Alik Levin's

Clarity, Technology, and Solving Problems | 

December, 2007

  • Alik Levin's

    Avoid Manipulating Passwords In Memory - It Is Easy To Reveal


    Revealing clear text passwords in memory seems to be a trivial task. This post describes how to reveal clear text passwords and what countermeasures to apply.

    Summary of steps:

    • Install WinDbg
    • Attach to process or open dump file
    • Load SOS .Net extensions for WinDbg
    • Enumerate threads
    • Enumerate objects in thread
    • Dump object's values
    • Countermeasures and guidelines

    Install WinDbg

    Download and install WinDbg as described in How to install Windbg and get your first memory dump.

    Attach to process or open dump file

    WinDbg can analyze both running processes and memory dumps which conveniently can be taken offsite for further investigation. I've created simple console application that accepts user name and password pair as its parameters and stores in local variables in memory:

    static void Main(string[] args)
        string userName = Console.ReadLine();
        string password = Console.ReadLine();


    Compile and run the application. I called it SecretsInMemory. This is how it looks when running:


    Attach WinDbg to the running application by opening File->Attach to a Process:


    and press Ok.

    Alternatively, we can create dump file - for detailed how-to refer to How to install Windbg and get your first memory dump.

    To Investigate resulting dump file in WinDbg open File->Open Crash Dump

    Load SOS .Net extensions for WinDbg

    To analyze .Net assemblies we need to load .Net extensions by typing .load sos and hitting Enter:


    Enumerate threads

    Run !threads command to enlist available threads:


    and then choose specific thread - use left most column for thread identification as follows ~[thread number goes here]s:


    Enumerate objects in thread

    Use !dso command to dump all objects in the thread:


    Dump object's values

    Use !do <object address> to dump specific object's values. Object address is a second column in the list generated by !dso command, the column named "Object" - just copy and paste it:


    The password is revealed either by attaching to the process or analyzing a crash file that was taken offsite.

    Countermeasures and guidelines

    As rule of thumb avoid using custom built identification and authentication mechanisms and leverage those that the infrastructure offers - preferably Windows Integrated authentication. In case where all options exhausted and there is no other way but accept end user credentials, refer to the following article - Using Credential Management in Windows XP and Windows Server 2003. Techniques described in the article allow to leverage built in mechanism of accepting credentials from end user in more secure manner. It also keeps common familiar look and feel across custom application and built in Windows mechanisms leaving less room for end user confusion.

    My related posts:

    Other resources:

  • Alik Levin's

    ASP.NET AJAX Control Toolkit - Basic Sample For DynamicPopulate Control


    How to dynamically populate the content of a control based on Web Service call triggered by another control? DynamicPopulate extender to the rescue:

    DynamicPopulate is a simple extender that replaces the contents of a control with the result of a web service or page method call. The method call returns a string of HTML that is inserted as the children of the target element.

    This post to summarize basic steps of using AJAX Control Toolkit's DynamicPopulate extender. Plus customer's case study of how it was implemented with ASP.NET Masterpage for performance and UX improvement.

    Summary of steps

    • Step 1 - Create ASP.NET Web Application
    • Step 2 - Add server side code
    • Step 3 - Add DynamicPopulate extender
    • Step 4 - Add client side script to use the extender behavior
    • Step 5 - Add client side event to invoke the client script
    • Step 6 - Test the solution

    Following section describes each step in details.

    "Then another ask came through - content page must update the sidebar that is part of the Master page...."
  • Step 1 - Create ASP.NET Web Application. Open Visual Studio 2008. Create new "ASP.NET Web Application" project, found under Web node in "New Project" dialog. Name it DynamicPopulateSample. Add site's Master Page by right clicking on the project in project explorer window, then "Add" ->  "New Item...", then choose "Master Page" template from the "New Item" dialog. Leave its default name. Drag Label control on the Master page from the Tool Box. The Label will be dynamically updated. Add new ASPX page by right clicking on the project in project explorer window, then "Add" -> "New Item....", then choose "Web Content Form". Specify it's Master Page by choosing Site1.Master. Name it default.aspx. Add two pure Html radio buttons to default.aspx. These will serve as a trigger to update the Label on the Master Page. Add AjaxControlToolkit.dll to the project's  bin folder and add reference to it.
  • Step 2 - Add server side code. Open default.aspx.cs code behind for default.aspx. Add the following function:
    public static string GetHtml(string contextKey)
        // A little pause to mimic a latent call
        // This is the place to perform server side
        // code like DB access
        return String.Format("Persona: {0}", contextKey);
  • Step 3 - Add DynamicPopulate extender. Register AjaxControlToolkit assembly inside the page. Add the following declaration right after <@Page...> directive 

    <%@ Register

    Add AJAX Script Manager to the page: 
    <asp:ScriptManager ID="ScriptManager1"runat="server"/>

    Add DynamicPopulateExtender control to the page:

    ServiceMethod="GetHtml" />

    Notice TargetControlID is set to "form1$Label1". This is the Label control to be updated with the Html string returned by the server side code I described in Step 2. $ notation means nesting - read "Label1 control inside form1 control". It can be any nesting depth. Save your work and then view in browser to make sure that no exceptions generated.

  • Step 4 - Add client side script to use the extender behavior.  So far, there is Label1 to be updated and it is sitting in the Mater page. There is DynamicPopulateExtender that defines the behavior. There is server side code to handle the request. Now add client script that makes the request to the server:

    <script type="text/javascript">
    updateDateKey(value) {
                var behavior = $find('dp1');
                if(behavior) {
            Sys.Application.add_load(function(){updateDateKey('Alik Levin');});

    Notice initialization function call - the last row. It invokes the client side function to call into server side for the first time when the page is rendered into the browser for the first time.

  • Step 5 - Add client side event to invoke the client script. The last part is adding the event that triggers the client side code to be invoked and thus making call to the server. Locate Html radio buttons that were created during Step 1, add onclick events to call the client side function:
    <input type="radio" 
           checked="checked" />click to set 'alik'<br/>
    <input type="radio" 
           value='levin' />click to set 'levin'
  • Step 6 - Test the solution. Save your work and view in browser. Click on the radio buttons and you should see how the Label in master page gets updated with respective values. It all happens with small delays simulated on the server by Sleep function. I think it is cool.
    • Case Study

    I was asked by a customer to offer a solution for very responsive UX [User Experience] while avoiding annoying refresh of the web page. Natural answer was AJAX. The customer also asked to provide the solution for common look and feel. Master pages was my answer. Then another ask came through - content page must update the sidebar that is part of the Master page.... hmm A-ha! Use DynamicPopulateExtender.

    My Related posts

    Sample VS2008 project that demonstrates DynamicPopulateExtender can be found on my SkyDrive:


    Watch UX [User Experience] in the video below:

    Video: DynamicPopulateExtender Demo


  • Alik Levin's

    Use DIR Command To Generate List Of Files And Store It In File

    DIR /S /B /A:-D
    I use simple DIR command to generate file lists. It serves me in many scenarios. For example, I use it to generate .Net assemblies list when I conduct preliminary scan as part of code inspection process. Here are the explanations to the switches:
    • /S - search sub folders
    • /B - bare format, no summaries and headings
    • /A:-D - no directories, files only

    To save generated list of files into text file simply add >C:\myfileslist.txt. The resulting command would look as follows:

    DIR /S /B /A:-D *.DLL >C:\myfileslist.txt

    My related posts:

  • Page 1 of 2 (6 items) 12