• Interesting Security

    Just recently I installed a security “fix” from Microsoft Auto Update which involved modifying how some windows system DLL’s load. Well as soon as I reboot after applying this “auto update” CallerID would crash with the following message when windows starts:

    Well what is going on? CallerID didn’t change so why are we getting this error? What changed? Aha the security “fix” must have changed something! After searching on Google I found this link:

    http://support.microsoft.com/kb/935448/en-us

    which talks about a new “hotfix” for the security update. After downloading and installing this hotfix, CallerID is working as it always did, now back to what I was working on before this costly event 🙂

    Just a note about CallerID, I not only author the application, I myself rely on it. I work between home and business offices and rely on my call info/voicemail getting passed from one location to another using the “network” feature, which to me is totally awesome.

    Anyone out there who cannot or does not want to get the hotfix from Microsoft, just replace the EXE in the zipfile at:

    http://www.soft-haus.com/vsoft/files/2-1-0-9.zip

    overtop of the one in your callerid installation folder.


  • A Technical follow-up to the security rollout from Microsoft and how to change your own program to not be affected

    After realising in Microsoft’s hotfix regarding the ANI security update that they won’t be pushing out that hotfix I decided to update CallerID to load the htmlhelp subsystem at the end of dll initialization, thus avoiding this problem altogether. For anyone using Borland Compilers goto the Advanced Linker Tab and click the ellipses on the Dlls to delay load. Add the name hhctrl.ocx to the list (most likely already empty). Recompile your program and voila. How do you know it fixed it? Before doing this change open your application using depends:

    http://www.dependencywalker.com/

    And see if hhctrl.ocx is at the top of the list. Recompile your program and refresh or reopen it with depends and now the ocx is loaded at the end.

    Hope this helps.


  • What is revival?

    It is something that can only be experienced and hardly described.

    For the past few days and leading up to Wednesday this week, we have had John Bennet from the Faith Mission in Canada speaking at the Enderby Evanglical Chapel. The theme for these meetings is revival. It became clear to me from the first Sunday morning sermon that this would be no ordinary series. I also had the thought that it would take a miracle from God to fill the seats for the duration of the meetings. Why? Because the message being preached is not a popular one. Having lived in Enderby for a number of years and getting to know the heartbeat of our community I have realized that a simple, direct message of truth is all we need.

    The moment John began sharing about the fact that all we need is to see a) sin the way God sees it… a vision of sin and b) God’s Holiness a vision of how Holy He is!

    Between these two simple truths comes “godly sorrow leading to repentance” and an overwhelming vision of God’s redemption for the Christian to overcome sin. The word’s “don’t settle for anything less” were an essential insertion, which all placed together indeed brought “conviction” and has initiated change… at least in this heart of mine.

    Hope to see anyone here in the Okanagan at the remaining meetings.

    God Bless.


  • Discovering memory leaks and application crashes in BDS 2006

    Over the past couple of days I plunged into our product suite (see http://www.kronos.com/Products/TotalCare.htm) to look for memory leaks and check for any code smells (an Agile term). I remembered back to the good old days when I would use memproof under BCB6 and quickly find and fix my issues, alas in BDS2006 I had no such success. Memproof has not been updated to support BDS2006 so I checked out what my options were. Ultimately I ended up compiling all our packages, application and workspace plugin dll’s under Codeguard which is built into BDS2006. In some ways codeguard is good and in other ways it is aweful. One particular situation to note was that during application exit, the program would crash with an access violation error. This would ONLY happen when one of the plugin DLL’s was fully loaded. Codeguard would not tell me what the problem was but gave me a clue… the clue was the CPU window showed that recently the c++ runtime library was unloading. After many recompiles and compiler setting changes… somehow.. i am not sure.. I think it was a fluke.. but codeguard stopped on a line of code during the access violation! Wonderful! Here was the code:

    void __fastcall MyFunc()

    {

         ostrstream out1;

         out1 << “myField = ” << iID << ends;

         AnsiString asFilter = out1.str();

    }

    Now i have simplified the code but in essence the ostrstream object was the cause of the crash. I noticed this posting on google: http://groups.google.ca/group/borland.public.cppbuilder.ide/browse_thread/thread/caaee99d8be8d0bf/d77d653639e82abd?lnk=st&q=ostrstream+bug&rnum=3&hl=en#d77d653639e82abd

    which at some point mentiones:

    “Also, is there any reason why you’re not using ostringstream, since
    the strstream classes are depreicated?  

    If you need to use the strstream class, note that you’re leaking
    memory, since you’re responsible for deleting (delete[]) the pointer
    returned by the call to str().)”

    So the fact that this DLL was leaking memory had caused a crash at application shutdown.. and to “mask” the problem someone has changed the linker options for that DLL and disabled Use Dynamic RTL.

    Instead of “cleaning up” after the .str() calls I replaced the filter statements with typical AnsiString.sprintf()’s and voila… compile the DLL using dynamic RTL and no more crash on exit. It always troubles me when a workaround is used which nobody knows why it was used 🙂 Now we know what was going on and it was fixed. One thing I have found out about Codeguard… it is somewhat unwieldy to use but almost always is correct in telling you “something is wrong” just not any more detail than that.