Over the last week or so I've seen a few questions pop up multiple times. In no particular order:
Q: Is calling a virtual method with a non-virtual call verifiable?
A: It depends :-) In v1.x of the CLR this was verifiable. We made a change in v2.0 which disallows a non-virtual call to a virtual method. Joe Duffy has a good writeup about this change and why we made it on his blog. Note that going the other way is verifiable -- using a callvirt to call a non-virtual function works just fine. In fact ildasm shows that the C# compiler always emits a callvirt regardless of the target being virtual or not.
Q: I want to create a signature using RSA and SHA-256, is that possible with the managed classes?
A: Not as of v2.0. The fundamental problem is that our only RSA implementation, RSACryptoServiceProvider, uses CAPI to do its work. However our only SHA-256 implementation, SHA256Managed is unknown to CAPI. This is on our radar for the next CLR release though.
Q: Is there any way to use ADMHost with a WinForms app so that the console window doesn't show up?
A: Sure. The underlying issue here is that in Windows, a PE image has its subsystem burned into its IMAGE_OPTIONAL_HEADER. Generally this is one of IMAGE_SUBSYSTEM_CUI or IMAGE_SUBSYSTEM_GUI ... although there are other options (they're listed under the comment "subsystem values" in winnt.h of the platform SDK if you're interested). Applications with a CUI subsystem always run with a console, weather or not they use it. (Windows has no way of knowing ahead of time if you do plan on using it or not). The opposite is true of GUI apps, which by default will not have a console window.
ADMHost.exe by default is compiled as a console application, using the CUI subsystem. Switch it to a Windows application and the console will go away. You can do this in the ADMHost.exe properties -- change the subsystem type to Windows.