.NET Questions and Solutions

Symptoms
A BitLocker-protected computer may be vulnerable to Direct Memory Access (DMA) attacks when the computer is powered-on or in the Standby power state, including when the desktop is locked.
BitLocker with TPM-only authentication allows for a computer to enter the power-on state without any Pre-boot authentication. Therefore, an attacker may be able to perform DMA attacks.
In these configurations, an attacker may be able to search for BitLocker encryption keys in system memory by spoofing the SBP-2 hardware ID by using an attacking device that is plugged into a 1394 port.
This article applies to the following systems: Systems that are left powered-on. Systems that are left in the standby power state. Systems that use the TPM-only BitLocker protector.
Resolution
1394 Physical DMA
Industry standard 1394 controllers (OHCI compliant) provide functionality that allows for access to system memory. This functionality is provided as a performance improvement. It enables large amounts of data to transfer directly between a 1394 device and system memory, bypassing CPU and software. By default, 1394 Physical DMA is disabled in all versions of Windows.There are two options to enable 1394 Physical DMA: An administrator enables 1394 Kernel Debugging. Someone with physical access to the computer connects a 1394 storage device that complies with the SBP-2 specification1394 DMA Threats to BitLocker
BitLocker system integrity checks protect against unauthorized Kernel Debugging status changes. However, an attacker can connect an attacking device into a 1394 port, and then spoof an SBP-2 hardware ID. When Windows detects SBP-2 hardware ID, it loads the SBP-2 driver (sbp2port.sys), and then instructs the driver to allow for the SBP-2 device to perform DMA. This enables an attacker to gain access to system memory and search for BitLocker encryption keys.

Symptoms
When you use Microsoft System Center Operations Manager 2007 to monitor system performance on Windows Server 2008-based computers, a memory leak occurs. Specifically, this memory leak occurs in the performance counters that are used by System Center Operations Manager 2007.
Note Any applications that use performance counters in Windows Server 2008 may also experience this problem.
Resolution
This problem occursbecause of a bug in the way that Windows Server 2008 manages allocated memory.

Symptoms
Memory leaks are a common issue. You may have to try several steps to find the specific cause of a memory leak or an out-of-memory (OOM) exception in Microsoft BizTalk Server. This article discusses important things to consider when you are evaluating memory usage and possible memory-related issues. These considerations include the following:
Physical RAM
Large message processing
Use of the /3GB switch
Use of custom components
Which version of the Microsoft .NET Framework the system is running
The number of processors
Resolution
This article describes how to troubleshoot a memory leak or an out-of-memory exception in the BizTalk Server process of Microsoft BizTalk Server.

Symptoms
Windows reports a random “Fatal Exception 0x has occurred at xxxx:xxxxxxx” error message even though your previous version of Windows or Windows for Workgroups did not.
Resolution
A common cause for this error messages is faulty physical memory (RAM) onthe computer. The following are reasons why your previous version ofWindows may appear to run smoothly while Windows may report a random”Fatal Exception 0x has occurred at xxxx:xxxxxxx” error message:
All operating systems use memory differently. In Windows 3.1, the “bad”memory may be used for holding rarely used data. In Windows, the”bad” memory is used for holding frequently run program information.Windows 3.1 contains comparatively little 32-bit code. Windows usesmuch more 32-bit code. Furthermore, there are subtle differencesbetween the way memory is accessed if it is being accessed for code orif it being accessed for data. Because Windows runs much more32-bit code, these subtle errors show up more often.
In particular, all the 32-bit code in Windows 3.1 resides in one place:at the low-end of physical memory. If the first 4 megabytes (MB) ofmemory can handle 32-bit code, Windows 3.1 works without errors. This istrue even if the topmost physical memory cannot run 32-bit code becauseWindows 3.1 does not run 32-bit code outside the first 4 MB of RAM.
Windows runs 32-bit code in all portions of memory. Therefore,when Windows runs 32-bit code in a section of RAM that cannotrun 32-bit code well, you may receive “Fatal Exception Error0x:xxxxxxxx” error messages.Windows interacts with hardware differently than previous versionsof Windows. This is due partly to Plug and Play and partly to newdrivers that take advantage of the additional capabilities of interfaceadapters. These features may uncover anomalies in the hardware thatnever appeared in previous versions of Windows because earlier versionsdid not attempt to exploit these features.Many new computers do not have memory chips that perform paritychecking; therefore, you may have been encountering parity errors inWindows 3.1 without realizing it because the errors were inrelatively harmless sections of memory. For example, in a MicrosoftWord for Windows document, the word “the” is changed to “tie.”

Symptoms
You may receive an “Access violation while reading from location 0×0FB04000″ exception in the worker thread of the mail program.
Resolution
Offset and length parameters for CWtvMailApp::GetRequestParam that are not valid cause the mail program to try to access memory that is beyond the message’s data.