Tuesday 31 December 2013

Catching up on happenings in the Delphi world

When I’m head-down in a ‘long hours’ contract I tend to miss quite a bit of Delphi-oriented news. Once in a while I look up and I find a whole host of interesting posts around the blog-world and this has been the case over this seasonal break.

I’ve been browsing around seeing what’s new and have collated the following list of stuff I found interesting. Anyone else who hasn’t been keeping up-to-date on news of late might possibly also find some stuff of interest in the list.

Happy New Year!

Delphi XE5 Update 2

If you're a user of Delphi XE5 or RAD Studio XE5, then unless you've been hiding under a rock you'll be very much aware that Update 2 was released a while back (10th December, 2013). There are quite a few changes, so it's basically one of those uninstall/reinstall cycles. On the EDN page for Update 2 you can pull down the web installer, which downloads all the required bits over the web as it sees the need to, or pull down the rather larger full Update 2 ISO CD image. When I used the CD image I found that Hotfix 1 and Hotfix 2 (also mentioned on the same page) appeared to be already applied.

However as François Piette pointed out, we now also have a Hotfix 3 for Update 2. This addresses a few missing .OBJ files (compiled versions of C source files for the JPEG support). In the absence of a README file, I decided these files belonged alongside their corresponding source files in $(BDS)\source\vcl\jpg\src (e.g. C:\Program Files (x86)\Embarcadero\RAD Studio\12.0\source\vcl\jpg\src).

Update 2 does incorporate a good number of fixes, including the really annoying one where the form designer keyboard shortcuts (various permutations of Ctrl, Shift and the cursor keys) were not supported by the FMX form designer (as Marco posted).

Here are links for the Release Notes and the What's New page for XE5 Update Pack 2.

One of the key features added in Update 2 was iOS development support for C++ programmers. David Intersimone made a handful of posts showing how to use this support, and they have been accompanied by and followed up with a variety of videos on the Embo YouTube channel:

  • C++Builder XE5 iOS Preview slides, video
  • What's New in C++Builder XE5 for iOS, video
  • Building your first C++Builder multi-device application, post and video
  • Using TabControls, Gestures and Actions in your C++Builder XE5 for iOS apps, post and video
  • Using Image Effects Filters in your C++Builder for iOS apps, post and video
  • Location enabling your C++Builder for iOS apps, post and video
  • Mobile Code Snippets: IBLite on iOS, video
  • Mobile Code Snippets: Date Picker for iOS, video
  • Mobile Code Snippets: Sharesheet & Media Library Actions, video
  • Mobile Code Snippets: Sending & Cancelling Notifications, video
  • Mobile Code Snippets: Tap & Hold Interactive Gesture, video
  • Mobile Code Snippets: Sending & Resetting Badge Numbers, video
  • Mobile Code Snippets: Pinch & Zoom Interactive Gesture, video

Another neat feature slipped in is the Mobile Preview feature, which allows you to compile and test a good chunk of your mobile functionality within a Windows preview app. It's discussed by Marco here and Sarina DuPont here and documented here.

Recent VCL enhancements

Given Embo's focus on talking lots and lots about FMX over recent years it's easy to forget that the VCL is still being enhanced. Indeed so easy that when XE5 was released, the home page made nary a mention of VCL! Anyway, in an attempt to redress the balance DavidI emitted a blog post that talks about the benefits of VCL in Delphi XE5.

In there he mentions support for 64-bit Windows, full Unicode support, FireDAC, the REST client support, VCL styles, LiveBindings, Metropolis for Windows 8-like apps, and sensor support.

Some additional posts on the REST client support are:

On the subject of FireDAC, if you missed it you can catch the replay of Cary Jensen’s webinar on the subject, entitled: No App is an Island: Universal Enterprise Data Connectivity for the Multi-Device World with FireDAC. Also available on that page are a hefty white paper by Cary to back up the webinar and links to some FireDAC videos.

And for additional Unicode information, check the list of resources collated by Malcolm Groves (and others in the comments) in his post Resources for Unicode in Delphi.

New product features for old product users

I discovered that Embo have made some pages that talk about new features in releases since certain commonly used old versions. For those trying to find out how much merit there might be in upgrading to the current XE5 release from an old version these pages could prove pretty useful. So we have:

Warren Postma has a post citing a variety of reasons to upgrade: Modernize your codebase: Inspiration to Ditch your Ancient Delphi Version. Do read through them.

reFind for search/replace with PCRE

Here’s a tool I didn’t notice appear in Delphi XE5. It’s a command line find/replace tool that uses Perl-compatible regular expressions (PCRE). It’s documented in the XE5 docwiki and uses a rule file to control the process of running over a bunch of source files (and form files) making specified changes.

The tool comes from FireDAC (née AnyDac) and was designed to help migrate BDE components and code over to [Any|Fire]DAC equivalents, but of course can be applied to any search/replace scenario.

Embo’s Stephen Ball posted on the topic of source migration from Delphi 5 to Delphi XE5, which is where I first bumped into the tool. I’ve since seen it referenced on posts on Mick’s Mix and Marco’s blog.

Mobile coding topics

We've had a good spate of posts on how to do various things in Delphi mobile apps.

Here are some Android-specific ones:

Here is an iOS topic:

And here are some that cover both Android and iOS:

Additionally DavidI posted a useful set of resource links that came up in his Step Up to the Multi-Device App Platform webinar so do peruse them at your leisure.

DEP & ASLR in Windows projects

While looking into reFind I bumped into a new (to me) Delphi blog from Mick Grove called Mick’s Mix. A 2011 post on there reminded me of support added to Delphi 2007 and later to support DEP (Windows XP SP2 and later) and ASLR (Windows Vista and later).

DEP is Data Execution Prevention, which helps avoid hacked data bytes being executed. This is done in 32-bit apps using AMD’s NX (no-execute page protection) processor feature and Intel’s XD (Execute Disable Bit) processor feature.

ASLR is Address Space Layout Randomization and helps foil buffer overrun exploits by randomising the load address of DLLs. Thus ASLR is only really pertinent to DLLs or packages.
[ Update: thanks to Ericlaw for pointing out that setting the DynamicBase flag in an executable project randomises the location of heaps and other data structures, as well as enabling other mitigations. In other words, ASLR should really be enabled on all projects as should DEP. ]

According to a post by MSDN blogger Michael Howard, and echoed by a post by Hallvard Vassbotn, Delphi 2007 added support for ASLR and DEP by the small operation of adding this after the uses clause in the project file:

{$SETPEOPTFLAGS $140}

This sets 2 flags in the DllCharacteristics field of the IMAGE_OPTIONAL_HEADER section of the PE file that your DLL will be emitted as by the linker.

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE and IMAGE_DLLCHARACTERISTICS_NX_COMPAT are defined by Microsoft’s MSDN documentation as having the values 0x0040 and 0x0100 respectively.

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is defined as: the DLL can be relocated at load time.

IMAGE_DLLCHARACTERISTICS_NX_COMPAT is defined as: the image is compatible with data execution prevention (DEP).

Neither of these constants is defined in Delphi’s Winapi.Windows.pas, but for readability you could alternatively write this below the DLL project’s uses clause:

const
  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = $0040;
  IMAGE_DLLCHARACTERISTICS_NX_COMPAT = $0100;

{$SETPEOPTFLAGS IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE or
                IMAGE_DLLCHARACTERISTICS_NX_COMPAT}

For ASLR in DLLs and packages you can alternatively use the undocumented {$DYNAMICBASE ON} directive (as mentioned by Michael and Hallvard), which has the same effect as setting the IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE PE opt flag. Thus this would be a viable equivalent:

const
  IMAGE_DLLCHARACTERISTICS_NX_COMPAT = $0100;

{$SETPEOPTFLAGS IMAGE_DLLCHARACTERISTICS_NX_COMPAT}
{$DYNAMICBASE ON}

Note that in more recent product releases you can also pass these optional PE header flags using a linker switch. In the Linking section of the Project Options dialog you can pass the combined decimal flags value to the Set extra PE Header optional flags field, so $140 would need a value of 320 to be passed in.

You can see that the flags have been noted by looking at the properties of your project when running using a tool such as Process Explorer from SysInternals.

DEP and ASLR

3 comments:

  1. > "Thus ASLR is only really pertinent to DLLs or packages."

    Untrue. Setting the DynamicBase flag on the executable randomizes the location of heaps and other data structures, and enables other mitigations as well.

    All modern executables and plugins should set both NXCOMPAT and DYNAMICBASE.

    ReplyDelete
    Replies
    1. Ah, thanks for the correction! I clearly didn't read far enough into the subject - funnily enough I did wonder about that when I wrote it....
      I shall correct it.

      Delete
  2. Hotfix 3 for RAD Studio, Delphi, and C++Builder XE5 Update 2
    Available to registered users of Delphi XE5, C++Builder XE5, RAD Studio XE5, and Embarcadero All-Access XE

    This hotfix contains the compiled .OBJ files for JPEG support

    Install instructions: Unzip and copy the files to your RAD Studio lib\win32\debug folder

    ReplyDelete