Jeff Griffin

DirectShow with WPF MediaKit

Posted on April 25, 2011

Lately, I have been tweaking and old video file transcoding application, so I can post it here.  I'll get into the program itself in more detail once I'm done adding some functionality.

For those of us who still have some unfinished business in the world of DirectShow, as well as those building new software with Media Foundation, Jeremiah Morrill's work with the WPF MediaKit can be a helpful tool.  The intent of this library seems to be to provide pluggable media presenters for a number of use cases like DVD content, generic URI content, video capture devices, Direct3d renders, etc. If these cases fit your needs, dropping the appropriate element into your XAML will be a negligible task. In my case, the bulk of the graph is built in code that isn't concerned with the UI, and all I needed was a surface allocated renderer to plug into my existing pipeline architecture.  Once I found the right way to use the aspects of the Media Kit that I needed, the code to expose them was simple.

The first thing I had to understand was that Jeremiah's player classes inherited from a WorkDispatcherObject that encapsulated his own WorkDispatcher class, which handles delegate queuing and invoking and hosts a message pump.  It's a nice implementation, so I had no problem incorporating it into my model code, which handles the pipeline's topology.  Allowing two WorkDispatcherObjects to share a dispatcher required a small modification to the kit: The Dispatcher property on WorkDispatcherObject needed to be made protected, rather than private. Changing the dispatcher of a WorkDispatcherObject that has already started its dispatcher's thread can have some unintended results. It wouldn't be too tough to write a WorkDispatcherObject that could support setting the dispatcher more gracefully, but this works for me as long as I'm careful about when I set it.  Since the player object is instantiated as a result of UI initialization and immediately starts a thread on the dispatcher, it was much simpler to allow the ViewModel code to borrow the View's dispatcher, using a OneWayToSource binding.


<Local:GraphPlayerElement GraphPlayer="{Binding GraphPlayer, Mode=OneWayToSource}"/>

The entire player is bound, rather than just the WorkDispatcher, because the ViewModel/Model will need it to call CreateRenderer.  Here is the code for the player and the element used to host it:

public class GraphPlayerElement : MediaElementBase

	protected override WPFMediaKit.DirectShow.MediaPlayers.MediaPlayerBase OnRequestMediaPlayer()
	{
		return new GraphPlayer();
	}

	public static readonly DependencyProperty GraphPlayerProperty =
		DependencyProperty.Register("GraphPlayer", typeof(GraphPlayer),
		typeof(GraphPlayerElement), new PropertyMetadata());

	public GraphPlayer GraphPlayer
	{
		get { return (GraphPlayer)GetValue(GraphPlayerProperty); }
		set { SetValue(GraphPlayerProperty, value); }
	}

	protected override void OnInitialized(EventArgs e)
	{
       	base.OnInitialized(e);
		GraphPlayer = (GraphPlayer)MediaPlayerBase;
	}
}

public class GraphPlayer : WPFMediaKit.DirectShow.MediaPlayers.MediaPlayerBase
{
	public GraphPlayer()
	{
		//Using STA, because my application pops property windows.
		EnsureThread(System.Threading.ApartmentState.STA);
	}

	/// <summary>
	/// This method exposes a surface allocated renderer to the caller
	/// </summary>
	public IBaseFilter CreateRenderer(IGraphBuilder graph)
	{
		if (!CheckAccess())
		{
			Dispatcher.BeginInvoke((Action)(()=>CreateRenderer(graph)));
		}

		return CreateVideoRenderer(
			WPFMediaKit.DirectShow.MediaPlayers.VideoRendererType.VideoMixingRenderer9,
			graph);
	}
}

Wake on Lan with IronPython

Posted on April 14, 2011

Since introducing a custom built Media Center PC to my living room configuration back in 2005, the machine filling the role has also become a local storage server of sorts.  The music functions and storage requirements alone make it an appealing location for centralized storage.  Of course it's not always on, nor would we really want it to be, so we would need an easy way to wake it up from workstations, phones, and laptops on the LAN.

Enter Wake-on-Lan.  It wasn't difficult to figure this out. In fact my Xbox, which we were using as an extender in the bedroom, was already using it.  With that already working, there was no configuration to be done on the Media Center PC itself (I'll cover it anyway).  Writing a WOL.exe to form the "Magic Packet" and send it was easy, setting up shortcuts on my wife's and my own systems with the right command arguments to include the port and the Media Center's MAC address was even easier.

In my last post I discussed Windows scripting, and it seemed like something like this was a good candidate for an example.  Plus, back when I wrote that WOL.exe, it seemed a little heavy handed, but I still loved the simplicity of the code itself and wanted to share it.

Set up the Host

As I said, I didn't have to mess with this, but you will need to make sure that your host's network adapter is ready to receive a Wake-on-Lan. Go to device manager, open up your favorite network adapter, and make sure the setting to the right is enabled.

While you're at it, get the MAC address of the adapter.  You can do an "ipconfig /all" in the command prompt and it will be listed as "Physical Address".  Write this down for later.

Some systems will require that you modify settings in the BIOS to support Wake-on-Lan.  I'm not going to cover it, since BIOS menus vary, but this was another thing that I happily didn't need to do.

The Script
Pull out the MAC address you recorded from the host machine and place each hex digit in the byte array, WAKE_MAC_ADDRESS.

import clr
clr.AddReference('System')
clr.AddReference('System.Core')
from System import *
from System.Net.Sockets import *
from System.Net import *
from System.Linq import *

WAKE_MAC_ADDRESS = Array[Byte]([0x0A,0x0D,0x0D,0x04,0x0E,0x55])
PORT = 40000

#fill the first 6 bytes of the packet with 0xFF
magicPacket = Enumerable.Repeat[Byte](0xff, 6);

#repeat the MAC address 16 times
for i in range(16):
magicPacket = Enumerable.Concat(magicPacket, WAKE_MAC_ADDRESS)

#send a UDP boradcast of the magic packet
socket = Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp)
broadcastEndpoint = IPEndPoint(IPAddress.Broadcast, PORT)
socket.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.Broadcast, True)
socket.SendTo(Enumerable.ToArray(magicPacket), broadcastEndpoint)
socket.Close()


Shortcut

What I did at this point was to make a shortcut called "Wake Emcee" (Emcee being the name of my Media Center PC), and pointed it to ScriptShell using the -a option so it silently executes the script and exits.  Shell32.dll has the perfect icon for this.  It will be the default location searched, if you click "Change Icon...".

ScriptShell: a Command Line host for Powershell/IronPython

Posted on April 13, 2011

I wanted to write about a tool project as soon as I could, because custom tooling is something that I enjoy doing.  Time and my mortgage tend to enforce that these excursions can be completed in a weekend or less, so this is a simple, yet effective solution for my Windows scripting needs.

Design Goals

  • Support two popular language options, Powershell and Python.
  • Target the 4.0 Framework.
  • Tool contains its own references, including scripting runtimes, for optimal redistribution.
  • Dynamically reference custom libraries.

Use Cases

  • Easily distributed unit/integration/regression testing of .NET libraries
  • Generalized .NET 4.0 platform automation, who needs batch files?
  • Can be set as the default binding for PS1 and PY files, or maintain your Powershell/ipy bindings and use GRIFFPS and GRIFFPY extensions.

Download ScriptShell 1.0.0.0
Source

Usage

Usage: ScriptShell [script-file-list] [-r reference-directory-list]
                   [-d scripts-directory-list] [-a]

Options:
 script-file-list              Run the specified script file(s) .
 -r reference-directory-list   Look for reference assemblies in this/these
                               location(s).
 -d scripts-directory-list     Run scripts from the specified
                               directory/directories.
 -a                            Automated mode.  This option will not prompt
                               for advancement. 
                               Note: Console prompts written into script
                               files will be unaffected.

 When specifying script files with the -s and -d options, the specified
 script files or runnable directory contents must be named with the
 following extensions:
                               *.py or *.griffpy for IronPython scripts
                               *.ps1 or *.griffps for PowerShell scripts";

Motivation

I wrote the first iteration of this tool out of frustration.  My client was experiencing issues regarding connection stability with a back-end service.  Reproducing the issue was problematic, and results varied by machine and locale.  It occurred to me that it might be nice to simplify his testing environment, and that of his support staff by giving him something without a UI, that would call directly into my Model code and would always act in a consistent, predictable way, regardless of who ran it.  Something similar to a unit/integration test platform might be nice, except the software requirements would be unwieldy.  A Powershell script seemed like a perfect option, until I realized it singularly targeted the 2.0 framework.  There were a few documented workarounds for this, but it was pretty apparent by now that I'd save time by writing up a Command Line Powershell host, targeting the 4.0 Framework, with references to my Model code.

Hosting Powershell

This was a relatively easy task, and is primarily just the tedium of tying all of the Powershell hooks to the command line.  This post by Mitch Denney was particularly helpful as a starting point.  Since my PSHost would need a UI, I needed to inherit PSHostUserInterface as well.  This is where the hooks are set into the command line.


public class ConsolePsHostUserInterface : PSHostUserInterface
{
	//other tedium

	//wire to Console
	public override string ReadLine()
	{
		return Console.ReadLine();
	}

	public override System.Security.SecureString ReadLineAsSecureString()
	{
		SecureString secret = new SecureString();
		ConsoleKeyInfo currentKey;
		while ((currentKey=Console.ReadKey(true)).Key != ConsoleKey.Enter)
		{
			if (currentKey.Key == ConsoleKey.Backspace)
			{
				if (secret.Length > 0)
				{
					secret.RemoveAt(secret.Length - 1);
					Console.Write(currentKey.KeyChar);
				}
			}
			else
			{
				secret.AppendChar(currentKey.KeyChar);
				Console.Write("*");
			}
		}
		Console.WriteLine();
		secret.MakeReadOnly();
		return secret;
	}

	public override void Write(string value)
	{
		Console.Write(value);
	}
}

public class ConsolePSHost : PSHost
{
	//more boringness

	//insert my console UI
	private PSHostUserInterface _ui = new ConsolePsHostUserInterface();
	public override PSHostUserInterface UI
	{
		get { return _ui; }
	}
}

All that's left to do is to add a lazily-instantiated property for the Powershell environment, console exception handling  and a nice calling convention for my application code.


public static class PowerShellRunner
{
	private static PowerShell _pws = null;
	private static PowerShell PowerShell
	{
		get
		{
			if (_pws == null)
			{
				_pws = PowerShell.Create();
                    		ConsolePSHost host = new ConsolePSHost();
                    		_pws.Runspace = RunspaceFactory.CreateRunspace(host);
                    		_pws.Runspace.Open();
			}
			return _pws;
		}
	}

	public static void Run(string file)
	{
		PowerShell.AddScript(File.ReadAllText(file));
		PowerShell.AddCommand("Out-Default");
		try { PowerShell.Invoke(); }
		catch (Exception e)
		{
			Console.Write(e.ToString());
			Console.WriteLine();
		}
	}
}

So I called into something similar to this from a command line application that searches a known subdirectory of the current location for Powershell scripts and it worked like a charm.  It's about now that I realize how much I don't like calling into .NET assemblies with Powershell.  Cmdlets are a nice shorthand for common operations, but who can remember all of them?  Here's a line of script I wrote to expand a log path with an environment variable:


$logName = [System.Environment]::ExpandEnvironmentVariables("%USERPROFILE%\ScriptShell\Test1.log")

I forget how to use that crazy bracket-and-double-colon syntax every time, and I end up having to Google it or look it up in another script.  Still, this accomplished what I set out to do, and I know there are plenty of Powershell lovers out there.

Hosting IronPython

It dawned on me later that not only is it easier to host the Dynamic Language Runtime, but my personal preference swings toward writing a script using Python's syntax.  Here's an example of the same action as above, written in Python:


logName = Environment.ExpandEnvironmentVariables("%USERPROFILE%\ScriptShell\Test1.log")

Here's what it took to get IronPython support:


public static class PythonRunner
{
	private static ScriptEngine _engine = null;
	private static ScriptEngine ScriptEngine
	{
		get
		{
			if (_engine == null)
			{
				_engine = IronPython.Hosting.Python.CreateEngine();
				_engine.Runtime.IO.SetOutput(Console.OpenStandardOutput(), Console.Out);
				_engine.Runtime.IO.SetErrorOutput(Console.OpenStandardOutput(), Console.Out);
			}
			return _engine;
		}
	}

	public static void Run(string file)
	{
		try { ScriptEngine.CreateScriptSourceFromFile(file).Execute(); }
		catch (Exception e)
		{
			Console.Write(e.ToString());
			Console.WriteLine();
		}
	}
}

...easy as a cliche.  Of course, in a sense, what I have done is rewritten ipy.exe, without the interactive mode (this might be a good follow-up), but in the fist pass, the easiest way to distribute this functionality was to directly reference my Model code and pass this out as an EXE to be dropped into the install directory of my client's software.  This implementation is a generalized implementation of the same concept, where any reference needed by a script is satisfied dynamically with a command line option at run-time.  Developers who do not need to redistribute their scripting environment may find that ipy.exe works just fine for them, the Python scripts will look the same in either case.

I had one major hiccup with using the IronPython Runtime for this tool, and it came when I attempted to pull the application out of my Release directory and only use the references I had embedded as resources.  The issue and workaround are adequately described here.   The workaround involves a modification, and custom build of the runtime.  Thanks to rodrigobarnes for that.

Download ScriptShell 1.0.0.0
Source

SecureString: Soup to Nuts, Part II

Posted on April 11, 2011

My last post, SecureString: Soup to Nuts, Part I, dealt with some basic rules around using the SecureString class in .NET and how to prepare the secret stored inside for persistence, without exposing the clear text to a CLR type.  In the second part, I'm going to discuss my solution for maintaining SecureString best practices, without sacrificing our MVVM design principles.  The XAML and code provided is in WPF, but it's applicable to Silverlight, as well with minimal tinkering.

First let's talk about PasswordBox.  The PasswordBox was designed to obscure the user-entered text, both visually and in memory.  That is to say, visually, it's much like the old Windows Forms MaskedTextBox, except it's specifically designed for secret data, and will only expose said secret in a clear text string if asked to do so,via the Password property.  It's important to understand that the Password property is only a helper that accesses the encrypted data member.  For this reason, it is not exposed as a DependencyProperty.  This is a source of frustration to developers who have no designs on a SecureString solution.  Alas, there's no pleasing everyone, and a Password DependencyProperty would make an acceptable SecureString implementation impossible with PasswordBox.  If you Google "PasswordBox MVVM" (without the quotes) you will find that the generally accepted solution for the CLR string camp, makes use of an attached property to expose a CLR string for binding.  This effectively takes the MaskedTextBox functionality of PasswordBox, and passes on memory security.

We want an MVVM solution that hands us a SecureString, so let's look at the SecurePassword property.  More frustration, as this is also not a DependencyProperty.  Before you go angrily writing an attached property to expose the SecureString, understand that this is by design, not neglect.  The first commandment of SecureString is to dispose of it when you're finished right?  The SecurePassword property gives us a SecureString to use one time, then dispose of it.

The MVVM way to do this is now staring us in the face.  We need to bind the event we're going to use to execute our users' credentials to an ICommand.


<PasswordBox x:Name="_passwordBox" ...>
        …
        <PasswordBox.InputBindings>
                <KeyBinding Key="Enter" Command="{Binding ExecuteCredentialsCommand}"
                                 CommandParameter="{Binding ElementName=_passwordBox}" />
            </PasswordBox.InputBindings>
</PasswordBox>
<Button Content="Login Button Text" …
        Command="{Binding ExecuteCredentialsCommand}"
        CommandParameter="{Binding ElementName=_passwordBox}"/>

In this example's ViewModel, I'm using Prism's DelegateCommand implementation of ICommand.


public ViewModelClassConstuctor(IRegionManager regionManager,
	IProxyDataProvider dataProvider)
{
	ExecuteCredentialsCommand = new DelegateCommand(
	//execute method
	delegate(object parameter)
	{
		SecureString securePassword = parameter as SecureString;
		if (parameter is PasswordBox)
			securePassword = ((PasswordBox)parameter).SecurePassword;
		try
		{
			//authentication/persistence model code
		}
		finally
		{
                    		securePassword.Dispose();
		}

                },
	//can execute method
	delegate(object parameter)
            {
		SecureString securePassword = parameter as SecureString;
		if (parameter is PasswordBox)
                        	securePassword = ((PasswordBox)parameter).SecurePassword;
		return securePassword != null && securePassword.Length > 0 &&
			!string.IsNullOrEmpty(UserName);
	});
	CredentialsChangedCommand = new DelegateCommand(
	delegate
	{
		ExecuteCredentialsCommand.RaiseCanExecuteChanged();
	});
}

public DelegateCommand ExecuteCredentialsCommand { get; private set; }
public DelegateCommand CredentialsChangedCommand { get; private set; }

There you have it. With the code from the previous entry, you can generate a nice authentication prompt with password persistence, without sacrificing memory security or your MVVM design. I hope this has been a helpful guide. Please leave a comment if you liked it, have something you'd like to share, or if you thought it could have been more comprehensive.

SecureString: Soup to Nuts, Part I

Posted on April 4, 2011

Motivation:

Using the SecureString class in .NET is a great way to protect your users' sensitive data from malicious code, intended to pull said data right out of memory. It is already supported by framework classes that Internet enabled applications use often, like NetworkCredential, making its addition to your existing code fairly straightforward.

That's great, but since nothing is ever easy I want to point out that there are two scenarios where it wasn't so easy to accomplish requested functionality and maintain the proper use of SecureString:

  1. implementing secure local storage of a password, and
  2. preserving MVVM design without exposing the password in an insecure managed object.

There is quite a bit of widely accepted advice to be found on community support forums that seeks to fit each of these scenarios, but defeats the point of using SecureString at all.

As I understand it, there are two commandments one should follow if one intends to use them without sabotaging one's own efforts. The first is to dispose of the SecureString when processing is complete, the other is never to allow the unprotected contents of the SecureString to find its way into a CLR object, like a string or byte array. It just isn't clear how long they will be hanging around in memory, and heck, if you wanted to store your secret in a CLR string, you could have saved yourself a lot of time by doing so to begin with.

In part I and II of this article I will address my method of implementing solutions for these two scenarios, respectively.

Secure Local Storage:

Finally getting to the point.  This guy is first, because it's useful regardless of what design patterns or frameworks you're using to implement your interface, or whether you're implementing a GUI at all. If you've ever written a program that needs to utilize local storage for any data placed in a SecureString, you've run into this problem. The last thing you want to do is store it out in clear text, so you know it needs to be encrypted. DPAPI to the rescue. Great, but there's good news and bad news.

First the bad. The ProtectedData's Protect/Unprotect methods are staring us in the face, just begging us to use them, with their single parameter overloads, and be done. Alas, the second commandment of SecureStrings prevents us from placing our secret in a CLR byte array, so we're going to have to make the unmanaged calls to CryptoAPI.

The good news is that we can use P/Invokes and marshaling to accomplish the necessary unmanaged calls to CryptProtectData and CryptUnprotectData, zero out and free any sensitive data immediately without actually writing any unmanaged code.

Now for some code. Moving from an existing SecureString instance into some processing code is always going to look pretty similar to this...

IntPtr unmanagedString = Marshal.SecureStringToBSTR(self);
try
{
//Processing code here. Resist the urge to Marshal.PtrToStringBSTR.
}
finally
{
Marshal.ZeroFreeBSTR(unmanagedString); //free the buffer holding our secret
}

The rest of the solution is pretty plug-and-chug. I wrapped the CryptoAPI calls in SecureString extension methods GetProtectedData and AppendProtectedData found in this file. In the interest of leaving the method of storage as an implementation detail, the extension methods above export and import a byte array (encrypted of course). It's simple to place them in user.config, for example by using the *.settings file designer to make a user setting called “Password” and doing the following in code...

Properties.Settings.Default.Password = Convert.ToBase64String(securePassword.GetProtectedData());

...and to reverse it...

string encPassword = Properties.Settings.Default.Password;
if (!string.IsNullOrEmpty(encPassword))
{
SecureString passwordString = new SecureString();
passwordString.AppendProtectedData(Convert.FromBase64String(encPassword));
}

Thanks to pinvoke.net for P/Invoke signatures.