Application Security Testing: An Integral Part of DevOps
A few years ago, mainstream software development was all about desktops and servers, both being Personal Computers. This is rapidly changing as more and more devices emerge. Today's world has Smartphones, Pocket PCs, Tablet PCs, Media Centers, and many more to emerge. As complex as it is to understand all these devices and their differences, Microsoft has made it equally complex to understand the different Windows brands—Windows Embedded, Windows CE, Windows Mobile, and so forth. A few years ago, it seemed to be cool and bleeding edge to support different devices other then the mainstream PC. But, as more devices emerge and as it becomes easier to develop software for those devices, the more rapidly consumers and corporations will adopt them. A few years from now, it will be essential to support such devices and for developers to have experience with development on such devices. This article builds on top of the existing article "MSMQ, your reliable asynchronous message processing." It will show how MSMQ can be used on Pocket PC 2003 and at the same time provide an introduction to mobile development and the Compact Framework (CF).
Understanding the Different Windows Brands
Microsoft uses three main Windows brands. Each brand is targeted towards a different set of devices. There are gray areas among the different brands, but the device to support will determine which Windows version to use:
- Windows Embedded—This encompasses all versions of Windows targeted towards any device other then the PC (desktop and server). Windows Embedded consists of two main brands: Windows XP Embedded and Windows CE.
- Windows XP Embedded—This is a componentized version of Windows XP Professional. Thus, you select from the existing Windows XP Professional components which ones you want to include in your OS image. This allows you to create smaller OS images for different devices while still supporting any Windows-based application (as long as the components the application requires are included in the OS image). Windows XP Embedded only supports Intel x86 hardware and is not a real-time OS. Examples would be kiosks, retail devices, ATMs, and so forth.
- Windows CE—This is a real-time operating system that also supports platforms other than Intel x86. It is not bound to a specific device, but rather contains components to support a wide variety of small devices.
- Windows Mobile—Microsoft created Windows Mobile to provide a rich experience for end users as well as to provide strict guidelines for Pocket PCs and Smartphones. Windows Mobile only runs on devices that support the Windows Mobile standard. The three main types of devices supported are:
- Pocket PC—Windows-based PDAs that support WiFi and Bluetooth and provide mobile Word, mobile Excel, mobile Outlook, and more.
- Smartphones—Mobile phones that also support e-mailing, text messaging, Web browsing, and instant messaging.
- Pocket PC phone editions—For devices that combine PDA-type features with your mobile phone. This supports all features of Pocket PC and Smartphone.
Microsoft also ships a Compact Framework used to build .NET applications for Windows CE and Windows Mobile (both Windows Pocket PC and Windows Smartphone).
Building Your Pocket PC 2003 Application
When you create a new project, you can select the project type (list on the left side). Under Visual Basic and Visual C#, you see an entry called "Smart Device." Underneath it you find Pocket PC 2003, Smartphone 2003, and Windows CE. These are the three different devices you can use the Compact Framework on and which VS.NET 2005 allows you to create applications for. You can create for each an application (Windows forms), class library, or control library (not supported for Smartphones). This by default references the Compact Framework. Under the references, you also suddenly see an "mscorlib", which is the "mscorlib" for the Compact Framework. When you add new references, you see also that the list is smaller. That is because the Compact Framework only supports a subset of the full framework. The Compact Framework 2.0 added the System.Messaging assembly/namespace, which provides full support for MSMQ on Pocket PC and Windows CE but not for Smartphones.
Windows forms are available for all three devices and differ from the traditional desktop Windows forms in that the screen size available is much smaller. The designer shows a fixed-size window that reflects the size available on selected devices. How to add controls through the toolbox, how to position and resize it, how to set its properties, and how to add event handlers is the same as for the traditional desktop Windows forms. The list of properties and events will be shorter because not all are supported by the Compact Framework, or more specifically by the devices themselves.
When running the application, the VS.NET IDE shows a deployment dialog. You can choose where to deploy and run the application. VS.NET provides Emulators so you can run and test the applications without requiring an actual physical device. Emulators are available for Pocket PC 2003, Smartphone 2003, and Windows CE 5.0. You also can choose a form factor, meaning the skin used when showing the device in the emulator. For example, you can choose between a "Pocket PC 2003 Portrait" and a "Pocket PC Phone 2003 Portrait."
Running on a Pocket PC 2003 Emulator
Choose "Pocket PC 2003 SE Emulator" to deploy and run your application on the Pocket PC Emulator. This starts a virtual machine and loads the Pocket PC 2003 OS into that virtual machine. Devices such as Pocket PCs and Smartphones can utilize an Intel x86 processor or an ARM (Advanced RISC Machines) processor. The emulators that come with VS.NET are emulating ARM-based devices. All device emulator images are stored in the following location: "C:\Program Files\Microsoft Visual Studio 8\SmartDevices\Emulators\Images". You find the Pocket PC image under the sub folder "PocketPC\2003\1033" and the Smartphone image under the sub folder "Smartphone\2003\1033".
Note: Keep in mind that because emulators are emulating a Pocket PC or Smartphone, they will always be slower then an actual device itself.
The emulator window shows a Pocket PC booting up, like a real Pocket PC. It then asks in the emulator window whether the Pocket PC is connected to the Internet or Work; choose "The Internet." Because this is the first time the emulator is started and no Compact Framework is yet loaded, VS.NET first deploys the Compact Framework onto the emulator. After that, VS.NET again shows the dialog to choose where to deploy the application (it is unclear to me why this is required, but if you always deploy to the same device or emulator you can unselect the option "Show me this dialog each time I deploy the application"). Now, VS.NET starts deploying your application files onto the Pocket PC emulator. When completed, VS.NET will start the application on the Pocket PC while remotely connecting to it so you can debug the application remotely. In this example, it will show an exception as soon as a System.Messaging type gets loaded and called. This is the case because MSMQ is not yet installed and configured on your Pocket PC emulator.
Loading and Installing MSMQ on the Pocket PC Emulator
You can tell the VS.NET IDE to upload not just the project files but also any other files you need to get onto the Emulator. The MSMQ redistributable files can be found at the following location: "C:\Program Files\Microsoft Visual Studio 8\SmartDevices\SDK\SDKRedist\MSMQ". Because the emulator is ARM-based, you take them from the ARM sub folder. Add all six files to the project and set "Build Action" in the file properties (in VS.NET) to "Content". All files marked as content will be deployed in the same folder as your project. To change the location where your application is deployed, bring up the Project properties (in VS 2005, double-click the item Properties). Go to the "Device" tab and change the "Output file folder." This by default always points to "\Program Files" followed by your project name. Also, any files you marked with "Content" in the build action are deployed into this folder. To deploy your application again, run it again, or choose "Build | Deploy Solution." After redeploying the application, go to the Pocket PC emulator window so you can set up MSMQ on it.
The Basics of Using the Pocket PC Emulator
The Emulator shows you Pocket PC as it would be on any real Pocket PC device. In the upper-left corner, you see the "Windows start button." Click the start button and it will show the start menu. Select "Programs" to bring up the installed programs, one of them being the "File Explorer." Open the "File Explorer" by double-clicking it; by default, it shows the "My Documents" folder. Click on the white space at the bottom of the file explorer and keep the mouse pressed till the popup menu shows. Select from the "View All Files" menu so we see all files. Right under the Windows start button in the upper left corner, it shows "My Documents" with a down arrow. This is your current location; clicking the down arrow brings up a menu. Click it and select "My Device" to jump to the root folder of your device.
Next, double-click "Program Files." This shows the "Program Files" folder where you see a "NET CF 2.0" folder where VS.NET deployed the Compact Framework as well as an "MSMQ Pocket PC" folder where your application has been deployed. Now, you want to copy the MSMQ redistributable files to the Windows folder. Go to the "MSMQ Pocket PC folder" and select the following six files (by holding down the CTRL key and clicking on each file): visadm, msmqrt, msmqd, msmqadmext, mqoa, and msmqadm. Click one of the selected files and hold down the mouse until the popup menu shows; then select "Copy." Next, again click the arrow beside the current folder location (right under the Windows start button) and select "My Device" from the menu. This again shows the root folder of the device. Double-click the "Windows" folder, press the END key to jump to the end of the file list, click an empty space, hold the mouse key down till the menu appears, and select "Paste." Now, all six files have been copied to the Windows folder.
Next, we configure MSMQ on this Pocket PC. This requires changing the default Pocket PC name. Click the Windows start button and select "Settings" from the start menu. Select the "System" tab at the bottom and then double-click the "About" icon in the list. This shows the Windows "about" screen. Select the tab "Device ID" at the bottom; it shows the current Device name as "Pocket_PC." Change the name to something like "EnterpriseMinds" and click the Ok button in the upper-right corner. This brings you back to the Settings screen that you can close with the "X" in the upper-right corner. This brings you back to the File Explorer that still shows the files you copied into the Windows folder. Double-click "visadm" to open the visual MSMQ administrator console. Click the "Shortcuts" button and select "Install" from the menu. Click the "Shortcuts" button again and select "Register" this time.
Next, we need to restart the Pocket PC for the changes to take effect. Click the "Exit" button to close "visadm" and next, on the Emulator window itself, click the "Power button" (upper-right corner). This will ask you if you are sure; say yes, which shuts down the device, shows a black screen, and then boots it up again (this may take a while). Now, we have reset the device and we want to check whether MSMQ has been set up properly. Go back to the File Explorer, which now also appears in the start menu and by default jumps back into the Windows folder. Start "visadm" again, click the "Shortcut" button, and select "Verify". This shows that MSMQ has been properly installed. Now, we can go back and run our sample application. First, close "visadm" with the "X" in the upper-right corner, as well as the File Explorer. Run the sample application from your VS.NET IDE again; this will re-deploy any changed files. Then, launch the sample application while still being connected to it remotely so you can debug through the VS.NET IDE.