Brutal Developer

Brutal Dev's Guide to Klapping Boet Fighter

Sat, 12 Oct 2019 21:03:01 Z

Many okes like myself find Boet Figther incredibly difficult (as it was intended). So flippin tough, that okes have been klapping the game for several hours and only getting to the third bladdy level! This grinding stops being fun after a while and I don't have a lot of time to drib millions of dooses in the face over and over for hours just to check some kiff videos clips and have a laugh, so I needed to find a way to win...

Don't get me wrong, I really enjoy playing this game, but I enjoy moering okes more without getting moered back. This game is very entertaining and very much worth the money for the solid work the developers put into it and there crazy fast turnaround with bug fixes and features. Hard Eddy isn't the hardest charna in town if he keeps getting bliksemmed so easily, I wanted a Harder Eddy, the Hardest Eddy of them all, Invincible Eddy!

This is cheating, but nothing that the likes of GameGenie never did for us in the 80's, so if you don't like it then get outta here before you get offended.

Unlocking All Levels

Even with the new checkpoints, it's still crazy hard to get past levels and bosses. I was getting bored stuck on the second level fighting the zombies, I wanted to just explore some of the other levels at least and appreciate the artwork without having to spend many hours grinding my way through. So first off, I wanted to unlock all the levels.

Looking For Save Games
A quick file/folder search for "Boet Fighter" and I discovered the save game file in your user's \AppData\LocalLow\Califourways\Boet Fighter directory. Simply opening up in Notepad reveals that it's just serialized .NET classes, the important bit looking like this:

Assembly-CSharp, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null...DataState...Level1...Level2

Assembly-CSharp.dll is a typical file name for Unity games, all the game code is bundled in there and the class being serialized here is DataState.
So spin up a quick console app, add a reference to Assembly-CSharp.dll (found in \steamapps\common\Boet Fighter\Boet Fighter_Data\Managed) and see if we can read and write save game files to add all the levels.

To avoid wasting time I could be using playing the game, I decompiled the game assembly and traced back where this class was being used, and how the file was getting read/written when you pass levels. In short, this was the code I wrote based on my existing saved game (with only two levels that I passed) to add in the other levels very much like the game itself would do it, using the games own code from it's assembly.

Custom Save Game Code

var allAccess = new DataState();
allAccess.AddItem(new SaveData("Level1", "\u001b"));
allAccess.AddItem(new SaveData("Level2", "\u001b"));
allAccess.AddItem(new SaveData("Level3", "\u001b"));
allAccess.AddItem(new SaveData("Level4", "\u001b"));
allAccess.AddItem(new SaveData("Level5", "\u001b"));
allAccess.AddItem(new SaveData("Level6", "\u001b"));
allAccess.AddItem(new SaveData("Level7", "\u001b"));
SerializatorBinary.SaveBinary(allAccess,
   Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile),
                @"AppData\LocalLow\Califourways\Boet Fighter\Savegame.bin"));

Open up the game and check that I have access to all level, flippin A boet! Keeping the image small below as to not spoil it for the okes that don't want to know what's coming up in the later stages.

Download Save Game
The save game is generic (at the time of writing) so anyone could just copy the save game file to C:\Users\YOUR_USER_NAME\AppData\LocalLow\Califourways\Boet Fighter to unlock the levels, if that's your vibe, just download a copy here (no warranties, always make a backup) and overwrite your one to unlock all the levels: Savegame.bin

Invincible Eddy
So having all the levels is cool enough, but the game is still too hard for me to get very far and I reaaaalllly like the cut scenes (they're awesome) so I reaaalllly want to get past these stages even if it means making it a zero challenge game. The answer, patching the game to make Eddy never get hurt, ever.

Finding The Health Meter
The most obvious way Eddy gets killed is his health meter running out (duh) so the most obvious way to patch the game would be to just stop that from happening. Back to the decompiler, there are a number of decompilers you can use for Unity games, for this I just used trusty old Reflector.

In actual fact, I debugged the game first to test some theories of resetting health among other things, and found the easiest spot in the HeatlhManager class's Update (game loop) method. I won't get into the boring research stuff, but this was the result of my findings:

I imagine this logic here is for when picking up health tubs and shakes to avoid your health going over the max, so if we simply switch it from >= to <= then any time you health drops below 200, it will get reset to 200. This is the smallest possible change for someone lazy like me.

Patching The Game
For something like this I'll turn to Reflexil, since there isn't much to tweak here you can avoid full IL dumping of the entire thing and trying to recompile again safely, so it's a useful shortcut to use.

The OpCode we want to change here is from blt.s to bgt.s (less than to greater than). I know it sounds backwards, but in IL land, constants usually get stacked first so this would technically be 200 <= this.CurrentHealth and we're changing it to 200 >= this.CurrentHealth.

Save this patched assembly and replace the original. We can verify that the patching worked by decompiling the new assembly and going back to check the expression is what we expect:

So now if your current health drops below 200, it goes right back up to 200, Invincible Eddy, the way he would be in real laaf!

Not going to share the patched DLL here obviously, you gotta buy the game if you want that. This was just for me to have a jol and moer the game properly in it's face and watch all the videos. if it's too hard to patch things yourself well then it's like the game, flippin hard boet, and you're going to have to play it the hard way! The next update (very quick at this rate cause they listen to feedback a lot) will lose this change but that's cool, I'll keep coming back to check out what's changed and give it another go because I also like the technical aspect.

Go Buy Boet Figher
Go grab a copy of Boet Fighter now on Steam, it's only 200 South African Rond which is basically for nothing given the hours of entertainment you get from it. It's a great, simple game and lots of fun, but if you get too annoyed and getting dribbed constantly (or maybe you just kak at playing like me) at least you can cheat a bit to get all the entertainment value this game has to offer without any of the frustration.

All images etc are copyright of the owners and all that kak.

The VAST data leak

Mon, 27 Feb 2017 12:08:15 Z

February 27, 2017
Earlier this month it was brought to my attention that VAST, a prominent WiFi provider in South Africa, had private user information exposed on publicly visible pages on their complimentary internet access portal. The problem was fixed within an hour of being reported to the CTO and went above and beyond by performing a full audit with SensePost to ensure that their customer's data is protected.

All pages on the portal could be accessed through a node number, in a URL format like this: https://portal.vast.directory/node/1234567. As you can see, you are not authorized to see this page any more, but before a fix was applied it looked something like this:

In a nutshell, when you signed up for free/complimentary WiFi on the VAST portal, a new page would be created with the information that you used to sign up. This user provided information included your name, email address, mobile number, verification OTP number (only necessary at certain hotspots), your device MAC address, current hotspot location and gender.

A basic manual enumeration in the browser (adding or subtracting one from the ID portion of the URL) didn't really yield much information so on the surface this did not look significant at all.

At the time this was a gimmick because you could sign on with a fake phone number, get to the page that was generated for you to view the OTP and get free timed access. This escalated when it was realised that you can use the MAC address as both the username and password to create a login session, effectively being able to login as anyone who ever signed up. Using the same MAC address, you could also log anyone off the network, causing quite an annoying denial of service. Many of these exploits were being discussed on security forums and chats as early as the 7th of February. This highlights that there could certainly be some security flaws in the implementation, but I was more interested in the amount of private user information that was accessible.

VAST runs some well known WiFi offerings so I expected to see quite a lot of data. The earliest user account found in the node pages was created in April 2016, so anyone signed up in the last ten months at certain sites could have had their personal information seen by a third party. Of the over 14 million possible node pages, just over 10% actually contained user content, which is still a lot...

In total there are 881,974 unique email addresses and 856,648 unique mobile phone numbers. Some of this information is of course fake, but most people generally don't provide fake data when signing up for these things. Mobile numbers are mostly South African, but there is a fair share of international dialing codes so this would have impacted people who visited South Africa as well and used WiFi at the airport.

If people were using these WiFi hotspots regularly, it was easy to start tracking their movements based on the sites, which flights they were on, where they were travelling, where they often had lunch or restaurants they work from. This was no hack, no technical vulnerability, just a simple page enumeration due to lack of access control to pages containing user information.

I must applaud VAST's response and reaction time to this, one of the fastest I've ever experienced by patching this up in under an hour after being notified. Furthermore, they have engaged with SensePost to review the client implementation and more than likely preventative measures to avoid this in future.

The page data did not contain any passwords so there is no reason to panic.
None of this data was indexed on any search engines.
This data is not available for public download or being sold anywhere that I know of.
There is little reason to believe anyone's details were in fact compromised while the exposed pages were visible.
No, I will not tell you if you are/were in the data, use Troy Hunt's "Have I Been Pwned" service.

Bank Grade Security - South African bank edition

Sat, 09 May 2015 07:29:53 Z

After reading an interesting post by Troy Hunt about so called "bank grade" security on Aussie internet banking sites I was curious to see what the results would be for South African banks and more specifically how my bank stacks up against the competition. The results are similar with some very surprising names scoring quite low using Qualys SSL Server Test.

Bank	Grade	SSL3	SHA1	TLS 1.2	RC4	FS*	POODLE
African Bank	A-	PASS	FAIL	PASS	PASS	FAIL	PASS
Sasfin	A-	PASS	FAIL	PASS	PASS	FAIL	PASS
Bidvest	B	PASS	PASS	PASS	FAIL	FAIL	PASS
First National Bank	B	PASS	PASS	PASS	FAIL	FAIL	PASS
Nedbank	B	PASS	PASS	PASS	FAIL	FAIL	PASS
Investec	B	FAIL	FAIL	PASS	FAIL	FAIL	PASS
Grindrod	B	FAIL	PASS	FAIL	FAIL	FAIL	PASS
Capitec	B	PASS	FAIL	FAIL	FAIL	PASS-	PASS
Standard Bank	C	FAIL	FAIL	FAIL	FAIL	FAIL	FAIL
ABSA	F	FAIL	FAIL	FAIL	FAIL	FAIL	FAIL
Imperial Bank	F	FAIL	PASS-	PASS	FAIL	PASS-	FAIL

* Forward Secrecy

The most surprising to me was Standard Bank and ABSA, the top two largest banks in the country, are failing dismally on their SSL implementation. Imperial Bank is frightening and vulnerable to both POODLE and FREAK attacks. The smallest banks seem to score the highest and a number of South African banks don't even have internet banking such as uBank and Postbank.

Although the grades look decent overall, the amount of red is quite concerning.

.NET Assembly Strong-Name Signer

Fri, 18 Oct 2013 17:28:00 Z

-- Download (v3.6.5.0) --
-- NuGet Package --

Automatic strong-name signing of referenced assemblies. Build tasks and utility software to strong-name sign .NET assemblies, including assemblies you do not have the source code for. If you strong-name sign your own projects you may have noticed that if you reference an unsigned third party assembly you get an error similar to “Referenced assembly 'A.B.C' does not have a strong name”. If you did not create this assembly, you can use this tool to sign the assembly with your own (or temporarily generated) strong-name key. The tool will also re-write the assembly references (as well as any InternalsVisibleTo references) to match the new signed versions of the assemblies you create.

Why?

I decided to write this tool because I have needed to sign assemblies myself a number of times. When contacting the developer fails, it leaves you little choice. You either leave your projects unsigned which is often not an option, or find a way around the problem.

I first learnt how to do this trick from OJ Reeve’s article on signing and unsigned assembly. The information is somewhat dated and doesn’t mention using the /TYPELIST option which is crucial to make the round-trip in some scenarios. There are some other tools out there that do this but are also out of date, lack features, are difficult to configure and sometimes create unpredictable results.

Developers still struggle to overcome this problem so I wanted to create a really simple UI, command-line and API to simplify the process. I used the existing tools for inspiration and made sure that Strong-Name Signer overcame all the issues that they currently have.

Strong-Name Signer

This application is the answer to your assembly signing needs. Whether you prefer to use an GUI, the command-line or an API, Strong-Name Signer covers all those bases.

Features

Supports strong-name signing assemblies built in v1.0 to v4.5 of the .NET framework.
Accessible via GUI, command-line or programmatic API.
Round-trips assembly attributes (32-bit preferred, x64 only etc.) correctly.
No need for an existing SNK file, one can be generated for you.
Automatically backs up your files before signing.
Does not require specific command-prompts or framework/SDK tools.
Update BAML resources with new references.

User Interface

Drag-and-drop files or directories and .NET assemblies will be detected. Kept it very simple so it’s accessible and understandable by any user.

Console

Simple command-line options to automate from script files. At minimum you can provide an assembly file, the rest will be done automatically.

API

A public API is exposed you can reference Brutal.Dev.StrongNameSigner.dll and make use of the static methods on SigningHelper to perform strong-name signing tasks from code or PowerShell scripts.

-- Download (v3.6.5.0) --
-- NuGet Package --

Other Existing Tools

I investigated the following tools when developing Strong-Name Signer. I want to give the authors credit since it was the shortcomings in these tools that were the basis for a lot of the features in Strong-Name Signer.

Assembly Signer

This tool was last released in 2010 and contains some bugs that don’t make it a very reliable option.

Manual configuration to identify external tools location.
Doesn’t handle spaces in assembly paths.
Fails on certain round-trips (not using /TYPELIST).
Requires an existing SNK file.
Can only sign DLL files and not EXE files (which are also assemblies).
Requires user input from the command-line / cannot be easily automated.
Can cause problems for a 2.0 assembly if the wrong tools are used.
Fails to recompile 64-bit platform targeted assemblies.
No graphical user interface.

Signer

This tool appears to be the most promising but has been abandoned since early 2007. It does most things correctly but has a number of open bugs that Strong-Name Signer fixes. I had the option of contributing to this project but I wanted to change the architecture in a way that I could unit test the functionality easily.

Requires running in Visual Studio 2005 command-prompt (2010 does not work).
Does not support .NET 4.x+ assemblies.
Requires an existing SNK file.
Requires special handling to recompile 64-bit platform targeted assemblies.
Performs manual re-writing of IL that are not required anymore with newer tools.
No graphical user interface.

Open Source

The source code for this project is available on GitHub.

Error reporting with PushingBox

Thu, 30 May 2013 19:47:13 Z

One of my users let me know they were using a cloud service called PushingBox to be notified of events in Directory Monitor. I investigated what it can do and immediately thought of a couple of interesting use cases for this service. One of those use cases being the ability to send errors to yourself from your own software in the wild. I’ll explain a little about this free service and show you some sample code of how to integrate it into your applications or automation scripts using Powershell.

The PushingBox service

PushingBox is a free service to anyone with a Google account. You can login and it will generate a demo email scenario for you automatically. There are however many more services you can link up to including popular iPhone and Android notification apps and even Twitter. The API is simply an HTTP GET or POST using the “DeviceID” assigned to your scenario and optional parameters that you can use to augment your push messages.

Setting up a basic scenario

To get an email for errors in your application, setup a simple email scenario in PushingBox (My Scenarios –> Create scenario). You can use parameter names enclosed in $ signs for replacement when you make a call to the service (remember this isn’t limited to just email):

Now you can use parameters with the same name in the URL or in your POST and they will be replaced with those values when the email arrives in your inbox. When you’ve setup the scenario, remember to grab the “DeviceID”, you’ll need that to make a request to the service.

Making the service request in C#

The code to make a HTTP POST in C# (or .NET in general) is very easy. Here is a basic static method (using statements left out for brevity) that will POST an exception to the service, remember to use your own devid in place of “YOUR_DEV_ID_HERE”.

public static class PushingBoxHelper
{
  public static Task PushError(string version, Exception error)
  {
    Contract.Requires(!string.IsNullOrEmpty(version));
    Contract.Assume(error != null);

    // Fire and forget but return in case you want to do something with it.
    return Task.Factory.StartNew(() =>
    {
      try
      {
        var post = new NameValueCollection();
        post.Add("devid", "YOUR_DEV_ID_HERE");
        post.Add("version", version);
        post.Add("error", error.ToString());

        using (var wc = new WebClient())
        {
          wc.UploadValues("http://api.pushingbox.com/pushingbox", post);
        }
      }
      catch (WebException we)
      {
        Log.Error("Failed to submit error information to PushingBox.", we);
      }
    });
  }
}

Now whenever you get an error or unhandled exception in your application that you want to get notified about, just call the PushingBoxHelper.PushError method and it will quietly try to push the information to PushingBox’s API so you will get an email or a push to any other service you have configured.

Making the service request in Powershell

If you do not want to write any code or just need to push a notification from a script, you can easily use any of the examples on the API section of their site. I opted for a Powershell script since I wouldn’t need any other dependencies such as Python, cURL or PHP.

Be careful of doing a GET since you will need to encode the parameters correctly otherwise data may get lost. This is the Powershell code to make a GET request:

##############
# GET Method #
##############
param (
  [string]$version = "",
  [string]$err = ""
)

begin {
  [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | out-null
  $get = "http://api.pushingbox.com/pushingbox?devid=YOUR_DEV_ID_HERE&version="
    + [System.Web.HttpUtility]::UrlEncode($version) + "&error=" 
    + [System.Web.HttpUtility]::UrlEncode($err)
  (new-object System.Net.WebClient).DownloadString($get)
}

In the same light, you could also POST from Powershell in a very similar way. I prefer this because it’s cleaner and you don’t need to encode anything, it will happen automatically for you:

###############
# POST Method #
###############
param (
  [string]$version = "",
  [string]$err = ""
)

begin {
  [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | out-null
  $post = new-object System.Collections.Specialized.NameValueCollection
  $post.Add("devid", "YOUR_DEV_ID_HERE")
  $post.Add("version", $version)
  $post.Add("error", $err)
  $wc = new-object System.Net.WebClient
  $wc.UploadValues("http://api.pushingbox.com/pushingbox", $post)
}

You can execute this script from the command-line using the named parameters to send the info you need:

@powershell -NoProfile -ExecutionPolicy unrestricted -file pushingbox.ps1 -version "1.2.3.4" -err "Something went wrong!"

Download Powershell Script

Conclusion

I think this is an awesome service that could be used for a variety of scenarios where you would want instant notification via multiple channels when something interesting happens. Breaking builds triggering a Karotz, automating Tweets when you create a blog entry, there are so many… They also provide the source for certain Arduino shields so you can push notifications due to electrical/mechanical interaction with the environment, check out the videos on the home page for more cool ideas.

Maximum lossless image compression and optimization

Sun, 17 Jun 2012 19:46:00 Z

Scott Hanselman has referred to lossless image compression/optimization, especially PNG files, for quite some time. I’ve also been using these tools for ages but was surprised to hear how few people were actually aware of them. I also wanted to go a step further and see if there were ways to compress and optimize JPEGs and GIFs in the same lossless fashion, this is what I found…

Image Compression Tools

PNGGauntlet is a fantastic option which uses three different tools to perform the optimizations and in parallel. However, it doesn’t provide any optimizations for JPEG or (everyone's favorite format) GIF files although it can convert them to PNG. I like to be up to date as well and the tools that it uses are not always the latest that are out there. Then along comes ImageOptim and Trimage which run your images through a couple more tools but, the software is only available for Mac and Linux. Based on these, this is the list of tools I settled on:

I won’t touch on any more information about these tools, visit the sites if you are interested in further information.

Automation Batch File

The secret is in the combination of all these tools to get the maximum compression possible, as well as using the correct options for best results. I didn't want to create a UI for it but also wanted to make it easy enough for anyone to use, so I wrote a batch file to run your images through the tools in the correct order with the right options. All the requires is that you specify a directory path to recursively compress, this could easily be used as a shell extension as well.

The download contains two batch files.

_Download.bat will just pull and extract the required tools off the internet (PowerShell required) so that you can always have the latest versions.
_Optimize.bat will do all the heavy lifting of trawling through a directory for images to compress.

Even the above screenshot was compressed from 20KB to 12KB, now imagine what this can do to your whole website or even games?

NB:Running this tool will overwrite the images in their respective directories, just be aware of that.

NB2: I have seen some rare scenarios recently where images that have gone through DeflOpt do not render on certain mobile browsers. Be careful of this and remove the call if you experience this problem.

Conclusion

Using these tools is a fast and cheap way of reducing the bandwidth requirements for your websites and games. More people need to know that there are tools available like this and start making use of them. Stop wasting bandwidth and compress your images today, you have nothing to lose, not even image quality!

Download Image Optimizer – includes 7-zip command-line to extract the downloaded tools, don't use spaces in your path, some of the tools don't like it so the batch file doesn't try handle it.

Logging setup in 5 minutes with NLog

Tue, 27 Mar 2012 18:37:00 Z

UPDATE: The latest version of NLog breaks many of these tools by including NLog data by default. The code has been updated to correct this problem by excluding it for both Sentinel and Harvester applications.

The time has come where I needed to add some sophisticated logging to Directory Monitor. I know there are a couple of frameworks out there and this comparison chart lays it out quite nicely although it may be quite dated. So after some quick investigation on the free ones I decided to go with NLog.

ObjectGuy Framework was really appealing at only a 40KB dependency. It's really simple and actually quite powerful, I chose not to use it because as you can see in the chart, thread safety is questionable (not sure why or hasn’t been tested) and it doesn't have built in file rotation/archiving. - @Lorne set me straight, the ObjectGuy Framework does indeed have these features, however, my decision still stands for reasons beyond this.
Log4Net is a good option but the license didn’t agree with me because I want to use it for closed source applications.
Enterprise Library is a monster with lots of other dependencies, really only for large scale applications and if you want to extend it to do crazy things. Use it at work almost exclusively but not ideal for my small app.
NLog is 372KB, works in Mono (enterprise library as well), and has a build for WP7, all versions of the framework, Silverlight etc. Because of this I didn't mind checking it out because it immediately allows me to take that learning anywhere, to almost any application I build. There is also a great monitoring tools you can use along with it such as Sentinel or Harvester.

Quick Setup

You can download and install it or just add it through NuGet in Visual Studio.

Configuration File

Just make a config called NLog.config in the root of your project.

When editing the configuration file, reference the XSD and you'll get intellisense and inline comments in Visual Studio: Right-click the config -> Properties -> Schemas -> "C:\Program Files (x86)\Microsoft Visual Studio 10.0\xml\Schemas\NLog.xsd"

If you have a separate config file, make sure you set the "Copy to Output Directory" is set to "Copy Always" to avoid many tears wondering why the logging doesn't work.

You get a lot of layout options to play with, this is my configuration file, it writes to the event log on error and fatal, creates a daily rolling log file (30 days max), everything is asynchronous and the configuration auto reloads on the fly if anything changes. It also writes to a location that you will have write access to in low privilege situations.

<?xml version="1.0" encoding="utf-8" ?>
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      autoReload="true"
      throwExceptions="false">

  <variable name="appName" value="YourAppName" />
  
  <targets async="true">
    <target xsi:type="File"
            name="default"            
            layout="${longdate} - ${level:uppercase=true}: ${message}${onexception:${newline}EXCEPTION\: ${exception:format=ToString}}"
            fileName="${specialfolder:ApplicationData}\${appName}\Debug.log"
            keepFileOpen="false"
            archiveFileName="${specialfolder:ApplicationData}\${appName}\Debug_${shortdate}.{##}.log"
            archiveNumbering="Sequence"
            archiveEvery="Day"
            maxArchiveFiles="30"
            />
    
    <target xsi:type="EventLog"
            name="eventlog"
            source="${appName}"
            layout="${message}${newline}${exception:format=ToString}"/>
  </targets>
  <rules>
    <logger name="*" writeTo="default" minlevel="Info" />
    <logger name="*" writeTo="eventlog" minlevel="Error" />
  </rules>
</nlog>

Code

This is the singleton class that I use which also includes targets for Sentinel and Harvester when I'm running a debug build.

using NLog;
using NLog.Config;
using NLog.Targets;

namespace YourAppName.Logging
{
  internal static class Log
  {
    public static Logger Instance { get; private set; }
    static Log()
    {
#if DEBUG
      // Setup the logging view for Sentinel - http://sentinel.codeplex.com
      var sentinalTarget = new NLogViewerTarget()
      {
        Name = "sentinal",
        Address = "udp://127.0.0.1:9999",
        IncludeNLogData = false
      };
      var sentinalRule = new LoggingRule("*", LogLevel.Trace, sentinalTarget);
      LogManager.Configuration.AddTarget("sentinal", sentinalTarget);
      LogManager.Configuration.LoggingRules.Add(sentinalRule);

      // Setup the logging view for Harvester - http://harvester.codeplex.com
      var harvesterTarget = new OutputDebugStringTarget()
      { 
        Name = "harvester",
        Layout = "${log4jxmlevent:includeNLogData=false}"
      };
      var harvesterRule = new LoggingRule("*", LogLevel.Trace, harvesterTarget);
      LogManager.Configuration.AddTarget("harvester", harvesterTarget);
      LogManager.Configuration.LoggingRules.Add(harvesterRule);
#endif

      LogManager.ReconfigExistingLoggers();

      Instance = LogManager.GetCurrentClassLogger();
    }
  }
}

Monitoring Tools

Let Sentinel or Harvester run all the time when you are debugging and it will pick up everything that your app is logging (screenshots from their respective project pages).

Start Logging

Now to start log anything, anywhere in your app, just use the static log instance.

try
{
  Log.Instance.Debug("We're going to throw an exception now.");
  Log.Instance.Warn("It's gonna happen!!");
  throw new ApplicationException();
}
catch (ApplicationException ae)
{
  Log.Instance.ErrorException("Error doing something...", ae);
}

This is a really simple and effective setup but you can of course get really advanced from there, all in the configuration file.

The cool thing about having a separate log file is that you can send someone a modified log file that will write trace level logging or even ship the log to a web server or database for you to check out.

Logging is so important in any live application. This just makes it easy while still leaving it very powerful if you ever need to use that power. The logger itself is pretty easy to debug because of it's massive internal logging and setting to expose the internals of it.

Generating statistics from SVN

Sun, 23 Oct 2011 12:13:00 Z

A subversion repository contains a tome of information about your code and looking at this data can prove very useful in identifying trends in development. Quite some time ago I put together some batch files and a small application (for filtering SVN logs) to automate the generating of statistics using StatSVN and SvnStat. I am sharing this with you today.

Example of high level change overview chart. This is one of the many charts and graphs available in StatSVN.

Example of changes per user graph. This is one of the many charts and graphs available in SvnStat.

The reason I’ve looked at this again was because I wanted to change the helper application to a C# script file (.csx) and use Microsoft Roslyn to execute it. I never liked the fact that my simple filtering and looping was in an application, it should be scripted. Unfortunately, Roslyn does not yet support the XDocument type so I couldn’t easily convert it and I really didn’t want to do it in PowerShell cause I’m lazy...

Stat Helper

In the download you will find the following files:

_branches.config: Local checkout locations that statistics will be generated for.
_excludepaths.config: Path to exclude like merges from “trunk”.
_excludeusers.config: Users to exclude from the statistics.
GenerateLog.bat: Updates the checkout location and extracts the log.
GenerateStats.bat: Calls the external libraries to generates the statistics pages.
BrutalStatHelper.exe: Calls the batch files and performs filtering on log data.
BrutalStatHelper.cs: The source code for the filtering app.

Disclaimer: The code is not the best in the world and I don’t claim it to be production code by any means but it does the job as intended. Hopefully it gives people more ideas on improving the stats that get generated. What about making a contents page linking to all the stats index pages for example?

Instructions

Download Stat Helper - Extract the files anywhere you want
Install Java - You need this for both stats libraries
Install command-line SVN - You need this to extract the log
Edit _branches.config with the SVN checkout locations you want to generate stats for
Edit _excludepaths.config with any paths you want to ignore
Edit _excludeusers.config with any usernames you want to ignore
Run BrutalStatHelper.exe to generate the stats

Stats will be generated in subdirectories of the directory you are running BrutalStatHelper.exe from. Open up index.html for StatSVN and more\index.html for SvnStat info from their respective directories when the process is complete.

Extra Information

Check out the additional options available for each library. The helper will get you going quickly but it’s up to you to investigate more and see what you can get out of generating statistics.

Call the helper from a Windows Scheduled Task or during an automated build (CI) to keep the stats fresh.

Start looking at and analyzing more statistics. I use RescueTime to gather statistics about my daily work and like any statistical analysis, it highlights areas of strength and weakness where you may not normally be able to see it.

WARNING: When I introduced this into the workplace it was greeted with interest from management but major apprehension from co-workers. A lot of people don’t like the “big brother” aspect and because the data could be skewed or misinterpreted.

Download Stat Helper - includes source code and both statistics libraries.

Reset BugNET admin password

Mon, 22 Aug 2011 19:38:00 Z

I recently ran into a situation where I had the wrong/forgot the password for my BugNET bug/project tracker site and had no way to get it back. The reasons for password recovery failure are probably due to one of the following:

You didn’t use a real email address.
You didn’t set a security question or forgot the answer.
It’s the admin account, did you think it will be that easy?
It’s the only admin account so you can’t login and change it.

I needed a fast way to get the password reset and because everything is hashed and salted in the database (as it should be) and it’s not that easy to just update the tables with your own generated password. The only thing I could find was unlocking your account from the DB. That got me to the next point…

Since BugNET uses the built-in ASP.NET Membership Role Provider, it’s actually quite easy as long as you have access to the web server or FTP site. This is a hack I’ve used before and will work for other sites as well, though usually if you have access to the web server you’re probably a big enough admin to do this and more.

Instructions

Create a page called ResetPass.aspx with the following code (or download it):

<%@ Page Language="C#" AutoEventWireup="true" %>
<%
  try
  {
    MembershipUser mem = Membership.GetUser("admin");
    if (mem.IsLockedOut)
    {
      mem.UnlockUser();
    }
    mem.ChangePassword(mem.ResetPassword(), "password");
  }
  catch (Exception ex)
  {
    Response.Write(ex.ToString());
  }
%>

<html>
  <head runat="server">
   <title>Admin Password Reset</title>
  </head>
  <body>
    <p>Done resetting password...</p>
    <p>Please delete this page from the web server!</p>
  </body>
</html>

Upload the page to the root of your BugNET website and browse to http://yourwebdomain/ResetPass.aspx.

If anything goes wrong your default error page will show or the usual yellow page of death, if not the password would have been reset to “password” and you’ll get a nice message.

NB: Delete the page from your web server as it poses a major security risk!

The code is simple pretty self-explanatory so I'm not going to go into detail, use it, don't use it (at your own risk).

Download sample code

Show calendar on click DateTimePicker control

Wed, 04 May 2011 23:03:00 Z

Something that’s common-place on the web is clicking a text box to pop-up a calendar. What if you wanted the calendar to pop-up when simply clicking on any area of a System.Windows.Forms.DateTimePicker control? You would expect the control to have a method to easily do this but when you notice there isn't even a public Click event things start looking bleak...

I found a way to get this to work by sending a "mouse button down/up" message to the control in the area where the regular display button is. By forcing this extra click in the right area it's as if you just clicked the button yourself. So I made an extension method with some parts borrowed which add an additional method on the System.Windows.Forms.DateTimePicker control.

We want to make a click happen here (in the red box):

So we can use some native calls as well as basic math to find a good position to click it and send the message like so:

using System;
using System.Runtime.InteropServices;
using System.Windows.Forms;

namespace Brutal.Dev.Extenstions
{
  public static class DateTimePickerExtensions
  {
#if NETCF
    [DllImport("coredll")]
#else
    [DllImport("user32")]
#endif
    static extern int SendMessage(IntPtr hWnd, uint uMsg,
                                  int wParam, int lParam);

    private const int WM_LBUTTONDOWN = 0x0201;
    private const int WM_LBUTTONUP = 0x0202;

    public static void ShowCalendar(this DateTimePicker picker,
                                    MouseEventArgs clickEvent)
    {
      if (picker != null)
      {
        // Remove any existing event to prevent an infinite loop.
        var suppressor = new EventSuppressor(picker);
        suppressor.Suppress();

        // Get the position on the button.
        int x = picker.Width - 10;
        int y = picker.Height / 2;
        int lParam = x + y * 0x00010000;

        // Ignore if the calendar button was clicked
        if (clickEvent.X < picker.Width - 35)
        {
          SendMessage(picker.Handle, WM_LBUTTONDOWN, 1, lParam);
          SendMessage(picker.Handle, WM_LBUTTONUP, 1, lParam);
        }

        suppressor.Resume();
      }
    }
  }
}

Explanation

If you are using the .NET Compact Framework you need to import coredll instead for the P/Invoke for SendMessage so the compiler directive is there to support that.

The extra mouse click event info requirement is so that we can detect where the click happened and ignore it if it was actually on the calendar button (because otherwise it clicks again hiding the calendar – DOH!).

The EventSuppressor is something I picked up on this discussion to stop any other events from firing and also prevent infinite loops calling your mouse events over and over (the code for this in included in the sample code).

If you attach to the MouseDown or MouseUp event you can easily add one line to call the extension on you control and just like that, your calendar will pop-up:

using Brutal.Dev.Extenstions;

private void dateTimePicker1_MouseDown(object sender, MouseEventArgs e)
{    
  dateTimePicker1.ShowCalendar(e);
}

If you're a VB.NET kind of person, you can easily convert this code into VB.NET using this online tool which I’ve tried and it works pretty well.

Download sample code