Optimising join on large table ( (inner join + group by)

optimize sql for inner join with huge data.
We have a table include more than 1M records,
we want get data that the 3 fields is duplicate or  only once's list
before we use "in" or "exists",
the sql when records is less, it is no problem, give us good return,
when records become huge, the sql could get return ,the main problem is inner jion,
So, the change is using CTE (common table expression),
the big improve is before even no return till timeout(more than 20 minutes)
now is only 30 senconds.
And another thing I learn from here is create index view
and deterministic and nondeteministic functions,
because the 1 column is caclute by user funtion, so I could not just create index for improve performance.
Any way, problem resovled.

SELECT Fl.*
 , ROW_NUMBER() OVER (ORDER BY Fl.Name ) as num
 FROM [dbo].[a] Fl
   
   
 where  exists 
 (
     select Fl1.r1
    from [dbo].[a]     
    where
    
    and Fl.r1= Fl1.r1
    and Fi.r2= Fi1.r2
    and Fi.r3= Fi1.r3
    group by
     Fl1.r1
      ,Fi1.r2
      ,Fi1.r3
    having count(*) <= 1
 )


;with R as
 (
 select Fl1.r1 as r1, Fl1.r2 as r2 ,Fl1.r3 as r3
    from [dbo].[a] Fl1                  
    group by
    r1
    ,r2
    ,r3
    having count(*) > 1
 )
 select t.*
 from R inner join   [a] as t
 on t.r1= R.r1
 and t.r2= R.r2
 and t.r3= R.r3

Refrence
http://dba.stackexchange.com/questions/28584/select-the-newest-data-inner-join-group-by-maybe

OWSTimer unhandled exception popup – System.Security.Cryptographic.CryptographicException

When I install the sharepoint 2010 on my machine,
There is a pop up unhandled exception throw every night.

 System.Security.Cryptographic.CryptographicException

http://blogs.technet.com/b/stefan_gossner/archive/2010/05/10/common-problem-with-sharepoint-2010-system-security-cryptography-cryptographicexception-keyset-does-not-exist.aspx

I search online ,find the blog. It is good to know.

If you see this error message from SharePoint 2010 you can relax, nothing bad is happening. When SharePoint 2010 and Visual Studio 2010 are both installed on the same machine you may see this error every 24 hours. This occurs when the OWSTimer service has a regular process recycle and in the shutdown of the old process an exception is raised. The exception doesn’t interfere with the normal process shutdown and recycle and is only ever seen if you have a JIT debugger installed on the machine. You should never see this error on a production SharePoint 2010 server, because you should not be installing Visual Studio 2010 on those servers. You can safely ignore these exceptions and close the window, or leave it there. You actually cannot debug the process, because it will already have been closed by the time you click the button and start your debugger.


To configure the server to no longer show a dialog when an unhandled exception occurs, use the registry editor to delete the following registry keys:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger

On a 64-bit operating system also delete the following registry keys:

• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger

http://blogs.msdn.com/b/pandrew/archive/2010/05/25/benign-owstimer-unhandled-exception-popup-system-security-cryptographic-cryptographicexception.aspx

Event IDs per Audit Category

Event IDs per Audit Category

As a long time administrator and security professional, I have found that some events are more important than others, when it comes to tracking and analyzing security. With this said, there are thousands of events that can be generated in the security log, so you need to have the secret decoder ring to know which ones to look for. Here is a breakdown of some of the most important events per category that you might want to track from your security logs.
Audit account logon events
Event ID      Description
4776 - The domain controller attempted to validate the credentials for an account
4777 - The domain controller failed to validate the credentials for an account
4768 - A Kerberos authentication ticket (TGT) was requested
4769 - A Kerberos service ticket was requested
4770 - A Kerberos service ticket was renewed
Audit account management
Event ID          Description
4741 - A computer account was created.
4742 - A computer account was changed.
4743 - A computer account was deleted.
4739 - Domain Policy was changed. 
4782 - The password hash an account was accessed.
4727 - A security-enabled global group was created.
4728 - A member was added to a security-enabled global group.
4729 - A member was removed from a security-enabled global group.
4730 - A security-enabled global group was deleted.
4731 - A security-enabled local group was created.
4732 - A member was added to a security-enabled local group.
4733 - A member was removed from a security-enabled local group.
4734 - A security-enabled local group was deleted.
4735 - A security-enabled local group was changed.
4737 - A security-enabled global group was changed.
4754 - A security-enabled universal group was created.
4755 - A security-enabled universal group was changed.
4756 - A member was added to a security-enabled universal group.
4757 - A member was removed from a security-enabled universal group.
4758 - A security-enabled universal group was deleted.
4720 - A user account was created.
4722 - A user account was enabled.
4723 - An attempt was made to change an account's password.
4724 - An attempt was made to reset an account's password.
4725 - A user account was disabled.
4726 - A user account was deleted.
4738 - A user account was changed.
4740 - A user account was locked out.
4765 - SID History was added to an account.
4766 - An attempt to add SID History to an account failed.
4767 - A user account was unlocked.
4780 - The ACL was set on accounts which are members of administrators groups.
4781 - The name of an account was changed:
Audit directory service access
4934 - Attributes of an Active Directory object were replicated. 
4935 - Replication failure begins. 
4936 - Replication failure ends. 
5136 - A directory service object was modified. 
5137 - A directory service object was created. 
5138 - A directory service object was undeleted. 
5139 - A directory service object was moved. 
5141 - A directory service object was deleted.
4932 - Synchronization of a replica of an Active Directory naming context has begun.
4933 - Synchronization of a replica of an Active Directory naming context has ended.
Audit logon events
4634 - An account was logged off.
4647 - User initiated logoff.
4624 - An account was successfully logged on.
4625 - An account failed to log on. 
4648 - A logon was attempted using explicit credentials.
4675 - SIDs were filtered. 
4649 - A replay attack was detected.
4778 - A session was reconnected to a Window Station.
4779 - A session was disconnected from a Window Station.
4800 - The workstation was locked.
4801 - The workstation was unlocked.
4802 - The screen saver was invoked.
4803 - The screen saver was dismissed.
5378     The requested credentials delegation was disallowed by policy.
5632     A request was made to authenticate to a wireless network.
5633     A request was made to authenticate to a wired network.
Audit object access
5140 - A network share object was accessed.
4664 - An attempt was made to create a hard link. 
4985 - The state of a transaction has changed. 
5051 - A file was virtualized. 
5031 - The Windows Firewall Service blocked an application from accepting incoming connections on the network. 
4698 - A scheduled task was created. 
4699 - A scheduled task was deleted. 
4700 - A scheduled task was enabled. 
4701 - A scheduled task was disabled. 
4702 - A scheduled task was updated.
4657 - A registry value was modified.
5039 - A registry key was virtualized.
4660 - An object was deleted. 
4663 - An attempt was made to access an object. 
Audit policy change
4715 -  The audit policy (SACL) on an object was changed. 
4719 -  System audit policy was changed. 
4902 -  The Per-user audit policy table was created. 
4906 -  The CrashOnAuditFail value has changed. 
4907 -  Auditing settings on object were changed. 
4706 -  A new trust was created to a domain. 
4707 -  A trust to a domain was removed.
4713 -  Kerberos policy was changed. 
4716 -  Trusted domain information was modified. 
4717 -  System security access was granted to an account. 
4718 -  System security access was removed from an account. 
4864 -  A namespace collision was detected. 
4865 -  A trusted forest information entry was added. 
4866 -  A trusted forest information entry was removed. 
4867 -  A trusted forest information entry was modified. 
4704 -  A user right was assigned. 
4705 -  A user right was removed. 
4714 -  Encrypted data recovery policy was changed.
4944 -  The following policy was active when the Windows Firewall started. 
4945 -  A rule was listed when the Windows Firewall started. 
4946 -  A change has been made to Windows Firewall exception list. A rule was added. 
4947 -  A change has been made to Windows Firewall exception list. A rule was modified. 
4948 -  A change has been made to Windows Firewall exception list. A rule was deleted. 
4949 -  Windows Firewall settings were restored to the default values. 
4950 -  A Windows Firewall setting has changed. 
4951 -  A rule has been ignored because its major version number was not recognized by Windows Firewall. 
4952 -    Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. 
4953 -  A rule has been ignored by Windows Firewall because it could not parse the rule. 
4954 -  Windows Firewall Group Policy settings have changed. The new settings have been applied. 
4956 -  Windows Firewall has changed the active profile. 
4957 -  Windows Firewall did not apply the following rule: 
4958 -  Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer: 
6144 -  Security policy in the group policy objects has been applied successfully. 
6145 -  One or more errors occurred while processing security policy in the group policy objects. 
4670 -  Permissions on an object were changed.
Audit privilege use
4672 - Special privileges assigned to new logon.
4673 - A privileged service was called.
4674 - An operation was attempted on a privileged object.
Audit system events
5024 - The Windows Firewall Service has started successfully. 
5025 - The Windows Firewall Service has been stopped. 
5027 - The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. 
5028 - The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. 
5029 - The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. 
5030 - The Windows Firewall Service failed to start. 
5032 - Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. 
5033 - The Windows Firewall Driver has started successfully. 
5034 - The Windows Firewall Driver has been stopped. 
5035 - The Windows Firewall Driver failed to start. 
5037 - The Windows Firewall Driver detected critical runtime error. Terminating. 
4608 - Windows is starting up. 
4609 - Windows is shutting down. 
4616 - The system time was changed. 
4621 - Administrator recovered system from CrashOnAuditFail. Users who are not administrators will now be allowed to log on. Some auditable activity might not have been recorded. 
4697 - A service was installed in the system. 
4618 - A monitored security event pattern has occurred. 
For a full list of all events, go to the following Microsoft URL.

Get current .net framework dir

System.Runtime.InteropServices.RuntimeEnvironment.GetRuntimeDirectory()

using this function ,we could get current version framework dir.
it is better than read registry.

How to setup exchange server for transport agent test

I am working on transport agent develop in past weeks,
Here is how to set up 2 exchange server for test.


1: Install 2 active domain env.
2: Install 2 exchange server
3: config DNS let the servers know each other
4: Exchange Management console, Organizaiton Config:Hub Transport: (RemoteDomains, AcceptedDomains, SendConnectors)  add another domain.
5: Exchange Management Console, Server Configuration:Hub Transport: (Receive Connectors) add another server
   4 and 5 should config on both exchange server.
6: enable anoymous ,  when recieve error:#530 5.7.1 Client was not authenticated ##
  open : default receive connector: 
          check "Anonymous users"  click apply

Missing Form Authentication provider For IIS 7 on Windows Server

I just test  asp.net web application on New windows IIS 7,
There is no Form Authentication. 
And there is no windows authentication default normally, and you should add in WWW Sevice\security subfolder.
But where is Form Authentication provider?
It under :  WWW Service\Application Development Features

Check : .Net Extensibleility, ASP , ASP.NET 

Form Authentication appeared.   (But which one is really needed?)

silverlight app using forms authentication using AD.

http://songhayblog.azurewebsites.net/entry/show/the-silverlight-business-application-project-and-ntlm

When our project working on authentication using Form , but though AD.

I try to find the

ASP.NET 2.0 Active Directory with Forms Authentication

how it work on WCF and sliverlight evn , I found a good article.

to Using windows authentication in  Sliverlight.

Only part of a ReadProcessMemory or WriteProcessMemory request was completed

When I try get processname from PID,

get exception :
 Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

the error came from :

 HANDLE Handle;
 char buffer[MAX_PATH];
 Handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, PID);
 if (Handle != 0)
 {
 if (GetModuleFileNameEx(Handle, 0, buffer, MAX_PATH) != 0)
 {
 }else{
   here getlasterror got error message

 }
 CloseHandle(Handle);
}

I try search  it because 32bit  try open 64bit process.

I use QueryFullProcessImage  replace with GetModuleFileNameEx

fix this problem.

VS2012 win32.mak is missing

When I install vs2012, try use nmake to build the old project.

got error:  Makefile.nmake(10) : fatal error U1052: file 'win32.mak' not found


There is some blogger talking about how to resolve this problem.

http://bojan-komazec.blogspot.ca/2011/10/how-to-use-nmake-and-makefile.html


http://ask.wireshark.org/questions/14343/setting-development-project-under-visual-studio-2012


I think the simple resolve is add include path like :

From a DOS cmd line,
set INCLUDE=%INCLUDE%;C:\Program Files\Microsoft SDKs\Windows\v7.0A\include;

Names in mifilter

Helpful link

http://fsfilters.blogspot.ca/2010/02/names-and-file-systems-filters.html

Names and file systems filters

Proper usage of names in file system filters and minifilters is a topic that comes up a lot. The reason for this is that sooner or later one has to deal with names and it is a particularly complicated area. In this post I’ll try to address some of the common problems minifilters have with names and suggest some ways that can be used to achieve some of the common scenarios.
There are a couple of factors that make names hard to work with:
1. Computer users are used to names. They think they understand file names. They might not understand many other things, but the fact that a file has a name is something that is pretty clear to everyone. This affects file system filter developers in two ways. First, all developers started as users and as such they suffer from thinking in terms of names in cases where they shouldn’t. Second, most file system filters are meant to be used by users (or written according to user specifications) and as such they need to work with names, because that’s what users know and want.
2. File systems don’t really care about names. I mean, they need names to talk to users, but file systems developers spend most of their time thinking about improving IO performance or reliability and in general about things that happen after a file is created (names matter to file systems pretty much only in the create path). File systems don’t care whether your file is a word document or not, but filters sometimes need to know and names play into this.
3. There are so many of them. You have long names and short names and then file IDs object IDs. And then you have hardlinks and symlinks. Also, there are alternate data streams that also have names. And then you have remote file systems where one needs to care about machine names and redirector names and so on. An additional problem is that users don’t usually get the finer details about all these, so specs they come up with often don’t properly address all the possible interactions.
4. The IO stack in Windows is asynchronous. Which means that a name can change at any time. Which in turn means that once a filter gets a name, it might already be useless or wrong. Sure, one can argue it’s a rare occurrence and regular users wouldn’t run into it. But what about malicious users ? You are unlikely to run into a race between renames and transactions on a regular user’s machine, but what if someone makes it happen ? A real product can’t afford to ignore such cases.
Now let’s take a look at some of the things minifilters try to do with names. It turns out that there aren’t that many. In fact, there are pretty much three types of things that minifilters do with names. Each of these classes has specific requirements which I will address at length:
1. Open files by calling FltCreateFile. This is done to scan the file or to read or write contents, to encrypt it or something like that. Once the file has been opened there usually is a handle that is used in subsequent operations so the name is not interesting anymore. Things to note here are:

• the filter must know the name of the file at this moment. If the filter is trying to open a file that has been renamed, it needs to know the new name. Opening the file by the old name might lead to problems.
• FltCreateFile can only be called at PASSIVE_LEVEL.

2. Send the name to user mode for some reason (to display it to the user, or to open the file in user mode, or to log operations and so on). The vast majority of these operations are not synchronous (i.e. there is no operation that is blocked in kernel mode waiting for the user to read the message). There is one common exception, which is Anti-virus software which in case it finds a virus will sometimes prompt the user for action and it needs to display the file name (it will also probably log the name, but that can be done asynchronously). The reason this is important is that by the time the name is consumed (the user reads the log for example) the name could very easily have changed. Things to note:

• the name of the file is usually less important. If a filter logs writes, if a rename happens at the same time writes are happening, the order doesn’t usually matter much.
• because the information is meant to consumed by the user, performance and lag in presenting the information doesn’t matter. Even in the AV case, where the user must chose some action before the kernel thread can continue, the user is much slower than the processor. So for these types of scenarios performance is not usually important (in these paths at least; overall performance impact of the product is a different issue).

3. Policy checks. This is usually done in an effort to understand if a file is interesting or not to the filter. This is usually the case where the is some policy that is enforced by the user. For example and anti-virus filter might ignore files under a certain path or an encryption filter might only encrypt .doc and .txt files. Key things here:

• it is a bad idea to check if the file is interesting by querying and parsing the file name every single time the filters needs to know this. A better design is to cache the information about the file somewhere and then update it only when it changes. Since we are talking about name based policy here, the only place where it can change is in the rename path. Stream contexts are particularly suited for this task and what filters normally do is attach a stream context if the file is interesting. Then, when they need to decide whether the file is interesting or not they can simply get the stream context and if one is present then it is interesting.
• The stream context is initialized at create time and is potentially changed at rename. Both these operations happen at PASSIVE_LEVEL. Some filters prefer to query the name when the operation they care about happens, but this approach usually generates more problems that it solves.

4. Virtualization. Minifilters will use names to create a virtual namespace (inject virtual files or folders into the file systems namespace or hide files). This has a different set of challenges (many information classes that expose names, directory change notifications, oplocks and so on) but querying names is fairly easy. Also, the minifilter either is the owner of part of the namespace, which means it can serialize things and it is in the position to authoritatively know what the name of the object is or it is hiding part of the namespace, which means there will be no operations on that part of it (since no one knows it’s there).
Now that we have all the pieces in place, let’s look at some of the common scenarios.
By far the most common failure is to try to get a name where it is not supported. Like at DPC or in the paging path (people want names when writes happen to a file). This has in the past made people believe that the name support in filter manager (via FltGetFileNameInformation and friends) is broken. However, that is not the case. The important thing to understand in this case is that it is almost never the case that the name is actually needed in these cases. And by needed I’m referring to how the name is going to be used. If it is a class 1 (looking at my classification above) operation (FltCreateFile) then if the name can’t be obtained FltCreateFile cannot be called anyway (by that i mean that if FltGetFileNameInformation can’t get the name then it is illegal to call FltCreateFile). For the 2nd class of operations, the approach is to queue an async work item to get the name for this file and use it (send it to user mode, log it to the file and so on). Remember that neither accuracy nor performance usually matter here so not waiting for the work item to finish is usually ok... For the 3rd class of operations it only matters if the context is not set up yet because once a context is in place the decision should be made based on it. However, the approach of getting the name the first time it is needed has some drawbacks like the fact that getting the name and setting the context can race with renames (outside of the IRP_MJ_CREATE path) so the name might become invalid immediately; also the lack of a context might mean that the file is not interesting as well as the fact that this is the first operation for a file…

Another common scenario is to try to open the same file the user has open. Some anti-virus filters do this to scan the files. So the minifilter gets the name of the file in pre or post IRP_MJ_CREATE and then tries to open it. This works in the sense that one can get the name both in pre and post create, but it is problematic because the name of the file can change (however AV scanners should avoid scanning in preCreate for other reasons…). It’s hard to come up with a scenario where a malicious file might end up on a user’s system by taking advantage of this, but even so it is something to consider. Another common scenario is to open an alternate data stream for a file the user has opened in a filter. The same set of issues around racing with renames applies. A solution for this is to use a rather unknown feature of the IO system, relative opens. For any ZwCreateFile or FltCreateFile when initializing the object attributes with the InitializeObjectAttributes macro there is a parameter that accepts a handle to the root directory so that a file can be opened relative to a directory. However, this can be used to solve the problems in the example above. If the name passed in to InitializeObjectAttributes is empty (the Length = MaximumLength = 0 and Buffer = NULL) then the create will open the same stream. So if a filter wants to open another file object for a stream the user has open (or an alternate data stream for the same file) then the filter can call InitializeObjectAttributes with a handle to the user’s FILE_OBJECT (one way to generate a handle is via ObOpenObjectByPointer) and use an empty name (to open exactly the same stream) or just the name of stream (to open an alternate data stream) as the ObjectName.

One more thing I would like to point out is that a call to FltGetFileNameInformation in preCreate might fail if the create itself will fail. So if FltGetFileNameInformation fails with a weird status in preCreate, please make sure to investigate if the user’s create would actually have succeeded. In such cases where getting the file name in preCreate is vital to the operation of the filter then the filter should most likely fail the user’s create if FltGetFileNameInformation failed. Generally it would be better it things were done in postCreate, where possible.

There are a lot more interesting things with names but these are some of the common things that filters try and have problems with. Feel free to ask questions about specific scenarios.

Threading model (STA , MTA)

Recently, I am working on edge project, that need call the old dll to get file meta data.  this dll call com object, using STA model.
from call
CoInitialize(NULL);

Before I try change the caller's thread mode. but I do not know why we need STA model.

So, I try use
::CoInitializeEx(NULL, COINIT_MULTITHREADED)

using MTA instead of STA , see what happened.

Understanding The COM Single-Threaded Apartment Part 1  is helpful.

Get memory usage info

In this post I will show you how to log your current memory usage in a process. Our main function to get required information is “GetProcessMemoryInfo()” function, which is defined in psapi.h(Process Status API). After you include psapi.h in your code file, you have to link psapi.lib to your project. Otherwise you will get a linker error.
#include "psapi.h"

  PPROCESS_MEMORY_COUNTERS pMemCountr = new PROCESS_MEMORY_COUNTERS;
    if(GetProcessMemoryInfo(GetCurrentProcess(),pMemCountr,
             sizeof(PROCESS_MEMORY_COUNTERS)))
{
printf("%l",pMemCountr->PagefileUsage/1024)
}
    delete pMemCountr;

error C4430: missing type specifier - int assumed. Note: C++ does not support default-int

Error 1 error C2146: syntax error : missing ';' before identifier 'm_xxx' D:\Workdir\*.h 51
Error 2 error C4430: missing type specifier - int assumed. Note: C++ does not support default-int D:\Workdir\*.h 51 1

I got these error when I try  using Poco library with Fltlib together,

What I did is : I build the poco library sample fine.
                        I build the minifilter  sample  fine.

  I want create my project, merge these 2 project together, I meet an issue is Platform toolset is different.  I try find the way it worked.  using Platform  toolset v110. 

but got these 2 exception.   the type missing is defined in "fltuserstruct.h", 

Why merge got exception...

Finally , I found I need put include "fltUser.h" ahead of poco*.h 

It is good to find something work.

About Redirect or Change Print Stream

One of my friends told me he worked on a project, the requirement is change the print content, but could not change the print source program yesterday. I remember I did similar project before also need change print content, it was a translate print result. The original print is English version, the client want all label change to Chinese. What I did is create a Txt Printer, then monitor the printed files change, open the print result files, output new translate result.

I think this is a simple solution for change the print content. Hope my friend do a good job!

c++ LRU Cache

I am looking for c++ implement LRU cache recently,
found POCO C++ library is very useful.  And it include different types Cache class we can use:

http://pocoproject.org/slides/140-Cache.pdf

LRUCache,
ExpireCache
ExpireLRUCache  etc.






 

Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)

Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)

I got this error when my new colleague test out exchange routing agent. He created new test user got this error, mine was connect to  exchange before, and at the same time mine is working.

We did not think the problem is exchange server side issue, search a lot fix blog, none is fit us.

Finally, I check exchange server, there are 1 service mark as automate start but did not run.  just start the service.  every thing is fine.

There are some blog said check the  exchange service first,  this is important.

How to indentify a SID is wellknown sid or not

In my project, I need identify a SID is wellknown sid or not. I found a function to do it.

Well-known SIDs
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
Well-known-sid-type enumeration
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379650(v=vs.85).aspx

IsWellKnownSid function
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379154(v=vs.85).aspx
BOOL WINAPI IsWellKnownSid(
  _In_  PSID pSid,
  _In_  WELL_KNOWN_SID_TYPE WellKnownSidType
);

Windows setup project vbs custom action return value

When I create a custom action use VB script. try rollback install.  return value from vbs custom action to installer. There is a little trick things .

we want the installer silent quit , (or pop our message)  not through exception.

I easy to find the msdn  about how to return value from custom action:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa371254(v=vs.85).aspx

Custom actions written in JScript or Visual Basic, Scripting Edition (VBScript) can call an optional function. These functions must return one of the values shown in the following table.

Return value	Value	Description
msiDoActionStatusNoAction	0	Action not executed.
msiDoActionStatusSuccess	IDOK = 1	Action completed successfully.
msiDoActionStatusUserExit	IDCANCEL = 2	Premature termination by user.
msiDoActionStatusFailure	IDABORT = 3	Unrecoverable error. Returned if there is an error during parsing or execution of the JScript or VBScript.
msiDoActionStatusSuspend	IDRETRY = 4	Suspended sequence to be resumed later.
msiDoActionStatusFinished	IDIGNORE = 5	Skip remaining actions. Not an error.

Note that Windows Installer translates the return values from all actions when it writes the return value into the log file. For example, if the action return value appears as 1 (one) in the log file, this means that the action returned msiDoActionStatusSuccess. For more information about this translation see Logging of Action Return Values.

To return a value other than success from a script custom action, you must use a function target for the custom action. The target function is specified in the Target column of the CustomAction Table.
The following script example shows you how to return success or failure from a VBScript custom action.

VB

Copy

Function MyVBScriptCA()

    If Session.Property("CustomErrorStatus") <> "0" Then
        'return error
        MyVBScriptCA = 3
        Exit Function
    End If

    ' return success
    MyVBScriptCA = 1
    Exit Function

End Function

If this VBScript were embedded in the Binary table of the installation package as MyCA.vbs, the CustomAction Table entry for the script would be the following:

Action	Type	Source	Target
MyCustomAction	6	MyCA.vbs	MyVBScriptCA

Build date: 11/30/2012

We know the most important thing is  :

To return a value other than success from a script custom action, you must use a function target for the custom action. The target function is specified in the Target column of the CustomAction Table.
The following script example shows you how to return success or failure from a VBScript custom action.

But how to set the target in customaction table ?

The vs2010 does not support  us set the function name in target table directly.

We have to open msi file (use ora edit or supperora )  ,  find custom action table.

 the problem is  Action and Source when  we open the custionaction table it is a numberstring create by vs2010. so , first we need from file table find the name.  then we put the function name in customaction table  target column .

fth 3572 fault tolerant heap shim applied to current process

"fth 3572 fault tolerant heap shim applied to current process"
After the pragram crash, the debug show infomation.


How to disable or reset it.
http://msdn.microsoft.com/en-us/library/dd744764(VS.85).aspx
Fault Tolerant Heap


Affected Platforms
Clients - Windows 7
Feature Impact
Severity - MediumFrequency - Low
Description
The Fault Tolerant Heap (FTH) is a subsystem of Windows 7 responsible for monitoring application crashes and autonomously applying mitigations to prevent future crashes on a per application basis. For the vast majority of users, FTH will function with no need for intervention or change on their part. However, in some cases, application developers and software testers may need to override the default behavior of this system.
Solution
Viewing Fault Tolerant Heap activity
Fault Tolerant Heap logs information when the service starts, stops, or starts mitigating problems for a new application. To view this information, follow these steps:
1.Click the Start menu.
2.Right-click Computer and click Manage.
3.Click Event Viewer > Applications and Services Logs > Microsoft > Windows > Fault-Tolerant-Heap
4.View FTH Events.
The service stop and start events contain no additional data. The FTH Enabled event contains the Process ID (PID), the process image name, and the process instance start time.
Disabling Fault Tolerant Heap

Caution Serious problems may occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems may require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.To disable Fault Tolerant Heap entirely on a system, set the REG_DWORD value HKLM\Software\Microsoft\FTH\Enabled to 0.
After changing this value, restart the system. FTH will no longer activate for new applications.
Resetting the list of applications tracked by FTH
Fault Tolerant heap is self-managing and will autonomously stop applying in the case that mitigations are not effective for a given application. However, if you need to reset the list of applications for which FTH is mitigating problems (for example, if you are testing an application and need to reproduce a crash that FTH is mitigating), you can run the following command from an elevated command prompt:
Rundll32.exe fthsvc.dll,FthSysprepSpecialize
Caution Running this command will clear all FTH applications, so applications that are currently functioning properly may begin to crash again after running this command.

userful link for minifilter

http://www.osronline.com/article.cfm?article=74

That's Just the Way It Is - How NT Describes I/O Requests 

http://www.easefilter.com/info/Filter%20Driver%20FAQ.htm
What is the difference between cached I/O, user non-cached I/O, and paging I/O?


https://aonprog.wordpress.com/tag/file-mini-filter-driver/

Good technical article for minifilter.

sign a driver for test

This summary is not available. Please click here to view the post.

Show wpp tarce log in traceview

After build the driver, we could use  tracelog / traceview to log/show the trace infomation.
1: input *.ctl (Control Guid) file.  that we define WPP_CONTROL_GUIDS  in trace.h  and at the same time
   create a ctl file include 1 line :  guid CtlGuid
2: input  *.tmf files.
   using tracepdb  to create tmf file , -c option create tmc file also.
tracepdb -i D:\driveout\accessch.sys -r D:\driverout -p D:\driverout\tmf -v -c
tracepdb -i D:\WFSample\accessch\out\Win7Debug\x86\accessch.sys -r D:\WFSample\accessch\out -p D:\WFSample\accessch\out\tmf -v -c
3 using tracefmt to display etl as txt.
tracefmt D:\driveout\l.etl -i D:\driveout\accessch.sys -r D:\driveout -p D:\driveout -o D:\driveout\t.txt -v

nmake2msbuild with WPP upgrate from 2010 not working

when upgarate wdk driver project oldversion  nmake project to vs2012
first use namake2msbuild  or vs2012  File-Open-covert Sources/Dirs  to upgrate the project to vs2012 vcxproj.
when this step done,I try build the solution.
Because my old driver using WPPTracing, 
I got exception " error: (WPPCreateFile)Cannot open file .., error 5"
I read/search about "Using WPP Software Tracing in KMDF Drivers"
but it did not help me to resovle this problem.
finally, I use notepad open the vcxproj file
found :
<ClCompile Include="@(ClSourceFiles)" Exclude="@(ClCompile)">
      <WppEnabled>true</WppEnabled>
      <WppKernelMode>true</WppKernelMode>
      <WppTraceFunction>DoTraceEx(LEVEL,FLAGS,MSG,...)</WppTraceFunction>
      <WppScanConfigurationData>..</WppScanConfigurationData>
    </ClCompile>
only thing I did is  replace .. with trace.h

    <ClCompile Include="@(ClSourceFiles)" Exclude="@(ClCompile)">
      <WppEnabled>true</WppEnabled>
      <WppKernelMode>true</WppKernelMode>
      <WppTraceFunction>DoTraceEx(LEVEL,FLAGS,MSG,...)</WppTraceFunction>
      <WppScanConfigurationData>trace.h</WppScanConfigurationData>
    </ClCompile>

right now, every thing is good.
it took me almost more than 3 hours to try upgrate the nmake project to vs2012 vcxproj.

DebugView CHM does work on windows 2008 or windows 7

select the chm file.
Right click property,
Click " Unblock "

Create MiniFilter Step by Step

Create MiniFilter Step by Step.
1 : Install VS2012
2 : Install WDK 8.0
3 : Install wdfcoinstaller
4 : Debug cable link  host machine and test machine.
(Debug cable could be USB or Serial )  mine is "USB to serail cable" need install driver.
5 : Config test machine.
(
setup new windows 7 , join to same domain with host machine.
Configuring a Computer for Driver Deployment, Testing, and Debugging
http://msdn.microsoft.com/EN-US/library/hh698272(v=VS.85,d=hv.2).aspx
) 
6.1: Using visual stiduo 2012 to deploy driver to test machine.
6.2: Sign a driver for test
7 alway run code analyze
8 run debugview on test machine
9 run verifier on test machine.

Data Entity Exception when using transaction

I use Entity Framework as database layer, got exception :

"The underlying provider failed on Open.

System.Data.Entity
The operation is not valid for the state of the transaction.
System.Transactions

"
when I enable the network DTC access, the problem resolved.


To enable network DTC access and configure Windows Firewall on Windows 7 or Windows Server 2008 R2