Ricardo Barbosa Adds Code While App Is Running

Written By John Sonmez

Ricardo Barbosa believes that he's not a “real” entrepreneur only because he works during the day for a telecom company. However, he refers to himself as an entrepreneur at heart, creating product and systems for other developers to do their jobs quickly. He has been a developer on the .NET space and on Microsoft technologies for quite a long time.

I met up with Ricardo awhile back when he contacted me about an idea he had — the idea might be the precursor of what eventually will be called CodeCop. When I saw what he was doing I just had to drop everything. I get a lot of requests to look at stuff but the idea was something different, I had to check it out.

Ricardo describes CodeCop as “mixing Frankenstein with a chicken”, it will let let you do method interception .NET using JSON. Please check out the video interview with Ricardo Barbosa, and read the Q&A he put together to share here.

Ricardo Barbosa is a Network Software Engineer at Truphone. He is the creator of CodeCop.

What is CodeCop? Why should I care?

CodeCop is a live method interception library for .NET. It allows you to add or replace code inside any method from any assembly while your application is still running. It is very useful for a plethora of situations from instrumentation scenarios, mocking, boilerplate code reduction, code isolation (cross-cutting concerns), AOP (aspect oriented programming), etc.

How does it differ from similar products?

First it works live which means that you can be constantly changing or adding behaviors without recompilation and redeploys. Second, it's based on a JSON API (although a Fluent API also exists) which makes it “code bloat” free. Third, it’s the first real unobtrusive interception library in the market as all you need is a single bootstrap call inside your app for it to work.

From a high-level standpoint, how is it possible to place interceptors on methods with JSON?

Well, CodeCop bootstraps itself during app startup with a single line of code. During startup it will look for a JSON file called copconfig.json that has all the types and methods you want it to intercept and also which interceptors go where and how they operate, per method or globally.

What methods and assemblies can be intercepted? Can I intercept for instance the Console.WriteLine method with it?

Out of the box, all non NGEN'd assemblies compiled for .NET 4.0 and onwards and literally any method. For NGEN'd assemblies like the BCL where Console.WriteLine resides, all there is to do is to force JIT compilation via configuration and it will be intercepted as well.

What .NET interception technique does it use under the hood? Why that and not others?

It uses the “ancient art” of jit hooking. I choose it as a result of 1-1/2 years of experimenting with a lot of stuff. From messing around with pointers, or playing with what the framework already gives you, to dynamic compilation, this technique proved to be the most efficient. When you start playing with interception within a statically compiled language, you are literally entering into anti-nature space, so you really need a technique that lets you have full control on what the CLR is going to execute.

Is it secure? Can someone hack my app with it?

As someone once said, secure is a machine wrapped in cement, buried 10 feet deep and still I wonder if it is secure. Security is what you want it to be. If your server is compromised in any way, neither CodeCop nor any other app will be secure. But yes, we thought about making it secure so we force every app to make a bootstrapping call showing a clear interception intent. Without it no one can point CodeCop at your application.

CodeCop has three product types: Free, Developer, and Ultimate. What's their difference?

Basically the difference lies on the number of methods you can intercept: 25 for Free, 150 for Developer, and unlimited for Ultimate. The free version has no support and the ultimate version has something we call premium (high-priority) support.

Limitations?

NGEN'd assemblies if you don't disable loading NGEN images via configuration and assemblies compiled to a .NET version below 4.0. Also not supporting RyuJIT at the moment, but like NGEN you can disable it via configuration.

Plans for future releases, new features, etc.?

Mature the API, there is still lot of stuff that needs to be tuned, codewise and semantically. Launch a huge set of ready-made interceptors that integrate with well known libraries, for logging, error handling, etc. We already have some that are available on nuget and on the community section of our site.

We are also preparing online training courses, videos, and showcasing it as much as possible.

What books for developers do you recommend?

It might seem cheesy for me to recommend a book that John wrote, but I will do it anyway as it was the last book I read and I absolutely fell in love with it. Soft Skills: The Software Developer’s Life Manual by John Sonmez. As I have this entrepreneurial vein, everything that was written there sounded like music to my ears. There are so many tips and advices, not only career-wise but as a structured business that we all are. It is indispensable for an entrepreneur-wannabe like myself.

Of course I can't let this moment pass without referring to all the geeky books that shed some light for me about the .NET internals and so I recommend the CLR via C# by this insane “monster” that is Jeffrey Richter. Another one I like is C# Deconstructed by Mohammad Rahman. The Pro .NET Performance book by Sasha Goldshtein also has some good chapters that really elucidate about type internals. The good ol' Essential .NET, Volume 1 -The Common Language Runtime, by two other “giants,” Don Box and Chris Sells, and last but not the least to shed some light on IL assembly is the Expert .NET 2.0 IL Assembler book by Serge Lidin.

Also all the Windows Internals books by Mark Russinovich are a must for anyone wanting to know the OS ground where your applications lay their feet upon.