MovePInvokesToNativeMethodsClass fires on P/Invokes (ie methods marked with DllImport) that are not members of one of the following classes; NativeMethods, SafeNativeMethods or UnsafeNativeMethods.
For example, the following sample fires this warning.[C#]using System;using System.Runtime.InteropServices;
Imports
Public NotInheritable
' Violates MovePInvokesToNativeMethodsClass <DllImport("kernal32.dll", CharSet:=CharSet.Auto)> _ Friend Shared Function RemoveDirectory(ByVal Name As String) As Boolean End Function
End Class
For most applications, moving P/Invokes to a new class called NativeMethods is typically enough. However, in situations where you are developing reusable libraries for use in other applications then you should also consider defining two other classes called SafeNativeMethods and UnsafeNativeMethods. Both of these classes are similar to the NativeMethods class, however, they are marked with a special attribute called SuppressUnmanagedCodeSecurityAttribute. Applying this attribute causes the runtime to avoid performing a full stack walk to make sure that all callers have the UnmanagedCode permission when calling the p/invoke methods containing within these classes. The runtime will check your library for this permission at startup, however, not the assemblies that reference it. This can greatly improve performance when calling unmanaged code and also allows code with limited permissions to call these methods.
However, using this attribute should not be taken lightly, as implemented incorrectly it can actually have serious security implications.
NativeMethods
As the NativeMethods class should not be marked with SuppressUnmanagedCodeAttribute, P/Invokes placed within in it, will require UnmanagedCode permission. As most applications run from the local machine and run with FullTrust, this is usually not a problem. However, if you developing reusable libraries, you should instead consider defining a SafeNativeMethods or UnsafeNativeMethods class.
The following example shows a method Interaction.Beep that wraps the MessageBeep function from user32.dll, the MessageBeep P/Invoke is placed within the NativeMethods class.
[C#]using System;using System.Runtime.InteropServices;using System.ComponentModel;
public
internal
[Visual Basic]Imports SystemImports System.Runtime.InteropServicesImports System.ComponentModel
Public
Private Sub New() End Sub
' Callers require Unmanaged permission Public Shared Sub Beep()
' No need to demand a permission as callers of Interaction.Beep ' will require UnmanagedCode permission If Not NativeMethods.MessageBeep(-1) Then Throw New Win32Exception() End If End Sub
Friend NotInheritable Class NativeMethods
<DllImport("user32.dll", CharSet:=CharSet.Auto)> _ Friend Shared Function MessageBeep(ByVal uType As Integer) As <MarshalAs(UnmanagedType.Bool)> Boolean End Function
In the example above, any assembly that calls NativeMethod.MessageBeep or Interaction.Beep will require UnmanagedCode permission.
SafeNativeMethods
P/Invoke methods that are safe to be exposed to any application and do not have any side effects should be placed in a class called SafeNativeMethods . No permissions need to be demanded and you do not need to pay too much attention to where they are getting called.
The following example shows a property Environment.TickCount that wraps the GetTickCount function from kernel32.dll.
[C#]using System;using System.Runtime.InteropServices;using System.Security;
[SuppressUnmanagedCodeSecurityAttribute]internal static class SafeNativeMethods{ [DllImport("kernel32.dll", CharSet = CharSet.Auto, ExactSpelling = true)] internal static extern int GetTickCount();} [Visual Basic]
' Callers do not require Unmanaged permission
Public Shared ReadOnly Property TickCount() As Integer Get ' No need to demand a permission in place of ' UnmanagedCode as GetTickCount is considered ' a safe method Return SafeNativeMethods.GetTickCount() End Get End Property
<SuppressUnmanagedCodeSecurityAttribute()> _Friend NotInheritable Class SafeNativeMethods Private Sub New() End Sub
<DllImport("kernel32.dll", CharSet:=CharSet.Auto, ExactSpelling:=True)> _ Friend Shared Function GetTickCount() As Integer End Function
In the above example, although the assembly that defines Environment.TickCount still requires UnmanagedCode permission, any callers of it do not.
UnsafeNativeMethods
P/Invoke methods that are not safe to be called by anyone and can cause side effects should be placed in a class called UnsafeNativeMethods . These methods should be either stringently checked to make sure that they are not being exposed to the user inadvertently (the rule Review SuppressUnmanagedCodeSecurity usage can help with this) or should have another permission demanded in place of UnmanagedCode when using them.
The following example shows a method Cursor.Hide that wraps the ShowCursor function from user32.dll.
[C#]using System;using System.Runtime.InteropServices;using System.Security;using System.Security.Permissions;
public static class Cursor{ // Callers do not require UnmanagedCode permission, however, // they do require UIPermissionWindow.AllWindows public static void Hide() { // Need to demand an appropriate permission // in place of UnmanagedCode permission as // ShowCursor is not considered a safe method new UIPermission(UIPermissionWindow.AllWindows).Demand(); UnsafeNativeMethods.ShowCursor(false); }}
[SuppressUnmanagedCodeSecurityAttribute]internal static class UnsafeNativeMethods{ [DllImport("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true)] internal static extern int ShowCursor([MarshalAs(UnmanagedType.Bool)]bool bShow);}[Visual Basic]
' Callers do not require Unmanaged permission, however, ' they do require UIPermission.AllWindows Public Shared Sub Hide() ' Need to demand an appropriate permission ' in place of UnmanagedCode permission as ' ShowCursor is not considered a safe method Dim permission As New UIPermission(UIPermissionWindow.AllWindows) permission.Demand() UnsafeNativeMethods.ShowCursor(False) End Sub
<SuppressUnmanagedCodeSecurityAttribute()> _Friend NotInheritable Class UnsafeNativeMethods
<DllImport("user32.dll", CharSet:=CharSet.Auto, ExactSpelling:=True)> _ Friend Shared Function ShowCursor(<MarshalAs(UnmanagedType.Bool)> ByVal bShow As Boolean) As Integer End Function
In the above example, although the assembly that defines Cursor.Hide still requires UnmanagedCode permission, any callers of it do not. In place of UnmanagedCode however, callers will require UIPermission.AllWindows.