the user has elevated privileges. I don’t know if this is against MS’ recommendation but in my opinion one must not be shown information that cannot be used in that context; in our case don’t show the elevate shield if there is nothing to elevate.

Part 1 described how to check if a user has full rights. Now we are just using that boolean variable:

if (!hasAdministrativeRight)
    SetUACShields();

Where SetUACShields will send the message to all buttons that require the shield drawn.

The full updated code from Part 1: UAC Code 3 (10.13 KB)

Today is a big day for Windows fans. The final milestone in Windows 7 development process has been reached and the new operating system is general available.

Just two years passed since the release of Vista and many say that Windows 7 should be just a “super-service pack” for Vista.

If you are not a MS Partner and you don’t have a MSDN/TechNet Subscription then this is the first time you can get Windows 7 non-trial. Many shops already started to sale and deliver copies of W7 – got few mail in the morning with special offers.

The prices on Amazon are:

• Windows 7 Home Premium (Retail/Upgrade): $199.99/$119.99
• Windows 7 Professional (Retail/Upgrade): $299.99/$199.99
• Windows 7 Ultimate (Retail/Upgrade): $319.99/$219.99

And now two funny things: on Amazon you have “2 Used and new” copies of Windows 7. I wonder who has a used copy of W7 that has just been released :)

The image on the right I found it on Larry Osterman’s blog.