Application Security Testing: An Integral Part of DevOps
One of the nice things about Visual Studio's syntax highlighting is that you can define your own keywords. Visual Studio, both 5.0 and 6.0, support this feature. To define a new keyword, you merely need to edit the file USERTYPE.DAT (hereafter known as the DAT file) located in the same directory as MSDEV.EXE. The file is a simple text file where each keyword is on its own line. In order for Visual Studio to recognize the new keyword, you have to restart it.
The immediate benefit of this syntax highlighting is that you can tell whether you misspelled a function, or method, or whatever. Of course with the advent of Visual Studio 6.0 and Intellisense, this is not so useful. However, I found it a pain to have to go to the dat file and modify it everytime I found another keyword I wanted to add. Furthermore, sometimes I don't want all the keywords I have defined to highlight. For example, when I'm not using MFC, I don't want the MFC keywords to be highlighted.
Each keyword file is a simple text file containing a list of keywords. Each keyword file has a description that you provide. To add a new keyword file to the list of files that you can choose from you use the MergeKW add-in. The add-in will display a list of currently defined keyword files, and their descriptions. You can choose to add or remove keyword files. Additionally, each keyword file is either checked or unchecked depending on whether it was used the last time you merged the keyword files into a new DAT file. You can check or uncheck keyword files and then use the MERGE button to build a new USERTYPE.DAT file.
The following picture shows the dialog that you use to add and remove keyword files and to merge them into a new DAT file. Each entry in the list box consists of a descriptive name of the keyword file followed by the path to the keyword file in brackets. In the example, the Debug, MFC, and Process Status Helper keyword files are not currently being used. Therefore, any keywords contained in these files will not be highlighted by Visual Studio.
Important Note Sometimes Visual Studio locks the DAT file in memory, especially with Visual Studio 5.0. In this case, the add-in will be unable to replace the file. To get around this, the add-in will tell you that the DAT file will be replaced when Visual Studio shuts down. When you shut down Visual Studio, you will receive a message telling you the DAT file was replaced properly. In either case, you must restart Visual Studio before the changes will take effect. It would be nice if Visual Studio could be forced to automatically update itself when the DAT file changed.
One of the problems of using custom keywords is having to manually add the keyword to a file. To get around this, the add-in adds another command, 'Add Keyword' (ADD). ADD will take the currently selected text from the active editor window and add it to one of the keyword files. You will be prompted for the keyword file to use. It will also show you what text will be added, so you can ensure you aren't making a mistake. This is far faster than manually adding it to a file. Furthermore, you can continually add new words to a keyword file and then whenever your ready, rebuild the DAT file. It is harmless to add a keyword more than once, or even adding the same keyword to multiple files.
The following picture shows the dialog that appears when you select a word and then choose the ADD command on the toolbar. In this example, the keyword WIN32_FIND_DATA is going to be added to the keyword file Win32.txt.
Changes in Version 2.0.4
The following features are new to this version:
The add-in now remembers the last directory used when adding a keyword to a TXT file, or adding a new TXT file.
Auto-merge has been added. By enabling this option in the add-in dialog, the add-in will automatically merge the files selected in the dialog whenever MSDev shuts down. This saves you the effort of having to explicitly merge any changes you have made.
Create TXT files when needed. You no longer have to create the TXT files before being able to use them in the add-in. The Open File/Save File dialogs will prompt you to create any file that doesn't exist.
To install the add-in, do the following :
1. Copy MergeKW.dll to any directory you like. If you insert the DLL into the Addins directory (under the directory where MSDEV.EXE resides, then Visual Studio will automatically load it the next time it starts.
2. Start Visual Studio and go to the 'Tools/Customize' menu item. Click on the menu. The Customize dialog will appear.
3. In the Customize dialog, go to the 'Add-ins and Macro Files' tab. If you placed the DLL in the Addins directory, then it will show up here, otherwise use the 'Browse' button to locate the DLL.
4. Once the DLL is registered in Visual Studio, click the add-in from within the list to show its buttons.
5. Installation is complete. You can now use the add-ins toolbar buttons.
I hope you find this add-in useful. If you have any suggestions or comments then please let me know. To assist you in getting started, I have provided in the Data directory of the ZIP file a copy of the keyword files that I have defined. You can use these to get started.
DownloadsThe zipped file contains all the source code and several example keyword files. The add-in works under UNICODE. It will compile under ANSI, but I have not done any extensive tests to ensure it works.
Download source - 61 KB