Legacy Code Audit, Remake and Migration

There Once Was a Man Named Bill

Back in the late 1990s and early 2000s, an old Systems Administrator, Bill, had written several compiled scripts and a homegrown database in FoxPro to help manage and massage our HR data on a daily basis, then perform some replication and triggers across the environment. Shortly after, Bill retired. The setup Bill had created continued to live on, undocumented... under his old desk. Eventually, people forgot what this machine did exactly, they just knew it was important.

Eventually out of fear of hardware failure, the machine was virtualized. But still, no one knew exactly what this machine did, and it had a VERY POWERFUL user, just shy of domain administrator executing seemingly random commands. Multiple consultants had tried to discern it's exact function and all of them had failed. The machine represented a huge security risk because the OS was outdated and the privileges it had.

I got wind of the machine's presence shortly after I started and the disdain for it. So I told the CISO and my manager, "I speak dead languages! This sounds like fun!" Then I volunteered to try my hand at figuring it out. They gave me just over a month to perform an evaluation. It took a few days to get access to the machine. From there I cloned what I needed and began my analysis.

There were several hundred small helper applications written and chained together. These were specially written batch commands, but they were compiled to EXEs. After disassembling one, I managed to map out the runtime segments so I could ignore those on the other applications. This sped up my work dramatically and eventually after a few more days, I had a high level explanation of what the server did with everything. At this point, we were just shy of a week worth of time used, so we had a huge time buffer if we needed it.

The project manager was stoked! We sat down and determined what pieces of functionality were worth replicating and needed a more nuanced, in-depth analysis. After receiving my new orders, I went about implementing the required functionality and features into Sailpoint IIQ and documented the source. This process took only a few more days. Following that, a few more days of testing and verification, and everything needed was migrated in under 2 weeks.

Just in Time!
This was very fortunate timing too. Just before completion, a failed software deployment hit the VM. This deployment helpfully cleaned up temporary files, which included key files in the original program. This rendered the application dead in the water. Had I not taken the project on when I did, the effects could have been catastrophic. Restoring from a backup would have set the databases out of sync and wrong actions would have been performed.

The project was a huge success! It greatly enhanced our security posture, and the machine of ill repute was put to pasture. No one had expected it would be done, let alone that quickly. Shortly afterwards, just for fun, we decided to hold a "retirement party" for Bill's server. This remains one of my most fun and loved projects I worked on. I was able to accomplish something out of left field that nobody had suspected and completely blew away any expectation of timeline, while having a great time doing it.

Click for fullsize
The retirement party we threw for Bill's server

chevron_leftReturn to Project Portfolio