Rss Feed
Tweeter button
Facebook button
Technorati button
Reddit button
Myspace button
Linkedin button
Webonews button
Delicious button
Digg button
Flickr button
Stumbleupon button
Newsvine button

Category: Communication

Updated error codes for all Validator tools

By , May 12, 2017 12:01 pm

We’ve just updated our documentation for all our Validator tools to include an up to date list of Exit return codes. You may find these useful if you’re running these tools from the command line.

These error codes apply to C++ Bug Validator, C++ Coverage Validator, C++ Memory Validator, C++ Performance Validator, C++ Thread Validator, .Net Coverage Validator, .Net Memory Validator, .Net Performance Validator and VM Validator.

0 All ok
-1 Unknown error. An unexpected error occurred starting the runtime
-2 Application started ok. You should not see this code returned
-3 Application failed to start. E.g. runtime not present, not an executable or injection dll not present
-4 Target application is not an application
-5 Don’t know what format the executable is, cannot process it
-6 Not a 32 bit application
-7 Not a 64 bit application
-8 Using incorrect MSVCR(8|9).DLL that links to CoreDLL.dll (incorrect DLL is from WinCE)
-9 Win16 app cannot start these because we can’t inject into them
-10 Win32 app – not used
-11 Win64 app – not used
-12 .Net application
-13 User bailed out because app not linked to MSVCRT dynamically
-14 Not found in launch history
-15 DLL to inject was not found
-16 Startup directory does not exist
-17 Symbol server directory does not exist
-18 Could not build a command line
-19 No runtime specified, cannot execute script (or Java) (obsolete)
-20 Java arguments are OK – not an error (obsolete)
-21 Java agentlib supplied that is not allowed because Java Bug Validator uses it (obsolete)
-22 Java xrun supplied that is not allowed because Java Bug Validator uses it (obsolete)
-23 Java cp supplied that is not allowed because Java Bug Validator uses it (obsolete)
-24 Java classpath supplied that is not allowed because Java Bug Validator uses it (obsolete)
-25 Firefox is already running, please close it (obsolete)
-26 Lua runtime DLL version is not known (obsolete)
-27 Not compatible software
-28 InjectUsingCreateProcess, no DLL name supplied
-29 InjectUsingCreateProcess, Unable to open PE File when inspecting DLL
-30 InjectUsingCreateProcess, Invalid PE File when inspecting DLL
-31 InjectUsingCreateProcess, No Kernel32 DLL
-32 InjectUsingCreateProcess, NULL VirtualFree() from GetProcAddress
-33 InjectUsingCreateProcess, NULL GetModuleHandleW() from GetModuleHandleW
-34 InjectUsingCreateProcess, NULL LoadLibraryW() from LoadLibraryW
-35 InjectUsingCreateProcess, NULL FreeLibrary() from FreeLibrary
-36 InjectUsingCreateProcess, NULL VirtualProtect() from GetProcAddress
-37 InjectUsingCreateProcess, NULL VirtualFree() from GetProcAddress
-38 InjectUsingCreateProcess, unable to find DLL load address
-39 InjectUsingCreateProcess, unable to write to remote process’s memory
-40 InjectUsingCreateProcess, unable to read remote process’s memory
-41 InjectUsingCreateProcess, unable to resume a thread
-42 UPX compressed – cannot process such executables
-43 Java class not found in CLASSPATH
-44 Failed to launch the 32 bit svlGetProcAddressHelperUtil.exe
-45 Uknown error with svlGetProcAddressHelperUtil.exe
-46 Couldn’t load specified DLL into svlGetProcAddressHelperUtil.exe
-47 Couldn’t find function in the DLL svlGetProcAddressHelperUtil.exe
-48 Missing DLL argument svlGetProcAddressHelperUtil.exe
-49 Missing function argument svlGetProcAddressHelperUtil.exe
-50 Missing svlGetProcAddressHelperUtil.exe
-51 Target process has a manifest that requires elevation
-52 svlInjectIntoProcessHelper_x64.exe not found
-53 svlInjectIntoProcessHelper_x64.exe failed to start
-54 svlInjectIntoProcessHelper_x64.exe failed to return error code
-55 getImageBase() worked ok
-56 ReadFile() failed in getImageBase()
-57 NULL pointer when trying to allocate memory
-58 CreateFile() failed in getImageBase()
-59 ReadProcessMemory() failed in getImageBase()
-60 VirtualQueryEx() failed in getImageBase()
-61 Bad /appName argument in svlInjectIntoProcessHelper_x64.exe
-62 Bad /dllName argument in svlInjectIntoProcessHelper_x64.exe
-63 Bad /procId argument in svlInjectIntoProcessHelper_x64.exe
-64 Failed to OpenProcess in svlInjectIntoProcessHelper_x64.exe
-65 A DLL that the .exe depends upon cannot be found
Share

The Software Updates Menu

By , December 20, 2016 12:35 pm

We introduced the Software Updates menu in 2012. This coincided with the introduction of automatic software updates. Various bug fixes have been applied to the software update software since then. But we’ve done nothing with the software updates menu at all. Until recently.

In response to some unusual problems a few of our customers have had we thought we could improve the experience of using the software updates function.

Problems with authentication

One customer reported that although he’d entered his login credentials, the login and download were failing. But strangely our software wasn’t prompting him for a correct set of login credentials (which is what should happen). After some investigation we found that some failures on our server were being amalgamated into one global error code sent back to the client. The global error code was then interpreted correctly according to the error code, but that response wasn’t correct with respect to the specific error on the server. We broke all the failure points on the server into discrete error codes and now handle all of these individually. This allowed the problem the customer had to come to the surface – their credentials were in fact incorrect – he’d made a typo while entering his details.

In addition to this we’ve now made changes to the email entry fields that validate only correct characters can be entered in an email address – enter any incorrect ones and the field turns red. Not enough @ characters – red, too many @ characters – red, whitespace in the user name which isn’t quoted – red, whitespace in the domain – red. Etc.

softwareupdatesbademailaddress

There is also the error use case where a customer enters their login details for, say, C++ Performance Validator but the tool they are using when they enter these details is C++ Memory Validator. The login details are valid, but not for this software tool. The image below shows the error message when using the Test Login Details… button.

softwareupdatesbadlogin

We also added two new menu entries for resetting the user credentials and also for setting the user credentials. If the user credentials are reset, no software updates will occur. If the user credentials are set (correctly) software updates will occur.

softwareupdatessetcredentials

Problems with TMP security

When a software update for one of our tools downloads it’s downloaded by default to the directory defined by the TMP environment variable. On a Windows 10 machine this most likely points somewhere like c:\users\stephen\AppData\Local\Temp.

The TMP environment variable is used by the _ttempnam() function to provide a temporary filename for use by the software that calls it. _ttempnam() uses the TMP environment variable to do it’s job. We wrote the software updater code, tested it, and didn’t really think much more about it until we recently received an email from a customer. I’m going to quote a bit of it below.

I am an IT manager for a software house that uses your Performance
Validator and Memory Validator. With the new threats from ransomware
we have locked down developers machines so files cannot be executed
under the users Appdata folders which contains the users temp folder.

He wanted to know what our filename policy was so that he could whitelist our software updater to run inside the directory that he’d locked down. _ttempnam() returns names that are different each time. There is a pattern to the names we use. I explained the rules but then suggested that providing a dedicated download directory removes the need for whitelisting and provides a better security environment. He agreed. So that’s what I’m going to discuss next.

Specifying a directory

The first thing we had to do is replace the use of _ttempnam() with a user specified directory.

The user specified directory defaults to the same location that _ttempnam() would have used. Consult the _ttempnam() documentation and follow the rules for generating the default value. This is basically using GetEnvironmentVariable() to query the TMP environment variable.

Provide a means for the user to specify the download directory.

softwareupdatedirectorydefault

The directory needs to exist. If the directory doesn’t exist, it should be obvious as the directory name is entered.

softwareupdatedirectoryerror

The directory needs to have execute privileges and write privileges. If either of these privileges does not exist for the specified directory the user should be alerted to the fact.

softwareupdatedirectorynowrite

softwareupdatedirectorynoexecute

The Reset button allows the directory to be set to the default value.

Add an entry to the Software Updates menu to enable the user to access this dialog. Update the Startup Wizard to allow the software update directory to be specified.

softwareupdatedirectory

We’ve also updated the software update code to handle the use cases where a valid software update directory is supplied but is then deleted, or it’s permissions altered to deny write or deny execute privileges. This also accommodates the case where nothing changes with the directory but the settings get damaged or corrupted somehow (editing the registry, a machine crash…).

Conclusion

We’re always trying to improve your experience with our software. Whether it’s making the use of Software Updates so easy you don’t need to talk to us about it, or improving your security environment. If you have an issue that you think will improve the software for everyone please do get in touch.

Share

Download problems, an apology

By , June 5, 2014 11:23 am

The last two software releases have not been as smooth as usual. To put it mildly there have been problems.

I’d like to apologise for the inconvenience we may have caused you. I’d also like to explain why these problems happened and what we are doing to put it right.

With the previous software release we supplied the correct binaries but the licence information was incorrect. With the current release the problem reversed itself – wrong binaries, correct licence information. Neither helps. Both problems were caused by different issues.

Problem 1 – case (in)sensitivity

We develop on Microsoft Windows, which has a case-insensitive filesystem. Our webserver runs Linux, which has a case-sensitive filesystem. This can cause problems. Especially when a file with incorrect case is uploaded to the webserver by mistake. The result is two files with similar names rather than one file. Consider a file memoryValidator.inf. If we upload memoryvalidator.inf to the server it won’t replace memoryValidator.inf (as it would on a Windows machine) but will co-exist in the same directory as memoryValidator.inf. When this happens out of date version information (which is stored in memoryValidator.inf) is read because the new version information is in memoryvalidator.inf (incorrect casing).

The above has caused problems with incorrect (out of date) version information being supplied alongside correct binaries.

Problem 2 – a tale of two installers

Our x64/x86 installer actually installs two installers – one for the 32 bit binary and one for the 64 bit binary. As such there is an order dependency – build 32 bit installer, build 64 bit installer, build the x64/x86 installer that installs the 32 bit and 64 bit installers. You must build the x64/x86 installer last. If this happens out of order for any reason you can have problems as the 32 bit installer or 64 bit installer may be out of date.

Why have these problems only surfaced just now?

2014 has been a rather unusual year for us. We’ve had numerous hardware failures, lost two months of email due to a disk encryption issue and had these software release issues. The hardware failures meant we had to move the email and software release systems over to new machines. The software release system has been moved twice. Prior to moving the software release system we’d ironed out all the problems by carefully arranging everything. The problem with that is that it requires human memory to adjust the special case issues every time you change things. We’ve now changed our release procedure to include additional software rule-based checks to ensure the process of doing a release is less error prone.

Resolution

If you have been affected by this problem please login to your account and download the new binary that is available. Please ensure your browser doesn’t cache the file download and provide you with the previous version of the binary.

We’ve updated our software release controller software to include additional rules to check for incorrect build order. The webserver will be getting additional rules for case sensitive file name checking.

Conclusion

I sincerely hope the problems of the last two weeks are the last we’ll have to do with software releases. They cause inconvenience for you and cause me a lot of stress. I look forward to a return to our usual release process.

Share

When things go wrong

By , January 16, 2014 1:10 pm

Sometimes you do things with the best of intentions and it all goes wrong. This week has been like that.

Preamble

It all started out with the simple idea that we’d like to try to create a bit more business by contacting past customers that didn’t renew their software maintenance and see if they wanted to renew.

We’d had some feedback from some customers that they had missed the renewal notices that are included with their software updates and that they would appreciate a separate email from us to inform them. We took this feedback and created some appropriate emails that are sent 90, 60, 30 days in advance of the renewal date. We also send some email after the renewal date for a short period.

So far so good. Nothing wrong with keeping existing customers in the loop.

Setup

The problem occurred when we thought about the customers that had not renewed. Was it an error, an oversight or deliberate? Well of course we don’t know. I think the initial idea may have been to contact customers whose maintenance had expired just over 1 year ago. That’s borderline OK. CRM solutions such Hubspot, Act-On etc all recommend 1 year as the cut off threshold for contacting customers. Anyone over a year, you don’t contact. The reason we were going just over a year was to do with when we’d first introduced paid software maintenance. It fell just over a year.

We also thought that contacting these customers would be a good opportunity to get some feedback about why they hadn’t renewed. Where we doing something wrong? Or had their career changed? etc.

I produced lists of customers, organised by software product whose maintenance expired. The lists included their name, email address and maintenance expiry date. The intention was that customers would receive a personalised email that identified the product they used and did they know their maintenance had expired?

What actually happened

Normally we email customers evaluating our software in HTML email via our Hubspot account.

Customers that have purchased our software received email in plain text or very simply HTML email.

But customers receiving the maintenance renewal email received a HTML email in a different format to our normal Hubspot format, not sent via our Hubspot account, sent from an email account our customers have never heard of, with an incorrect email address in the body of the email. The emails were not personalised, not were they specific to the software tool the customer had purchased. In addition some of the email addresses in the list shouldn’t have been in the list. As a final nail in the coffin of getting this wrong, the emails were sent to customers well outside of the time boundaries initially specified.

I don’t think we could get it much more wrong if we tried. Well, I suppose we could have included some Not Safe For Work or some malware, but short of doing that we got this as wrong as we could have done. Very embarrassing. I’ve been writing email apologies to people left right and centre the last few days.

The Result

Some people unsubscribed. No problem. We expected that some people would. Turns out some people were using different languages or made larger changes in their career and no longer needed our tools.

Some people emailed asking if it was a phishing scam (mainly due to the format, incorrect email address, unusual sending email address, etc).

Some people complained that we were horrible unscrupulous people. Ouch.

In summary, we annoyed some people by being inept at this particular task. We could have done this so much better. And I’m embarrassed by it all.

If you have received one of these emails I humbly apologise. It won’t happen again.

Remedies

As a result of this unintended email episode I’ve created some basic rules. We’ll probably extend these rules as we go.

  • If you can’t personalise it, don’t sent it.
  • If you can’t specify which product you are emailing about, don’t sent it.
  • Don’t send generic, catch-all emails. See previous two points.
  • Ensure all emails are within the date range you intend. Double check them.
  • Don’t accept excuses from marketing for why things are being done a particular way.

The whole purpose of this task was that apart from generating the lists it wouldn’t involve me and I could get on with the technical side of running the business. It hasn’t worked out that way. I’ve had to spend time reviewing other’s work, accepting their reasons for why this way or that way. I’ve paid for their labour and now I’m writing an article about what went wrong.

Email Addresses

All email addresses used were sourced from our own customer lists.

We don’t buy email lists. We don’t sell them either. We regard buying or selling email addresses as Bad for Business.

Share

Communication

By , March 30, 2012 3:20 pm

Are you any good at communication? Thats a good question. If you’re like me, you probably think you are not good at communication.

You may think that good communicators are slick, polished, don’t make mistakes, can sum things up nicely and exude a certain level of confidence. Well yes, the public speakers that have been around for a while do tend to be that way. But that is more the result of speaking in public many times than natural ability. Eric Ries wasn’t as polished when he started speaking in public. He is the first to admit that. Practice makes perfect.

That isn’t want I’m talking about. I’m asking you if you communicate your ideas to others and if at the end of the conversation do they understand you?

Why am I mentioning this? Years ago I had a performance review by my line manager. The review was done in 3 parts. My manager would fill in his scores for various tasks and abilities, rating me. I would do the same. Then we’d compare the scores we had for each task and discuss the differences/similarities and how to improve any areas that needed improvement and how to make the most of areas I excelled at.

There were lots of categories, none of which I can remember except for “communication”. I don’t tend to award myself a 10 or 1 in anything when I self score, so the sheet had various high scores and a few low scores. I was hitting it out of the park in software development terms (which would come back to bite me a few years later in the form of RSI – my work was 3 months ahead of schedule) but for communication I gave myself a really low mark.

The really low mark for communication confused my line manager and we spent a good chunk of the review just talking about communication. I had interpreted “communication” on the form as “Can I present, Do I speak in public, do I do this, that the other…” all these imagined things that I thought a good speaker should do. I didn’t think I could do them.

My line manager wasn’t interested in that. He was interested in did my team mates, colleagues, people in teams interfacing with our team (in person or via our documented API), senior managers etc, did these people understand the technical work I was doing? Did they understand how to use it, why certain things were the way they were and most importantly if someone came and asked me a question could I answer it with confusing the living daylights out of them?

Turns out I could. I scored quite well on all that. No idea what he wrote down. Not really relevant these days.

All I’m trying to say is communication is making sure the other person understands. Far better to be slightly slower, or more verbose, or elaborate (or whatever) and succeed in communicating than be super concise, uber terse, abrupt and leave the other person feeling bewildered or intimidated by what you’ve just said.

How do you feel about communication now? Think you’re better at it than before reading this?

Share

How not do to SEO/SEM, lesson #1

By , August 30, 2011 12:58 pm

Today we received this wonderfully attractive offer for a company to improve our Search Engine Optimization (SEO) with their Search Engine Marketing (SEM) services.

I reproduce this in full, edited to change the phone number and icq number to random numbers. What strange things about this communication do you notice?

ONLINE ADVERTISING

Resources:
- SEO - website optimization;
- Banners;
- Context advertising;
- Mass email distribution.

Any type of payment.
Detailed statistics in a personal cabinet.
Great results.

Minimal order starting from $ 100.

please contact us:

Phone:  +1  (2 3 4) -5 67 -8 9 -0 1 
icq: 123 456

The email title was Business Promotion, the sender was Glen.

For a company that claims to demonstrate that it is capable of helping you they do some interesting things.

  • Unsolicited email communication to a non-existent email address at our company.
  • Generic Email title
  • No business name to identify who is contacting you.
  • No website URL for you to visit to view the quality of their work.
  • Anonymous contact name (Glen). Even if the person is called Glen you still don’t know their name.
  • Generic email address (in this case gmail) preventing you from identifying the company using the email domain.
  • Telephone number provided with multiple dashes, presumably added randomly to try to hide the number from spam detectors.
  • Various claims of competence but zero way for you to verify that by visiting their website.

Doesn’t that email just inspire you with confidence that the sender of the email can and will do a good job and will do it without using tactics that will damage your business?

This email did in fact get past the email filters, which is how I came to see it. Totally clueless marketing of their service. Although the email inspires me with zero confidence that the purveyors of this service are worth hiring, what if they are worth hiring? Perhaps they can do a good SEO job but just don’t know how to do other marketing properly? Its easy to dismiss them on the grounds they must be clueless based on the email, but if they are good at SEO they are seriously messing up.

Lamb not spam

At the very least in the UK, you need to do the following:

  • Email communication to a real email address at our company. If the email is on topic and relevant then it may not be considered spam by the recipient.
  • Informative, non generic email title
  • Include your business name to identify yourself.
  • Include your full name to identify yourself. Not just your first name.
  • Website URL for your prospective customer to visit to view the quality of your work.
  • In the UK, email communication must also include the business trading address (not the registered address), by law. You also need to list your registered company number if in England or Wales.
  • Optionally include your telephone number.
  • Lastly and most importantly, a relevant message for the recipient.

I’m not suggesting that you spam anyone (far from it), but I am suggesting that if you want people to respond to your email, you need to include a few minimum items in your email. The more things you omit or try to hide (as in the example above) the more red flags you raise that will result in your email being rejected.

BTW. Even if this particular email had been presented to me properly it would have received short shift because it is not relevant for what we want to do. But I thought it was interesting as an example of how badly email communication can be done.

Share

Panorama Theme by Themocracy