I received a very interesting bug that’s been plaguing our product for a long time now. The problem is that intermittently our WinForm client users would view an image using the WebBrowser Control that would cause the program to crash. Listing this error:

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

This problem happen when our users attempted to use a SVG Viewer or Tiff Viewer ActiveX object. (Which worked perfectly in IE outside of our app) and this did not occur on every machine. Some machines would work, others would not. We were finally able to narrow it down to those using MS Vista’s 32 bit operating system.

After loads of research I was able to narrow it down to Vistas Data Execution Prevention (DEP).

Snippet from Wikipedia about this:

Data Execution Prevention (DEP) is a security feature that is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example. DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support. Software-enforced DEP does not protect from execution of code in data pages, but instead from another type of attack (SEH overwrite).

DEP was introduced in Windows XP Service Pack 2 and is included in Windows XP Tablet PC Edition 2005, Windows Server 2003Service Pack 1 and later,[1] Windows Vista, and Windows Server 2008.

Software configuration

So how does one configure DEP. There are multiple ways of configuring this. Boot.ini (XP and VISTA) ,command line and using Microsoft’s ACT 5.0. By far the easiest method is to use the command line.

1)      Find your Command prompt and right click and select “run as administrator”

2)      Then type “bcdedit.exe /set {current} nx XXXXXXX”

a.       Where XXXXXXX can be the following:

OptIn ( 2 ): This setting is the default configuration for Windows XP. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default.

OptOut( 3 ): This setting is the default configuration for Windows 2003 SP1. DEP is enabled by default for all processes. A list of specific programs that should not have DEP applied can be entered using the System dialog box in Control Panel. Network administrators can use the Application Compatibility Toolkit to "opt-out" one or more programs from DEP protection. System compatibility fixes, or shims, for DEP do take effect. Also note that Windows silently disables DEP for certain executables, such as those packaged with ASPack. [5]

AlwaysOn( 1 ): This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out by using the Application Compatibility Toolkit run with DEP applied.

AlwaysOff( 0 ): This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. (except in Windows Vista Ultimate)

So your commandline might look something like this:

“ bcdedit.exe /set {current} nx AlwaysOff”

Once you are done with this you will need to restart your computer.

To check the status of your DEP Policy you can run this command:

“wmic os get dataexecutionprevention_supportpolicy” This will return a number value.  See values above to see what numbers mean.

Now this is how we defined what the problem was. But turning off DEP entirely isn’t a viable solution since that will expose your computer to many evil virus and hacking code.

Vista provides an interface to select specific programs to be marked as DEP non compliance. You can get to it by going to:

1)      Start

2)      Right Click “My Computer” à Properties

3)      Advanced System Settings

4)      Advanced Tab

5)      Under Performance select “Settings”

6)      Select the tab “Data Execution Prevention”

Here is where you are able to add DEP for all programs and services except those I select. This will set your DEP Policy to 3 (OptOut). You can then select the exe programs that enable you to mark that program as DEP noncompliant.

Well that might work for other people, but it didn’t work for me on my machine.  Everytime I tried to select my program’s exe, I got the message “This program must run with data execution protection(DEP) enabled. You cannot turn off DEP for this program.”

Later I found a website that lists a NXCOMPAT and the C# compiler.

Turns out that you can add this switch to your postbuild event of your project and it will mark your compiled project as DEP non compliant.

1) Right click on project in Visual Studio

2) Properties

3) Build Events

4) Edit Post Build ...

REM Mark project as DEP Noncompliant

call "$(DevEnvDir)..\..\VC\bin\vcvars32.bat"

call "$(DevEnvDir)..\..\VC\bin\editbin.exe" /NXCOMPAT:NO "$(TargetPath)"

Another way to do this is to open up the Visual Studio command prompt, browse to your exe location and type:

editbin.exe /NXCOMPAT:NO YourProgram.exe

That’s it, now our product will compile and it fixes many crash log errors we were receiving previously.

I feel that I would have to break down each Technology and pit them against each other, so here is how I will begin.

ASP.NET/C# VS Zend/PHP

1.       ASP.NET has the .NET Framework while PHP has nothing like it.

a.       .NET Framework has Two main parts:

                                                               i.      Common Language Runtime(CLR): The CLR can run code written in any language that’s adapted to .NET (VB.NET, J# and C#) it can run on any operating system that has a version of the CLR. Like Java that doesn’t have to be written in Java.

                                                             ii.      A hierarchical set of class libraries (Think PHP functions + the PEAR libraries and it extends them a lot, and have them organized in a nicer hierarchical structure). Included in those class libraries are ASP.NET (templating system), ADO.NET (a data access system), Windows Forms (classes for building windows apps), XML/XSLT frameworks (Code Generation), WCF (Built-in Web Services), Expression Framework Classes (Designer Framework), WF (Workflow Framework)

b.      ASP.NET uses a templating system on steroids called Web Forms which uses its runat=”server” attribute which gives you server side controls. Which run on the server giving you many more events, more possibility and more security. There is DaDaBIK but it doesn’t come anywhere close.

Performance Tests

c.       This person used the .NET Framework in C# Mono, but they are the same.
http://shootout.alioth.debian.org/gp4/benchmark.php?test=all&lang=csharp&lang2=php

2.       Speed

a.       .NET languages are static typed meaning they are compiled into assemblies making them 2/3 time faster than PHP, whose applications are interpreted. To achieve the same effect with PHP, Zend and PHP accelerator must be installed on the server. I’ve done this and ran performance tests and ASP.NET is still faster by a large margin. Also OOP is much faster in ASP.NET than it is in PHP.

b.      For Performance Speeds on C#: http://dada.perl.it/shootout/csharp.html

c.       For PHP: http://dada.perl.it/shootout/php.html

d.       

3.       More Language Support

a.       ASP.NET is written using "real" OO (Object Oriented) programming languages of your choice. PHP is just a simple scripting language in comparison to .NET languages like C++, VB.NET or C#.

4.       Much better Development Environment

a.       Visual Studio has multiple Integrated Development Environements (IDE’s) for the different roles you play in development (Database Admin, Tester, Developer, Project Manager, Business Analyst). Just a few of the things you can do:

                                                               i.      Automatically create reports and diagrams from your database

                                                             ii.      Debug the code line by line, while at the same time seeing what happens in the application as well as typing in a command window a variable and seeing what the results of that variable is, or calling a function in the command window.

                                                            iii.      Assign temporary value to variables in the middle of execution, in order to test out different scenarios.

                                                           iv.      Hover the cursor over variables in your code while debugging, to see what value they have “right now”

5.       It’s Part of .NET

a.       ASP.NET is a part of .NET, and that benefit is too large to simply ignore. If you know how to write ASP.NET applications, you know how to write ordinary applications too. Even windows apps, if you read up a little on the Windows Forms classes (as opposed to the Web Forms). PHP has PHP-GTK, but it's currently very immature compared to .NET.

6.       Reusable Codebase from Performance Pro 2

a.       If there is anything we want to use from Performance Pro 2 that we don’t really need to change, we have only to add the .asp file or files wrap it up in a COM Component and ASP.NET can access it and use it as if the code was already written. We can’t wrap the original codebase in PHP without rewriting it.

7.       At this point it’s cheaper

a.       We have the licenses for all the server software, the hardware for at least half of everything we need as well as the developers of strong skill sets already in house. We spend a lot of money already towards consultants for .NET and put a lot of effort into designing Performance Pro 3 for ASP.NET. If we go the other route we need to hire more experts, other developers, new hardware, new software. Most companies move from MySQL to Oracle as they grow and Oracle is very expensive.

Most PHP developers end up just justifying themselves by stating well I’m capable of building this feature or that feature. It’s a programming language of course you can build it. They also state there is this and that company that does it. But that costs more money, while these things are built into .NET. The difference is in productivity, we move to market faster, and the application performs better using the right technologies.

Here’s another link to Benefits of .NET Framework that I’m not even listing:

http://www.tometasoftware.com/benefits_of_net.asp

MSSQL VS MySQL (7 Reasons to Use SQL Server)

1.       Full Server Side Integration

a.       Full server side integration with the .NET Framework (LINQ to SQL , LINQ to XML)

2.       SQL Server has much much more advanced features over MySQL

a.       SQL Server just flat out has more advanced features then MySQL. SQL Server is a Sybased-derived Engine and Microsoft has just focused on using and expanding that infrastructure. MySQL is an open storage engine which uses InnoDb, BerkleyDB, MyISAM and Heap. Which they have struggled with design because of these multiple choices.

3.       XML is a native type within SQL Server

a.       Allows a DBA to modify an XML doc within the DBMS environment, query the document and validate it against XML schemas without having to DB Program it.

4.       Cheaper

a.       We are already have a SQL Server 2005 Enterprise Edition x86. Bought and purchased. MySQL AB would us more money.

5.       Security

a.       SQL Server 2005 has been certified as C-2 compliant and fully supports security at the column level. It also supports native encryption and obfuscat’s(intentionally, very hard to read and understand) the DBA from writing user-defined functions using column encryption APIs. A DBA also has the choice of specifying his own user-defined security functions through the encryption facility implemented in the .NET Framework

b.       MySQL has basic security at the table level and has no such certifications.

6.       Recovery

a.       SQL Server is more failsafe and less prone to data corruption. They have robust  checkpoint mechanisms, enhanced data protection, rapid restorations, Mirrored backups and partial backups instead of sorting through entire full backups.

b.      MySQL falls short with a default MyISAM mechanism. The UPS assumes uninterrupted data, and in the event of an unexpected shutdown your data can be lost and the data store corrupted.

7.       Most move to SQL Server or Oracle anyway

a.       Through my experience most move away from MySQL anyway because it just doesn’t meet the demands of today’s very rich artifacts of data. Such as (Media, Pictures, Audio, XML etc)

This would be considered a persuasive argument for those of you that take the critical thinking or english classes that teach it. ^_^