The best result that can be achieved using mstest is a single testcase that will iterate through the dataset. There is one disadvantage: if the test fails for one entry in the dataset, the whole test case fails.

So, in order to overcome the previously mentioned limitation, I decided to create a text template that will generate the test cases for me. As an example, I will write some tests for an integer multiplication function that has 2 bugs in it:

public int Multiply(int a, int b)
{
    //This conditions are simulating the 2 bugs
    if (a == 0 && b == 1)
        return 100;
    if (a == 1 && b == 0)
        return -100;
    return a * b;
}

The classical approach (no dynamic test)

Without using any ‘hacks’, one could write the tests for the Multiply function in the following way:

//Tuple description <value of param a, value of param b, expected result>
private static readonly Tuple<int, int, int>[] TestData = new Tuple<int, int, int>[]{
    new Tuple<int, int, int>(0,0,0),
    new Tuple<int, int, int>(2,3,6),
    new Tuple<int, int, int>(1,0,0), //These will trigger one of the bugs
    new Tuple<int, int, int>(-2,-3,6),
    new Tuple<int, int, int>(0,1,0) //These will trigger one of the bugs
};
[TestMethod]
public void TestMultiply()
{
    foreach (var data in TestData)
    {
        Assert.AreEqual(data.Item3, Multiply(data.Item1, data.Item2),
                        "Failed for input ({0}, {1})", data.Item1, data.Item2);
    }
}

Running the test will surface only one of the bugs, the one triggered by the input (1,0):

This is not only bad because it doesn’t give a complete overview of the bugs but it also violates the principle of one assertion per test because more than one assertion could be triggered in the test case above.

The T4 approach (dynamic test)

A text templates, from MSDN:

… is a mixture of text blocks and control logic that can generate a text file. The control logic is written as fragments of program code in Visual C# or Visual Basic. The generated file can be text of any kind, such as a Web page, or a resource file, or program source code in any language. Text templates can be used at run time to produce part of the output of an application. They can also be used for code generation, in which the templates help build part of the source code of an application.

Text templates are invoked before compilation in order to generate some code that will be used in the compilation process. Preprocessed text templates are used to generate templates that can be invoked at runtime in order to generate new files. I am going to use the former one.

So, the goal is to have one assertion per test and show all bugs. For this, different test cases, for each input, are needed. A possible approach would be to write manually each test:

[TestMethod]
public void TestMultiply_Input_0_0()
{
    TestMultiply(0, 0, 0);
}
[TestMethod]
public void TestMultiply_Input_2_3()
{
    TestMultiply(2,3,6);
}
[TestMethod]
public void TestMultiply_Input_1_0()
{
    TestMultiply(1, 0, 0);
}
[TestMethod]
public void TestMultiply_Input_Minus2_Minus3()
{
    TestMultiply(-2, -3, 6);
}
[TestMethod]
public void TestMultiply_Input_0_1()
{
    TestMultiply(0, 1, 0);
}
public void TestMultiply(int a, int b, int expected)
{
    Assert.AreEqual(expected, Multiply(a, b), "Failed for input ({0}, {1})", a, b);
}

While this approach doesn’t violate the two principles above, it creates a code that is hard to maintain and is a pain to write it for many inputs. Just imagine having 100 tuples in the dataset. The result is the expected one:

A smarter approach is to generate all those test methods. Can you see the pattern they follow?

• The title of the method is composed of the string “TestMultiply_Input_” followed by the first input value, followed by the string “_” and then followed by the second input value
• The body of the method is made by a call to a generic test method (TestMultiply) using the two input values and the expected result
• For negative values, the minus sign is replaced by the literal “Minus”

So, a text template (not a preprocessed text template!) can be written to the test cases. It can be added to a Visual Studio 2010 project by adding a new item of type “Visual C# Items\General\Text Template”. I will name the file “GeneratedTestCases.tt” and the generated code file will be “GeneratedTestCases.generated.cs”.

<#@ template debug="false" hostspecific="true" language="C#" #>
<#@ output extension=".generated.cs" #>
using System;
using Microsoft.VisualStudio.TestTools.UnitTesting;
namespace Tests
{
    [TestClass]
    public class MultiplicationTests
    {
<#
//Tuple description <value of param a, value of param b, expected result>
Tuple<int, int, int>[] TestData = new Tuple<int, int, int>[]{
    new Tuple<int, int, int>(0,0,0),
    new Tuple<int, int, int>(2,3,6),
    new Tuple<int, int, int>(1,0,0), //These will trigger one of the bugs
    new Tuple<int, int, int>(-2,-3,6),
    new Tuple<int, int, int>(0,1,0) //These will trigger one of the bugs
};
foreach (var data in TestData)
{
#>
		[TestMethod]
		public void TestMultiply_Input_<#= data.Item1.ToString().Replace("-", "Minus") #>_<#= data.Item2.ToString().Replace("-", "Minus") #>()
		{
			TestMultiply(<#= data.Item1 #>, <#= data.Item2 #>, <#= data.Item3 #>);
		}
<#
}
#>
		public void TestMultiply(int a, int b, int expected)
        {
            Assert.AreEqual(expected, Multiply(a, b), "Failed for input ({0}, {1})", a, b);
        }
	//Just write this method here. In reality, this method will be somewhere else
	public int Multiply(int a, int b)
        {
            //This conditions are simulating the 2 bugs
            if (a == 0 && b == 1)
                return 100;
            if (a == 1 && b == 0)
                return -100;
            return a * b;
        }
    }
}

This text template will generate the test class. It looks quite ugly and writing it is not trivial because there is not intellisense or syntax coloring in Visual Studio.

Let me explain what it does:

1. All the text that is not between <# #>, <#@ #> or <#= #> is just copied to the output file (ex: lines 3-12)
2. Line 2 specifies the extension of the output file
3. Code between <# #> is C# code and will be executed at generation time
4. Code between <#= #> is C# code, will be executed at generation time and it’s output will be written to the generated file. It must be a single statement returning a non void value.
5. For each tuple in the data set, a test method is written to the output file.

It can be improved a little by working with partial classes. Instead of writing all the code in the tt file, the C# code can be placed in a cs file. So, I’ll do some changes to the tt file by removing the last methods and making the class partial:

<#@ template debug="false" hostspecific="true" language="C#" #>
<#@ output extension=".generated.cs" #>
using System;
using Microsoft.VisualStudio.TestTools.UnitTesting;
namespace Tests
{
    [TestClass]
    public partial class MultiplicationTests
    {
<#
//Tuple description <value of param a, value of param b, expected result>
Tuple<int, int, int>[] TestData = new Tuple<int, int, int>[]{
    new Tuple<int, int, int>(0,0,0),
    new Tuple<int, int, int>(2,3,6),
    new Tuple<int, int, int>(1,0,0), //These will trigger one of the bugs
    new Tuple<int, int, int>(-2,-3,6),
    new Tuple<int, int, int>(0,1,0) //These will trigger one of the bugs
};
foreach (var data in TestData)
{
#>
		[TestMethod]
		public void TestMultiply_Input_<#= data.Item1.ToString().Replace("-", "Minus") #>_<#= data.Item2.ToString().Replace("-", "Minus") #>()
		{
			TestMultiply(<#= data.Item1 #>, <#= data.Item2 #>, <#= data.Item3 #>);
		}
<#
}
#>
    }
}

Then, create a class called “MultiplicationTests” that is also partial and contains the methods removed from the tt file:

using Microsoft.VisualStudio.TestTools.UnitTesting;
namespace Tests
{
    partial class MultiplicationTests
    {
        public void TestMultiply(int a, int b, int expected)
        {
            Assert.AreEqual(expected, Multiply(a, b), "Failed for input ({0}, {1})", a, b);
        }
        //Just write this method here. In reality, this method will be somewhere else
        public int Multiply(int a, int b)
        {
            //This conditions are simulating the 2 bugs
            if (a == 0 && b == 1)
                return 100;
            if (a == 1 && b == 0)
                return -100;
            return a * b;
        }
    }
}

Now regenerate the template and compile.

Conclusion

The presented approach is good and definetely has some advantages but is not perfect. Here are some dissadvantages:

• Text Template editor, in VS, is just plain text with not syntax coloring or intellisense
• The compilation errors are sometime ambiguous
• Debugging a text template is something you would like to avoid :)
• For a few test cases, more code is written
• In case of new test cases, the code must be recompiled

Advantages:

• Shows more bugs earlier
• Allows one assertion per test even for large data sets
• The code is compiled and not evaluated at runtime (maybe there is a performance gain)
• Less manual code duplication

Advice: try to write as less code as possible in the tt file. Move as much as possible to cs files. Any assembly, except the one in which the tt file is, can be referenced at generation time.

If you have troubles going through this tutorial, download the complete C# project: T4_mstest (3.56 kB)

• WinDbg
• CFF Explorer

The second part of the article discusses how to modify binaries that are obfuscated. For simplicity and clarity, I will not use obfuscated binaries. Doing this, allows the reader to understand what is actually happening. In the demo I will completely ignore the name of the methods or the actual, non-obfuscated, code.

I recommend reading the first part, if you didn’t already. It provides some information that might be needed to understand theis second part.

The same ‘TrialApp.exe’ binary is used. The current approach, as opposed the the former one, is:

1. Load the application in debugger and break the execution when the trial message is displayed.
2. Get the call stack
3. Find the address of the trial check method
4. Remove the call

1. Load the application in debugger and break the execution when the trial message is displayed

WinDbg can be obtained for free from Windows SDK (see the Microsoft Downloads website). If you are running a 64 bit OS, make sure you start the 32bit version of WinDbg (should be in Program Files (x86)).

Load ‘TrialApp.exe’ in WinDbg by clicking File -> Load Executable. In order to run it you have 3 options:

1. Type ‘g’ and press ENTER
2. Press F5
3. Click Debug -> Go

The application will start and the execution will stop when the message box is displayed. Is actually waiting for the user to click OK. At this point break the execution by pressing Debug -> Break.

Before being able to debug the .NET application, 2 DLLs needs to be loaded. They help the debugger ‘understand’ the .NET internals. The actual paths might differ on your configuration. Anyway, make sure you load the 32 bit version of these files (the 64 bit version are in the Framework64 folder). The .load command loads external libraries.

.load c:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
.load c:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

2. Get the call stack

A call stack is associated with a thread. Before getting the stack we need to figure out which is the thread for which we want it. Execute the following command and inspect the output…

!threads

There are two thread having IDs 0 and 2. Is quite easy to decide which is the main thread since just one of them is Single Thread Apartment (STA). Switch to the main thread and display the CLR stack using the following commands:

~0s
!clrstack

3. Find the address of the trial check method

OK! You’re still with me? If yes, then take a look at the result of the last command. It displays the call stack of the main thread. Notice that OnCreateControl calls OnLoad, OnLoad calls From1_Load, etc. In the case of obfuscated code, the name would probably be strange and you would have to analyze each method in depth. Because the code was JIT compiled the call to the trial check was inlined.

Let’s take a look at the IL code for Form1_Load. To do this, first we need the address description of the MethodDesc structure of method. The ip2md command returns the structure. The argument is the IP address of the method. After this, just dump the IL for the address specified in MethodDesc. I want to make on observation here: if you look at the MethodDesc structure you can see the mdToken field. This field specified the table and the row in the table for the this method (the row corresponding to this method is the 6^th, because the index starts at 0).

!ip2md 003f01f9
!dumpil 00176304

In case of obfuscated code, you would probably see just a call instruction to some cryptic method. It makes no difference. We can see that at IL_0001 (relative to the start of the method) we have a call and this instruction uses 5 bytes in the file (0006-0001 = 0005; in hex)).

Having the size of the instruction, its position and the row of the method in the methods table we can proceed further. Open CFF Explorer and load the assembly.

Navigate to .NET Directory -> MetaData Streams -> #~ -> Tables. Look for the Method table in the new tree and select the entry with number 5. Copy its RVA value.

4. Remove the call

With the RVA in hand (on clipboard :-) ), remove the call just like in the first part of the article. Replace the call bytes with zeros. One observation: we must also remove the instruction before the call (ldarg_0; opcode 02; no arguments). So, zero 6 bytes starting at the first in the method.

In other words, replace:

00 00 0A 02 28 08 00 00 06 2A 1E 02 28 06 00 00
06 2A 66 02 7B 02 00 00 04 2C 10 72 01 00 00 00

with

00 00 0A 02 28 08 00 00 06 2A 1E 00 00 00 00 00
00 2A 66 02 7B 02 00 00 04 2C 10 72 01 00 00 00

Run the application. The trial check is gone.

Before reading any further you should understand that each protection measure (as long as the cracker can access the source code) is useless. Is just a matter of time, for a motivated person, before she will bypass any protection.

For the demo, we are going to use a very simple Windows Forms Application that will display a message box with a trial message and will exit after that. The goal is to show a few techniques that will prevent the application from exiting (and will remove the trial message).

The code for the ‘trial’ application is kept in just one class. There is just one variable for checking the trial and we’ll consider that is always true – it makes no difference if there was a function call to determine if the trial has expired.

public partial class Form1 : Form
{
    bool hasExpired = true;
    public Form1()
    {
        InitializeComponent();
    }
    private void Form1_Load(object sender, EventArgs e)
    {
        CheckTrialApp();
    }
    private void CheckTrialApp()
    {
        if (hasExpired)
        {
            MessageBox.Show("Trial has expired");
            Application.Exit();
        }
    }
}

The binary used was compiled on the x86 Release configuration with VS2010 having .NET 4.0 as target framework. The IL Disassembler from VS2010 and a free application called CFF Explorer are used to view and edit the binary.

Opening the ‘TrialApp.exe’ file (the target binary) in IL Dissasembler will reveal all the statements from each method. This is important but, more important is the RVA of the method containing the trial check, the bytes for each statement and their position relative to the RVA.

By knowing the RVA you are able to navigate to that address using CFF explorer and locate the bytes for the calls. Even without seeing the actual bytes, one is able to locate the calls (and their length) by looking at the offsets (ie: the byte 2C is located 0006 bytes from the beginning of the implementation) – more on this in Part2.

Having access to all this information gives not one but many possibilities of bypassing the trial check:

1. Remove the two calls to Application.Exit and MessageBox.Show.
2. Change the if check.
3. Remove the ‘CheckTrialApp’ call from ‘Form1_Load’.

This post will cover just the first two possibilities, since the third is similar to the first.

1. Remove the calls to Exit and Show

The bytes from the method implementation:

         02 7B 02 00 00 04 2C 10 72 01 00 00 70
28 16 00 00 0A 26 28 17 00 00 0A 2A

A call to a method has the opcode 28. The next 4 bytes following the opcode represent the location of the method in the methods table (you can see this table using CFF explorer).

Now here comes the magic: in order to remove the calls to Exit and Show, one must  replace with NOP, all the bytes associated with these methods. Basically we are going the introduce a NOP byte (00) for each byte in the call.

         02 7B 02 00 00 04 2C 10 72 01 00 00 70
00 00 00 00 00 26 00 00 00 00 00 2A

That’s all. Save the file and the trial is bypassed.

2. Change the if check

If you look in the disassembled IL you can see that at offset 0×6 we have a brfalse.s opcode. This is a branch instruction that will branch to offset 0×18 (IL_0018) if false. However, in the case of ‘TrialApp’, since hasExpired is always true, the branch will never take place and the code following it will be executed.

In order to change the meaning of the code – in other words “give the trial message if the application has NOT expired” – the check will be changed. Currently, is checking against false using the instruction brfalse.s, having the opcode 2C. By looking on MSDN, the opcode for brtrue.s can be found: 2D. Replacing 2C with 2D will make the branch happen always.

The method inside the binary, after replacing the brfalse.s opcode:

         02 7B 02 00 00 04 2D 10 72 01 00 00 70
28 16 00 00 0A 26 28 17 00 00 0A 2A

That’s all. The message box will not be displayed since the body of the if statement is no longer executed.

There are some techniques that will make cracking difficult. Obfuscating the code is one of them. However, part 2 of this article will cover the modification of obfuscated binaries.

Create a fancy-looking application that displays the preview of the open applications.

• Enumerating windows and getting various information about them
• Creating the Aero glass effect
• Using the DWM windows preview feature

• Windows Vista/7 with the Aero theme active
• Visual Studio 2010 (or 2008 but requires some changes in code which are not covered by this tutorial)

TaskSwitcher (13.07 KB)

The basic idea behind this application is the following: upon start, we create snapshot (a list) of all the available windows and we use it to decide what previews to display. Once the list is created, a preview is drawn for each item. There is a drawback for this approach: if new windows are created or some existing are closed the interface will not display them (actually for closed windows will replace the preview with an icon). The advantage: is a simple implementation.

There are three parts for this project.

1. Enumerating only the open applications’ windows
2. Make a glass window
3. Generate a live preview for each window

Enumerating windows

Enumerating all windows can be done with the EnumWindows function from user32.dll which can be easily imported in C#.

[DllImport("user32.dll")]
private static extern int EnumWindows(EnumWindowsCallbackDelegate callback, int lParam = 0);
private delegate bool EnumWindowsCallbackDelegate(IntPtr hWnd, int lParam);

However, the result of a pure enumeration will return hundreds of windows. The most powerful filtration is to keep just the windows that are visible. Again, a function from user32.dll called IsWindowVisible is used to check whether a hWnd belongs to a visible window. Probably, after this step you will have just 30-40 windows left in the list.

[DllImport("user32.dll")]
private static extern bool IsWindowVisible(IntPtr hWnd);

The next step is to decide which is the most meaningful representative window from each cluster of windows related by ownership. The Old New Thing blog presents an algorithm for this problem. The logic behind this algorithm is: “For each visible window, walk up its owner chain until you find the root owner. Then walk back down the visible last active popup chain until you find a visible window. If you’re back to where you’re started, then put the window in the Alt+Tab list.” A few Dll imports and the translation of the pseudocode to C# gives the following code.

private static bool IsWindowChainVisible(IntPtr hWnd)
{
    // Start at the root owner
    IntPtr hwndWalk = GetAncestor(hWnd);
    // Basically we try get from the parent back to that window
    IntPtr hwndTry;
    while ((hwndTry = GetLastActivePopup(hwndWalk)) != hwndTry)
    {
        if (IsWindowVisible(hwndTry)) break;
        hwndWalk = hwndTry;
    }
    return (hwndWalk == hWnd);
}

At this point you probably filtered most windows. However, there are still a few that refuse to be filtered out:

1. The desktop window
2. Our application window
3. The taskbar

Removing the desktop window

Depending on what you want to do, you may decide to keep this window. The task switcher in Windows 7 provides also the preview for the desktop. However, if you decide to to remove it, you have the check each handle against the desktop handle (which can be obtained using the GetShellWindow from user32.dll).

[DllImport("user32.dll")]
private static extern IntPtr GetShellWindow();

Removing our application window

One naive approach would be to ignore the windows with a specific title. This is bad because many windows can have the same title. The correct approach is to filter based on the window handle. I created a list of ignored handled and, after the main window was created, I added its handle in this list. Because WPF is used, the handle of a window can be obtained using WindowInteropHelper class.

Removing the taskbar

This was tricky and I’m still not sure is the correct approach. There is one window in the list that is not filtered by the previous filters. Even more, is not visible with Spy++ (!!!) and it’s preview is the taskbar. The only solution I found and seems to remove just that window, is to filter out all windows that don’t have the WS_EX_APPWINDOW style. If you find any window that is not displayed because of this, let me know.

Finally, the method that decides which window goes into the snapshot is presented below:

//This function will be called for each available window
private bool EnumWindowsCallback(IntPtr hWnd, int lParam)
{
    bool IsDesktopWindow = (hWnd == GetShellWindow());
    bool IsVisible = IsWindowVisible(hWnd);
    bool IsChainVisible = IsWindowChainVisible(hWnd);
    bool IsInIgnoreList = (WindowHandlesToIgnore.Contains(hWnd));
    //Filters the taskbar
    bool IsApplicationWindow = ((GetWindowLong(hWnd) & WS_EX_APPWINDOW) == WS_EX_APPWINDOW);
    if (!IsDesktopWindow && IsVisible && IsChainVisible && !IsInIgnoreList && IsApplicationWindow)
    {
        windowsSnapshot.Add(new WindowInfo(hWnd));
    }
    return true;
}

Once we have a snapshot of the visible windows we plan to display them. As seen in the objective screenshot, the main window is transparent and has a glass effect.

The glass window

It is very important to understand that the glass effect is available only on Windows Vista and 7 and works as long as you have the Aero theme enabled!

The glass effect functions are part of the Desktop Window Manager API represented by the library dwmapi.dll. All the functions were imported from that DLL.

In order to make (a part of) a window transparent you need to:

1. Make the windows background transparent (paint it with a transparent brush)
2. Call the DwmExtendFrameIntoClientArea function specifying the window handle and the inner region of the window that will have the glass effect (you specify the margins from the inner border). If you want the whole window to be transparent specify a negative (-1) margin for all sides.

private void MakeGlassEffect()
{
    if (DwmIsCompositionEnabled())
    {
        IntPtr mainWindowPtr = new WindowInteropHelper(this).Handle;
        HwndSource mainWindowSrc = HwndSource.FromHwnd(mainWindowHandle);
        mainWindowSrc.CompositionTarget.BackgroundColor = Colors.Transparent;
        this.Background = Brushes.Transparent;
        MARGINS margins = new MARGINS();
        margins.ExtendToWholeClientArea(); //Sets all values to -1
        int result = DwmExtendFrameIntoClientArea(mainWindowSrc.Handle, ref margins);
        if (result < 0)
        {
            MessageBox.Show("An error occured while extending the glass unit.");
            Application.Current.Shutdown();
        }
    }
}

Live windows preview

As you might already know, when you press Alt+Tab in Windows Vista/7 (and Aero is active!) you see a live preview of the running applications. In the past, the only method of generating a preview for a window was to copy whatever was visible from it to a bitmap. This approach works as long as the windows is completely visible (no other window is on top, the windows is not out of the screen and the window is not minimized). Trying to save a screenshot with this method will fail, unless you take every window, restore it’s state, bring it to front, take a screenshot and move it back – by the way, this action takes too much time and is messy.

In dwmapi.dll we have a set of functions that will generate thumbnails for any opened window. The interesting part is that the preview is not static! It will modify as the window changes. The function DwmRegisterThumbnail defines a region on which the Desktop Window Manager is allowed to draw the preview for a specific window. So, instead of you drawing the picture, you just specify a region and the DWM will do it for you. One important aspect is that DWM will draw the preview as the top layer – everything on the window will be behind the preview. There are some parameters that you can specify for how the drawing is made (transparency, visibility, etc.) but these are out of the scope of this tutorial.

To ‘translate’ the drawing into code we are first going to check if the window has already registered a preview (if so, unregister it), the register a new preview, set the region of the drawing and center the image and finally draw (update) the preview – which will continue to be updated until is unregistered.

private void DrawThumbnail(WindowInfo win, int thumbnailIndex)
{
    IntPtr thumbnail = win.Thumbnail;
    if (thumbnail != IntPtr.Zero)
        DwmUnregisterThumbnail(thumbnail);
    int hResult = DwmRegisterThumbnail(mainWindowHandle, win.HWnd, out thumbnail);
    if (hResult == 0)
    {
        PSIZE size;
        DwmQueryThumbnailSourceSize(thumbnail, out size);
        DWM_THUMBNAIL_PROPERTIES props = new DWM_THUMBNAIL_PROPERTIES();
        props.dwFlags = DWM_TNP_VISIBLE | DWM_TNP_RECTDESTINATION | DWM_TNP_SOURCECLIENTAREAONLY;
        props.fVisible = true;
        props.fSourceClientAreaOnly = true;
        //Set the region where the live preview will be drawn
        int left = (thumbnailIndex % MaxThumbnails) * (ThumbnailSize + ThumbnailSpacing);
        int top = (int)(thumbnailIndex / MaxThumbnails) * (ThumbnailSize + ThumbnailSpacing) + WindowTopOffset;
        int right = left + ThumbnailSize;
        int bottom = top + ThumbnailSize;
        props.rcDestination = new RECT(left, top, right, bottom);
        //Center the live preview
        if (size.x < size.y)
        {
            double ScaleFactor = ThumbnailSize / (double)size.y;
            int scaledX = (int)(size.x * ScaleFactor);
            int xOffset = (ThumbnailSize - scaledX) / 2;
            props.rcDestination.Left += xOffset;
            props.rcDestination.Right -= xOffset;
        }
        if (size.y < size.x)
        {
            double ScaleFactor = ThumbnailSize / (double)size.x;
            int scaledY = (int)(size.y * ScaleFactor);
            int yOffset = (ThumbnailSize - scaledY) / 2;
            props.rcDestination.Top += yOffset;
            props.rcDestination.Bottom -= yOffset;
        }
        DwmUpdateThumbnailProperties(thumbnail, ref props);
    }
}

For each available window we are going to choose a region in which its preview can be displayed. Basically, the preview region is a grid (filled from left to right, top to bottom) where each cell is a preview.

Known Issues

The application offered as download is not perfect and has a series of inconveniences. They are not big problems but I couldn’t find the time to fix them.

• If the list of available windows is modified, the update is not reflected in the application.
• Previews are no longer centered if you change the size of the window they represent.
• There should be a “glow” effect behind the text on glass in order to be visible on any surface. Just like in the Alt-Tab window.
• If clicking an application in the preview list, the focus is not transferred to it.

• The opinions around focused vs. complete tutorials are split almost even (56% vs. 44%). However, someone uggested that he prefers focused tutorials (as text) and a download link with the full project. In my opinion this idea is great.
• Most people prefer tutorials of a difficulty level above or equal to their proficiency level. However, there were a few anomalies  in the results: some that ranked themselves as ‘Advanced’ or ‘Intermediate’ prefer beginner tutorials. This might have two explanations: they prefer beginner tutorials for the other programming fields or they just overestimated themselves.
• The result for the tutorial format is conclusive: almost everyone wants text + images. Just a few prefer video tutorials.

So, the final result is: intermediate or advanced tutorials, presenting just the essentials parts as text but allowing the download of full source.

If you use Windows Vista/7 then you know that buttons and links which elevate privileges are preceded by a shield icon. This is the way Microsoft decided to inform the user about the effect of clicking that control.

The first idea that might pop up is the reinvention of the wheel (or shield). In other words you could draw the shield on a button. This is OK except that:

1. Is not easy
2. Will require you to recompile the interface if Microsoft decides to change the icon
3. You need the icon in many sizes 16×16, 24×24, 32×32, etc. (extract it from MS’ DLLs)
4. Will create a lot of overhead with layout (position icon relative to text size/position)

The second method is easier, safer and recommended by MS. All you need to do is send a specific message (BCM_SETSHIELD) to the button if the user has limited privileges and pressing that button will trigger the UAC window. Actually there is a second, tricky, thing that must be done: the style of the button must be “System” (in C# “System.Windows.FlatStyle.System”). Without this you will not be able to see the shield.

The code provided in part 1 of this article will be modified in order to display the shield on the two buttons. Moreover, the shield will be displayed only when the user runs under an account with limited privileges or non-elevated administrator.

In order to display the shield one needs to send the BCM_SETSHIELD (=0x0000160C) message to the button. This can be done by using the SendMessage function from user32.dll. This article will not cover what is and how to use SendMessage, if you need more information about it follow the previous link.

To set the shield of the “Elevate this application” button one needs to send the message in the following way:

SendMessage(btnElevate.Handle, BCM_SETSHIELD, 0, 1);

The first parameter is the handle of the button, the second one is the message, the third one is not used and must be ’0′ and the last argument must be non-zero in order to draw the shield, zero otherwise.

If you try this it will not work :) Remember the ‘tricky’ thing told before? This is the full code to display the shield for btnElevate:

btnElevate.FlatStyle = FlatStyle.System;
SendMessage(btnElevate.Handle, BCM_SETSHIELD, 0, 1);

There is only one thing that must be done in order to work properly. Remove the shield if the user has elevated privileges. I don’t know if this is against MS’ recommendation but in my opinion one must not be shown information that cannot be used in that context; in our case don’t show the elevate shield if there is nothing to elevate.

Part 1 described how to check if a user has full rights. Now we are just using that boolean variable:

if (!hasAdministrativeRight)
    SetUACShields();

Where SetUACShields will send the message to all buttons that require the shield drawn.

The full updated code from Part 1: UAC Code 3 (10.13 KB)

1. To show the pages correctly
2. To show as much as possible from a page (to remove the need of scrolling)
3. To provide me with an easy way of accessing pages.

What I don’t like at Firefox

• The search bar is superfluous. I really like what Chrome is doing (and the latest version of Opera?): use the address bar as search bar.
• There is no ad blocker
• There is a lot of wasted space: bookmarks toolbar, menu bar (just think how often you use the top menu), big icons

After a few tweaks I got a browser looking like the one in the picture below that satisfies almost all my needs.

Tweaks applied and how/why to use them

1. Remove the bookmark toolbar. You just don’t need that bar! How often do you click a bookmark? If you need a page opened all the time you just don’t close it. Why do you minimize the working are just to see some buttons that you click them in an infinite small amount of the time you spend in browser? How to apply: right click the menu bar -> Uncheck Bookmarks Toolbar.
2. Remove the menu bar. Just like the bookmark toolbar, you don’t use it to often. If you want to see it just press Alt+F. How to apply: Install the Hide Menubar extension.
3. Merge address bar and search bar. Is not practical to need to think if you want to search or you want to enter an a priori known address. There should be just on input field and the browser should be able to decide if you want to search or go to some specific place. How to apply: First remove the search bar by right clicking the menubar -> Customize and drag the search bar out of the menu. Second navigate to “about:config” and search for “keywork.url”. Replace its value with “http://google.com/search?q=”. This will make Firefox search on Google when it cannot resolve a name.
4. Remove ads. Most of the time you just don’t want to see “Super/Extra/Mega/Ultra discount for X”. Also you don’t want to see links that are on top of the search list just because they paid. How to apply: Install the Adblock Plus extension.
5. Move icons and make them smaller. This is just a personal preference. I want the bookmarks button in the left corner. And in order to maximize working area I want small icons. How to apply: Right click a toolbar -> Customize. Drag/drop the icons you want. For small icons check the appropriate box.
6. Mouse gestures. I like the back button on the toolbar because of the drop down menu but usually I go back by holding the right mouse button and dragging left. The gesture functionality saves a lot of time and movement. How to apply: Install the FireGesture extension.
7. Protect/sync bookmarks. Sometimes one might accidentally delete an important bookmark or, even worse, the entire bookmark collection. Is a good idea to backup bookmarks online. This also gives you the possibility of synchronizing bookmarks across multiple machines. How to apply: Install the Xmarks extension.

Future work

1. Remove the status bar. Currently this cannot be done because there is no other way of knowing where a link is sending. Any suggestion?
2. Remove the tabs bar. The tabs bar should be removed in order to get more space but I have no idea where it could go…

As you might already know, Live Mesh allows one to sync files across multiple computers. A big advantage is the Live Desktop -  a 5000 MB online storage location that can be used for storage. When computers involved in the sync are not simultaneously online, the files are synced with the Live Desktop and, when the computers are back online, the files will be synced.

The sharing with Live Mesh works like this: add notebooks’ files on Mesh and they can sync across computers. When a notebook is updated, if you are online the change will be sent/received to/from the Live Desktop.

Advantages of this method:

• No SharePoint knowledge are necessarily.
• Works on Windows Mobile because Live Mesh has a mobile version.
• Instant sync if you are online.
• More storage space.
• Full control over permissions directly from Explorer.
• No user interaction for sync.
• Files are kept offline and can be accessed even with no Internet connection.
• You can store notebooks wherever you want.

Disadvantages:

• Need to install Live Mesh (requires administrative rights).
• You can set sharing permissions only on the top folder (depending on how you sync you can share also individual notebooks).
• Live Mesh has many other functionalities that you might not need if you only want to sync notebooks.
• While online you cannot control when to sync.
• All persons involved must have Live Mesh installed.

To put your notebooks on Mesh (assuming that you have OneNote installed):

1. Register for Mesh.
2. Install the mesh client by adding your PC to the mesh.
3. Select the folder(s) that contain(s):
   1. All your notebooks if you want to just backup or share all notebooks.
   2. Individual notebooks if you want to be able to share selected notebooks.
4. Right click it/them select “Add folder to Live Mesh” (see the image on right). The folder is added to the Live Desktop and you can check it by opening the mesh in a browser.
5. That’s it. The folder is also online and you can share it with whoever you want.

To share notebooks:

1. Select on your local disk a folder that is shared with Mesh.
2. In the right sidebar select “Members”
3. Click “Invite”.
4. Enter the e-mail addresses of the ones you want to share with and choose their permission level (Owner = full control; Contributor = can read/write but cannot perform special tasks; reader = can get files from Mesh but their updates are not synced).
5. Click OK.

Even if you are the only user of a notebook you can use the Live Desktop for backup – this is how I use it.

When the C# compiler encounters an #if directive, followed eventually by an #endif directive, it will compile the code between the directives only if the specified symbol is defined. Unlike C and C++, you cannot assign a numeric value to a symbol; the #if statement in C# is Boolean and only tests whether the symbol has been defined or not.

A predefined (by default) symbol on the “Debug” build configuration is DEBUG. Using this symbol you can define code that will be compiled only in Debug; for example, a debug window will be shown only when needed.

using System;
using System.Text;
 
namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
#if DEBUG
            Console.WriteLine("Debugging information");
#endif
            Console.WriteLine("Code that always executes");
        }
    }
}

The code above will print “Debugging information” and “Code that always executes” when build on Debug and will display only “Code that always executes” when build on another configuration.

You can suppress the definition of the DEBUG symbol from the project properties or by removing the DEBUG from the build argument “/define:DEBUG”. Also, you can define your own symbols in order to accommodate your needs.

Define as many build configurations and symbols you need but don’t abuse this feature!

I will try to post tips every day but I don’t know if my schedule will allow me.

—

When you need to reinstall Windows and/or Outlook you might backup the .pst files (Outlook data files). Unfortunately these files do not contain account information. After reinstall and restore of backup files you need to reenter all information about each account which is a boring process – at least for me because I have 5 e-mail accounts.

If you want to backup accounts information you have to export the “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook” key from Registry.

Export accounts’ information:

1. Start the Registry Editor (Start -> Run -> “regedit”) – in Windows Vista/7 you need administrative rights to start it.
2. Navigate to the previously mentioned branch (HKEY_CURRENT_USER\Software\ … ).
3. Right click the “Outlook” tree node.
4. Choose export.
5. Name the file accordingly.
6. Click “Save”

After reinstalling Outlook, you have to import the accounts. Follow the steps below for this:

Import accounts’ information:

1. Double click the exported file.
2. Choose “Yes” when asked if you really want to import.