DOCSLIB.ORG

Beginning Windows 8 Data Development

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Beginning Windows 8 Data Development For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Contents at a Glance About the Author ...............................................................................................................xiii About the Technical Reviewer ............................................................................................ xv Acknowledgments ............................................................................................................ xvii ■ Chapter 1: Introduction to Windows 8 Development .........................................................1 ■ Chapter 2: HTML5 and JavaScript Apps with MVVM and Knockout ................................13 ■ Chapter 3: Windows 8 Modern App Data Access Options ...............................................29 ■ Chapter 4: Local Data Access: I: IndexedDB ....................................................................35 ■ Chapter 5: Local Data Access I: JET API and Application Data .......................................61 ■ Chapter 6: Local Data Access III: SQLite ..........................................................................89 ■ Chapter 7: ASP.NET Web API ..........................................................................................123 ■ Chapter 8: WCF Services ...............................................................................................147 ■ Chapter 9: Windows Azure Mobile Services ..................................................................179 ■ Chapter 10: Windows Phone 8 Data Access ..................................................................209 Index .................................................................................................................................229 v CHAPTER 1 Introduction to Windows 8 Development With Windows 8, Microsoft introduced significant changes to the underlying platform and user interface. These new features include a new start screen experience, Windows stores to purchase apps from a single repository, and a new platform known as Windows Runtime (WinRT). WinRT provides a new set of APIs and tools to create a new style of touch-first apps that are fast and fluid. These apps are generally called Windows Store Apps. For the purposes of this book, some of the key things to know about WinRT and Windows Store apps include • Windows 8 Apps runs in Windows X86, x64, and ARM processors. • Windows 8 Apps can either run in full-screen mode or be docked to the side of the screen. • WinRT supports programming languages such ac C, C++, VB.NET, and C#, along with HTML5 and JavaScript. • WinRT APIs are designed to be asynchronous. APIs that take more than 50 ms to run are made asynchronous. • The WPF/Silverlight XAML UI model is exposed to developers. • To ensure stability and security, the Windows Store Apps run within a sandboxed environment. • Finally, the most important thing to know is that there is no direct way to connect to the database servers using data providers in Windows RT. As this book is more about data access in Windows 8, this chapter provides an overview of the Windows 8 app framework and briefly looks into the development choices, UI data controls, MVVM patterns, and other necessary concepts that will be used in various examples throughout this book. In the later part of this chapter we’ll write our first data-driven Windows 8 App that displays the New York Times Best Sellers list. Windows App Framework In Figure 1-1, we see the Windows 8 modern-style app framework compared to that of desktop applications, where both share the same Windows core OS services. If we look at the desktop application section, JavaScript and HTML are used to target Internet Explorer, C and C++ are used for Win32 apps, and C# and Visual Basic for .NET and Silverlight. Each of these will have a separate set of APIs. But with Windows 8 Apps, we have one set of APIs that for WinRT whether we use XAML, C#, C/C++, Visual Basic, HTML/CSS, or JavaScript. 1 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Figure 1-1. Windows App framework Development Choices For developing Windows 8 Apps, we can choose either of the two development paths shown in Figure 1-2. Figure 1-2. Development choices In the HTML path we will be able to use the traditional Web technologies like HTML5, CSS, and JavaScript. For presentation, you use HTML tags such as div, table, spans, and input, and CSS for styling. For coding, JavaScript can be used. Apart from the HTML controls, Windows Library for JavaScript provides a set of new controls designed for Windows Store Apps. This WinJS library is our path for the WinRT. If you are a WPF, Silverlight, or Windows Phone developer, then designing the UI and presentation layer using XAML is an ideal fit. Here we will be using C#, Visual Basic, or C++ for coding. 2 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Creating the New York Times Best Sellers App The New York Times Best Sellers app is a simple Windows 8 App that uses the MVVM pattern to display the New York Times Best Sellers list. Building this app is a starting point to learn to use Visual Studio 2012, the MVVM framework, data binding, data controls, and other necessary concepts to create a data-driven Windows 8 Modern UI app. Introducing the MVVM Application Framework Model-View-ViewModel (MVVM) is the most widely used framework in WPF/Silverlight/Windows Phone XAML-based development. Considering MVVM as the central concept of Windows 8, it supports XAML-based development and is ideologically similar to the technologies that use MVVM as the application framework, so it is an ideal choice. This chapter introduces you to the MVVM framework. In later chapters you will learn about some of the most commonly used MVVM frameworks like MVVM Light and Prism. What Is MVVM? The MVVM pattern splits the user interface code into three conceptual parts: Model, View, and ViewModel (see Figure 1-3). The concept of the ViewModel is the new, and it controls the View’s interactions with the rest of the app. Figure 1-3. The basic relationships of the MVVM framework • Model represents actual data or information and holds only the data and not the behavior or service that manipulates the data. • View visually represents the data in the ViewModel by holding a reference to the ViewModel. • ViewModel serves as the glue between the View and the Model by exposing commands, notifiable properties, and observable collections to the View. 3 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Advantages in Using MVVM These are the some of the advantages of using MVVM over other patterns: • The MVVM pattern is designed specifically for the data binding capabilities that are available in XAML applications, allowing views to be simple presentations that are abstracted from the business logic process, which should not happen at the user interface layer. • Another primary benefit of the MVVM pattern is the unit testability of codebase. The lack of connection between the View and ViewModel helps in writing the unit test against the ViewModel. • MVVM allows developers and UI designers to more easily collaborate when developing their respective parts of the application. • The MVVM pattern is widely used and there are several mature MVVM frameworks like Caliburn Micro and MVVMLight that provide all the base template code out of the way, of course, but they also can add advanced binding, behaviors, actions, and composition features. Setting Up the Development Environment Download the developer tools from http://dev.windows.com. The developer tool includes the Windows 8 Software Development Kit, a blend of Visual Studio and project templates. Microsoft Visual Studio for Windows 8 is our integrated development environment (IDE) to build Windows 8 Apps and this version runs only on Windows 8. Optionally, Microsoft Visual Studio 2012 can also be used. The full version has advanced debugging tool support, multi-unit testing framework and refactoring support, code analysis, profiling, and support for connecting to Team Foundation Server. ■ Note Windows 8 Apps cannot be developed with Windows 7, Windows Vista, or Windows XP. Visual Studio project templates give a great jump-start to building HTML and XAML applications. We create a new Visual C# Windows Store Blank App (XAML) project and name it NYTimesBestSeller (see Figure 1-4). 4 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Figure 1-4. Visual Studio templates for XAML The New York Times Best Sellers app displays the details of the New York Times fiction best sellers in a grid view. Before we go further let’s see the project structure in Figure 1-5. 5 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Figure 1-5. NYTimesBestSeller project structure In the default project structure, we have created three new folders via Models, Views, and ViewModel. These folders are used for the Models, Views, and ViewModel. Also we moved the MainPage.xaml to the Views folder. Creating the Model Now, we create the application's data model. This class are created in the Model folders in the C# file BookSellersModel.cs. The BookSellersModel.cs file implements two classes: • Book • BestSellersModel The Book class shown in Listing 1-1 represents details of one of the books on the best sellers list. The details include book title, description, author, and price. 6 CHAPTER 1 ■ INTRODUCTION TO WINDOWS 8 DEVELOPMENT Listing 1-1. Adding Book Class to the Project public class Book { public string Title { get; set; } public
Load more

Recommended publications
  • Web Application Development Using TCL/Apache Rivet and Javascript Anne-Leslie Dean, Senior Software Developer, Flightaware Prese
    Web Application Development Using TCL/Apache Rivet and JavaScript Anne-Leslie Dean, Senior Software Developer, FlightAware Presented: 25th Annual TCL/Tk Conference, Oct 15-19, 2018 Introduction Modern Web applications rival native applications in user experience. This is accomplished by manipulating the Web document dynamically in the client browser environment. There are a many choices of scripting (language) environments a developer may choose to use on the web server: PHP, Python, Ruby, TCL etc. But on the client side, the JavaScript environment is the standard for programmatic control of the Web application. Apache Rivet provides a server environment to build Web applications using TCL. This case study will demonstrate the application of fundamental software design principles such as separation of concerns, abstraction, and encapsulation in a TCL/Apache Rivet environment with integrated JavaScript. The basic structure of the Rivet script will distinguish content management from presentation and will visibly identify a clear interface between the TCL/Apache Rivet and the JavaScript environments. Each step of the case study will conclude with an analysis of the software development principles being applied. Case Study Step 1: Framing Out The Rivet Script The distinguishing architectural feature of modern Web applications boils down to a simple model: a document template rendered against an abstracted data model. The code concerned with managing the abstracted data model is commonly referred to as content management. The code concerned with describing the document template is commonly referred to as presentation. The basic structure of an Apache Rivet script should always reinforce this Web application architectural distinction. This can be accomplished by applying the software principle of separation of concerns with respect to content management and presentation.
    [Show full text]
  • THE FUTURE of SCREENS from James Stanton a Little Bit About Me
    THE FUTURE OF SCREENS From james stanton A little bit about me. Hi I am James (Mckenzie) Stanton Thinker / Designer / Engineer / Director / Executive / Artist / Human / Practitioner / Gardner / Builder / and much more... Born in Essex, United Kingdom and survived a few hair raising moments and learnt digital from the ground up. Ok enough of the pleasantries I have been working in the design field since 1999 from the Falmouth School of Art and onwards to the RCA, and many companies. Ok. less about me and more about what I have seen… Today we are going to cover - SCREENS CONCEPTS - DIGITAL TRANSFORMATION - WHY ASSETS LIBRARIES - CODE LIBRARIES - COST EFFECTIVE SOLUTION FOR IMPLEMENTATION I know, I know, I know. That's all good and well, but what does this all mean to a company like mine? We are about to see a massive change in consumer behavior so let's get ready. DIGITAL TRANSFORMATION AS A USP Getting this correct will change your company forever. DIGITAL TRANSFORMATION USP-01 Digital transformation (DT) – the use of technology to radically improve performance or reach of enterprises – is becoming a hot topic for companies across the globe. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-02 Companies face common pressures from customers, employees and competitors to begin or speed up their digital transformation. However they are transforming at different paces with different results. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-03 Successful digital transformation comes not from implementing new technologies but from transforming your organisation to take advantage of the possibilities that new technologies provide.
    [Show full text]
  • Learning React Functional Web Development with React and Redux
    Learning React Functional Web Development with React and Redux Alex Banks and Eve Porcello Beijing Boston Farnham Sebastopol Tokyo Learning React by Alex Banks and Eve Porcello Copyright © 2017 Alex Banks and Eve Porcello. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/insti‐ tutional sales department: 800-998-9938 or [email protected]. Editor: Allyson MacDonald Indexer: WordCo Indexing Services Production Editor: Melanie Yarbrough Interior Designer: David Futato Copyeditor: Colleen Toporek Cover Designer: Karen Montgomery Proofreader: Rachel Head Illustrator: Rebecca Demarest May 2017: First Edition Revision History for the First Edition 2017-04-26: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781491954621 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning React, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • Introducing 2D Game Engine Development with Javascript
    CHAPTER 1 Introducing 2D Game Engine Development with JavaScript Video games are complex, interactive, multimedia software systems. These systems must, in real time, process player input, simulate the interactions of semi-autonomous objects, and generate high-fidelity graphics and audio outputs, all while trying to engage the players. Attempts at building video games can quickly be overwhelmed by the need to be well versed in software development as well as in how to create appealing player experiences. The first challenge can be alleviated with a software library, or game engine, that contains a coherent collection of utilities and objects designed specifically for developing video games. The player engagement goal is typically achieved through careful gameplay design and fine-tuning throughout the video game development process. This book is about the design and development of a game engine; it will focus on implementing and hiding the mundane operations and supporting complex simulations. Through the projects in this book, you will build a practical game engine for developing video games that are accessible across the Internet. A game engine relieves the game developers from simple routine tasks such as decoding specific key presses on the keyboard, designing complex algorithms for common operations such as mimicking shadows in a 2D world, and understanding nuances in implementations such as enforcing accuracy tolerance of a physics simulation. Commercial and well-established game engines such as Unity, Unreal Engine, and Panda3D present their systems through a graphical user interface (GUI). Not only does the friendly GUI simplify some of the tedious processes of game design such as creating and placing objects in a level, but more importantly, it ensures that these game engines are accessible to creative designers with diverse backgrounds who may find software development specifics distracting.
    [Show full text]
  • Teaching Introductory Programming with Javascript in Higher Education
    Proceedings of the 9th International Conference on Applied Informatics Eger, Hungary, January 29–February 1, 2014. Vol. 1. pp. 339–350 doi: 10.14794/ICAI.9.2014.1.339 Teaching introductory programming with JavaScript in higher education Győző Horváth, László Menyhárt Department of Media & Educational Informatics, Eötvös Loránd University, Budapest, Hungary [email protected] [email protected] Abstract As the Internet penetration rate continuously increases and web browsers show a substantial development, the web becomes a more general and ubiq- uitous application runtime platform, where the programming language on the client side exclusively is JavaScript. This is the reason why recently JavaScript is more often considered as the lingua franca of the web, or, from a different point of view, the universal virtual machine of the web. In ad- dition, the JavaScript programming language appears in many other areas of informatics due to the wider usage of the HTML-based technology, and the embedded nature of the language. Consequently, in these days it is quite difficult to program without getting in touch with JavaScript in some way. In this article we are looking for answers to how the JavaScript language is suitable for being an introductory language in the programming related subjects of the higher education. First we revisit the different technologies that lead to and ensure the popularity of JavaScript. Following, current approaches using JavaScript as an introductory language are overviewed and analyzed. Next, a curriculum of an introductory programming course at the Eötvös Loránd University is presented, and a detailed investigation is given about how the JavaScript language would fit in the expectations and requirements of this programming course.
    [Show full text]
  • Create Mobile Apps with HTML5, Javascript and Visual Studio
    Create mobile apps with HTML5, JavaScript and Visual Studio DevExtreme Mobile is a single page application (SPA) framework for your next Windows Phone, iOS and Android application, ready for online publication or packaged as a store-ready native app using Apache Cordova (PhoneGap). With DevExtreme, you can target today’s most popular mobile devices with a single codebase and create interactive solutions that will amaze. Get started today… ・ Leverage your existing Visual Studio expertise. ・ Build a real app, not just a web page. ・ Deliver a native UI and experience on all supported devices. ・ Use over 30 built-in touch optimized widgets. Learn more and download your free trial devexpress.com/mobile All trademarks or registered trademarks are property of their respective owners. Untitled-4 1 10/2/13 11:58 AM APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE INSIDE Choose a Cloud Network for Government-Compliant magazine Applications Geo-Visualization of SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Government Data Sources Harness Open Data with CKAN, OData and Windows Azure Engage Communities with Open311 THE DIGITAL GOVERNMENT ISSUE Inside the tools, technologies and APIs that are changing the way government interacts with citizens. PLUS SPECIAL GOVERNMENT ISSUE APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Enhance Services with Windows Phone 8 Wallet and NFC Leverage Web Assets as Data Sources for Apps APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE ISSUE GOVERNMENT SPECIAL DEVELOPMENT & APPLICATIONS Untitled-1 1 10/4/13 11:40 AM CONTENTS OCTOBER 2013/SPECIAL GOVERNMENT ISSUE OCTOBER 2013/SPECIAL GOVERNMENT ISSUE magazine FEATURES MOHAMMAD AL-SABT Editorial Director/[email protected] Geo-Visualization of Government KENT SHARKEY Site Manager Data Sources MICHAEL DESMOND Editor in Chief/[email protected] Malcolm Hyson ..........................................
    [Show full text]
  • Tripwire Ip360 9.0 License Agreements
    TRIPWIRE® IP360 TRIPWIRE IP360 9.0 LICENSE AGREEMENTS FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS © 2001-2018 Tripwire, Inc. All rights reserved. Tripwire is a registered trademark of Tripwire, Inc. Other brand or product names may be trademarks or registered trademarks of their respective companies or organizations. Contents of this document are subject to change without notice. Both this document and the software described in it are licensed subject to Tripwire’s End User License Agreement located at https://www.tripwire.com/terms, unless a valid license agreement has been signed by your organization and an authorized representative of Tripwire. This document contains Tripwire confidential information and may be used or copied only in accordance with the terms of such license. This product may be protected by one or more patents. For further information, please visit: https://www.tripwire.com/company/patents. Tripwire software may contain or be delivered with third-party software components. The license agreements and notices for the third-party components are available at: https://www.tripwire.com/terms. Tripwire, Inc. One Main Place 101 SW Main St., Suite 1500 Portland, OR 97204 US Toll-free: 1.800.TRIPWIRE main: 1.503.276.7500 fax: 1.503.223.0182 https://www.tripwire.com [email protected] TW 1190-04 Contents License Agreements 4 Academic Free License ("AFL") 5 Apache License V2.0 (ASL 2.0) 9 BSD 20 Boost 28 CDDLv1.1 29 EPLv1 30 FreeType License 31 GNU General Public License V2 34 GNU General Public License V3 45 IBM 57 ISC 62 JasPer 63 Lesser General Public License V2 65 LibTiff 76 MIT 77 MPLv1.1 83 MPLv2 92 OpenLDAP 98 OpenSSL 99 PostgreSQL 102 Public Domain 104 Python 108 TCL 110 Vim 111 wxWidgets 113 Zlib 114 Contact Information 115 Tripwire IP360 9.0 License Agreements 3 Contents License Agreements This document contains licensing information relating to Tripwire's use of free and open-source software with or within the Tripwire IP360 product (collectively, "FOSS").
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • Exam Ref 70-482: Advanced Windows Store App Development Using HTML5 and Javascript
    Exam Ref 70-482: Advanced Windows Store App Development Using HTML5 and JavaScript Roberto Brunetti Vanni Boncinelli Copyright © 2013 by Roberto Brunetti and Vanni Boncinelli All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. ISBN: 978-0-7356-7680-0 1 2 3 4 5 6 7 8 9 QG 8 7 6 5 4 3 Printed and bound in the United States of America. Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected]. Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/ en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respec- tive owners. The example companies, organizations, products, domain names, email ad- dresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information con- tained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.
    [Show full text]
  • Rational Robot User's Guide
    Rational Software Corporation® Rational® Robot User’s Guide VERSION: 2003.06.00 PART NUMBER: 800-026172-000 WINDOWS [email protected] http://www.rational.com Legal Notices ©1998-2003, Rational Software Corporation. All rights reserved. Part Number: 800-026172-000 Version Number: 2003.06.00 This manual (the "Work") is protected under the copyright laws of the United States and/or other jurisdictions, as well as various international treaties. Any reproduction or distribution of the Work is expressly prohibited without the prior written consent of Rational Software Corporation. The Work is furnished under a license and may be used or copied only in accordance with the terms of that license. Unless specifically allowed under the license, this manual or copies of it may not be provided or otherwise made available to any other person. No title to or ownership of the manual is transferred. Read the license agreement for complete terms. Rational Software Corporation, Rational, Rational Suite, Rational Suite ContentStudio, Rational Apex, Rational Process Workbench, Rational Rose, Rational Summit, Rational Unified Process, Rational Visual Test, AnalystStudio, ClearCase, ClearCase Attache, ClearCase MultiSite, ClearDDTS, ClearGuide, ClearQuest, PerformanceStudio, PureCoverage, Purify, Quantify, Requisite, RequisitePro, RUP, SiteCheck, SiteLoad, SoDa, TestFactory, TestFoundation, TestMate and TestStudio are registered trademarks of Rational Software Corporation in the United States and are trademarks or registered trademarks in other countries. The Rational logo, Connexis, ObjecTime, Rational Developer Network, RDN, ScriptAssure, and XDE, among others, are trademarks of Rational Software Corporation in the United States and/or in other countries. All other names are used for identification purposes only and are trademarks or registered trademarks of their respective companies.
    [Show full text]
  • Write Once, Pwn Anywhere
    Write Once, Pwn Anywhere Yang Yu Twitter: @tombkeeper Agenda • Summon BSTR back • JScript 9 mojo • “Vital Point Strike” • “Interdimensional Execution” Who am I? • From Beijing, China • Director of Xuanwu Security Lab at Tencent – We're hiring • Researcher from 2002, geek from birth – Strong focus on exploiting and detection • Before 2002, I am a… Before 2002 Now Summon BSTR back About BSTR JScript 5.8 and earlier use BSTR to store String object data struct BSTR { LONG length; WCHAR* str; } var str = “AAAAAAAA”; 0:016> dc 120d0020 l 8 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. 120d0030 00410041 00000000 00000000 00000000 A.A............. Corrupt BSTR prefix var str = “AAAAAAAA”; 0:016> dc 120d0020 l 4 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. writeByVul(0x120d0020, 0x7ffffff0); 0:016> dc 120d0020 l 4 120d0020 7ffffff0 00410041 00410041 00410041 ....A.A.A.A.A.A. var outofbounds = str.substr(0x22222200,4); * Peter Vreugdenhil, “Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit” Locate the address of BSTR prefix var strArr = heapSpray("\u0000"); var sprayedAddr = 0x14141414; writeByVul(sprayedAddr); for (i = 0; i < strArr.length; i++) { p = strArr[i].search(/[^\u0000]/); if (p != -1) { modified = i; leverageStr = strArr[modified]; bstrPrefixAddr = sprayedAddr - (p)*2 - 4; break; } } * Fermin J. Serna, “The info leak era on software exploitation” JScript 9 replaced JScript 5.8 since IE 9 JScript 9 does not use BSTR now So exploiters switch to flash vector object But, JScript 5.8 is still there We can summon it back The spell to summon JScript 5.8 back <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Encode"> … </Script> or <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Compact"> … </Script> * Some features are not supported with JScript.Compact, like eval().
    [Show full text]
  • A Software-Based Remote Receiver Solution
    Martin Ewing, AA6E 28 Wood Rd, Branford, CT 06520; [email protected] A Software-Based Remote Receiver Solution Need to get your receiver off site to avoid interference? Here is how one amateur connected a remote radio to a club station using a mixture of Linux, Windows, and Python. The local interference environment is an station computer would run control software details are available at www.aa6e.net/wiki/ increasing problem for ham radio operation, to manage the remote operation. W1HQ_remote. Hardware construction is making weak signal operation impossible This article focuses mostly on the straightforward for anyone with moderate at some times and frequencies. The ARRL software — how we developed a mixed C experience. Staff Club Station, W1HQ, has this problem and Python (and mixed Linux and Windows) in spades when W1AW, just across the project with audio and Internet aspects. System Overview parking lot, is transmitting bulletins and Interested readers will probably want to Figure 1 shows the overall system design. code practice on seven bands with high consult the code listings. These are provided The BeagleBoard XM or “BBXM” is an power. Operating W1HQ on HF in the prime at www.aa6e.net/wiki/rrx_code and are inexpensive (~$150) single board computer evening hours is not possible. There is no also available for download from the ARRL with a 1 GHz ARM processor, Ethernet problem transmitting in this environment QEX files website.1 Additional project and USB connections, and on-board audio — it’s a receiver problem. We could solve 2 1 capability. It has 512 MB of RAM and the problem by setting up a full remote base Notes appear on page 6.
    [Show full text]