I am trying to use the HP Fortify Static Code Analyzer to analyze security concerns in a large C application and I have run into various bugs in the software itself that I cannot seem to find any answers to anywhere on the Internet. I am using version 3.4 of the software and running it on a Linux x64 system.
The main bug that I am encountering that makes it very difficult to use this product at all is that in various different places in their Audit Workbench GUI the program will just close for no reason. An example is whenever a pop-up window shows asking you a question and your answer to the question is just to close the pop-up window by either clicking on the close button or the cancel button, the whole program ends instead of returning you back to where you were when you originally got the pop-up. Another example is when I try to open the Rules Editor, either for a new Rule Pack or an existing Rule Pack, the program opens up a progress window with a moving progress bar that sits there and moves for a while but when it is finished, instead of opening up the Rules Editor, the whole program just ends suddenly.
Has anyone out there seen behavior like this? If so, please let me know what I can do about it. Thank you.
I would highly recommend upgrading to the latest (4.10 at the time of this post) version. One thing you can do to help diagnose issues is to look at the log files. These are located in (by default) [user.home]/fortify/AWB-3.40/log.
Also, since you are using Linux 64bit, you will want to ensure that AWB isn't trying to access the 32bit JRE at any time. This can be accomplished by removing [fortify install root]/jre and renaming [fortify install root]/jre64 to [fortify install root]/jre. Some of the tools default to /jre and so you can run into issues on Linux 64bit.
Related
I've created software using Filemaker and I have to create an installer.
I already done it for Windows but I have to create one for Mac too. The installer will be able to install the software, install a font and ask the serial number.
Can someone help me?
I think Apple used to (still does?) offer a program with Xcode that was called PackageMaker, but I don't think they still do. It might be available from a previous version of Xcode. I found surprisingly little information about it online.
However, the command line tools that it was based on, pkgbuild, productbuild, and pkgutil , seem to be installed on my laptop running Yosemite with an Xcode utilities installation.
I would check out the accepted answer to a similar question here on Stack Overflow. It looks quite detailed, but I think it's going to be very advanced work to get a successful package created.
The above is what you probably want if you want your installer to use Apple's own Installer app. If all you want is to create an installer that gets the job done, I would probably use FileMaker itself.
Create a FileMaker file that stores your solution within a container field, lock it down with security and scripting, use Export Field Contents to get the solution file and your fonts to the right places, perhaps with some supporting AppleScript that makes use of the command line. Use FileMaker Advanced to package this up as a runtime solution and all the user has to do is double-click the runtime app and you can guide them from there. Once the installation is complete you could even open the installed solution for them and prompt them at that point to enter a serial number.
I'm not sure if this is the right place to ask, seeing as I don't currently have any code to share, but perhaps someone has an insight.
I have a very old Flash MX projection (.exe file) that was written and compiled in flash MX 2004. It's a simple interactive app - a test where a user picks an answer to a question and pushes ENTER to move to the next question.
The projection works fine on WinXP SP3 but doesn't work in win7, failing with a "class not registered" error.
It does work after I install flash player activex (I tried installing the latest, and also legacy version 6 r71), but then it doesn't register any keyboard commands and crashes a short while after a key is pressed.
Any idea what can be causing this?
So far I've tried fiddling with IE security settings, disabling DWM and windows themes, compatibility settings, etc., with no luck.
Also, despite the fact that the compiled projection is supposed to have all necessary components to run inside, it doesn't run if flash.ocx isn't registered. Isn't that weird?
Any help will be appreciated. I know this is old stuff and no one promises compatibility etc. And I don't even have the code as of now (not sure I can find it; assume I can't) - but this app is somewhat important to my company and this really seems like a "small" issue - if I could just find it...
Update - it kinda works if install the latest flash player and run it in compatibility mode - but it hangs after about a minute, regardless of what i do.
if i run it without compatibility mode, it doesn't run with a "library not registered" error.
You might want to repackage it.
Extract SWF from projector executable, for example, using this tool.
Get the newest standalone Flash Player and check if your .swf-file works with it.
Now export new projector file.
If this doesn't work for you, the only other way to do this is to recompile your .swf from source.
I agree with Ale's solution.
Have you tried Window's compatibility options to run the .exe as it would in an older compatibility mode ? This may work.
I got a weird problem with my VB app that has got me very confused. I am updating an existing program. I had to add some processing queue capabilities. On my system, unit testing worked great but when I compile it and run it on a different computer (a network server machine) it first tries to open an office install. If I cancel this, the program seems to run fine. The problem is that this program will be run in the background and I can't be hitting cancel each time it runs.
So my question is this: what is going on here? I'm usually a java developer we eclipse so I'm used to being able to include all the needed libs into the jar files automatically. It doesn't seem like the case with VB6. it seems like it expects all the same libs to be on all the systems. Is there any way to tell what might be triggering this?
The only thing I can think of that is causing it is that I'm using the "OpenProcess" function in the kernal32 lib. that the only major change I have made.
any help would be very appricated. thanks!
EDIT:
It seems that multiple versions of word were installed on the system and it was screwing things up somehow. We uninstalled one and it fixed it.
I ran into this a while ago and it was related to my installer for the VB6 app overwriting some system files for Office that it shouldn't have. Any time one of the System dlls was accessed Windows would determine that something was wrong and the Office installer would start up.
The short-term fix was to let the Office Installer repair the broken chain of dlls.
The long-term fix was to never overwrite built-in Windows System dlls.
You could also check out the Microsoft Fix it Center.
I made a minor change to a legacy Visual C++ / MFC app built with VS 2008. I changed some UI resources in the .rc file and compiled without any problems, then deployed it on my client's system. However, the program which was previously doing fine now fails to run on exactly one of their servers. It works fine on my laptop and on their other servers, many of whom are basically identical to the one having the trouble.
The weird thing however is that there is absolutely no error message whatsoever. No message box, no errorlevel set (when run on command prompt), no Dr. Watson entry, no nothing.
It's an MFC app that does not really comprise anything very special. It does link in some external libraries – e.g., some old version of the Xerces C++ XML parser. But this is probably not too relevant, right?
The program has a class derived from CWinApp, and I tried to add some logging in its constructor. Based on this, it looks like not even this constructor is reached.
The server in question is running Windows Server 2003 Standard Edition Service Pack 2, and we are trying to run the program in a Remote Desktop session. (Because of the client's environment, I cannot easily test in a console session right now.)
I reverted my changes from version control, which did not help – but I do not know if I had built myself the previously installed version (which ran just fine even on this server) or if it had been built by someone else.
Have also tried to reinstall the Visual C++ runtime libraries and of course reboot Windows, but neither helped. Now I'm really running out of ideas... Any clues on what I could try or check?
Probably some error occurs but is surpressed e.g. empty catch() statement or similar.
You could try and install Debugging tools for Windows WinDbg to see if you could get more info when trying to run it. Since the download is rather small 25Mb maybe it is possible to install it on your client's PC.
But first check the eventview log for your app, maybe there is something in there that can shed some light.
We are trying to automate a build of one of our products which includes a step where it packages some things with WISE. At one point WISE pops up a window with a progress bar on it to show how it is doing. If one is connected to the machine with remote desktop the build works fine but if one is not connected the build stalls until you reconnect at which point the window opens and the build progresses. Does anybody know of a work around for this? Some way of tricking windows into believing that there is a desktop session connected?
Sorry for yet another guess - but I had a problem with a wise installer locking up. It was because WISE had installed a "font" and so broadcast a "system config changed" message. My DELL had a Dell utility running on it that had a message queue it wasn't reading from so the broadcast locked up the installer. WISE made a new version for me that did an async broadcast instead to fix the problem. It's possible that there's an app on your system that doesn't bother reading its msg queue when there is no desktop.
Finally the answer: check you have the latest patches for your WISE installer. In particular, look for patches that fix lock-ups related to the windowing system.
What version are you using? Looking at the feature set, it looks like their "std" version might be limited. Perhaps unattended installs require the Pro version?
That's just a guess....
Regardless, I wonder whether you could simply code up an auto-run task for the box that calls
CreateDesktop to pretend there's an interactive login?
I found a CreateDesktop example
that's about desktop switching, and an example about unattended installs -- you might be able to use one of them as a starting point to "fake out" WISE :)
It might be worth a try...