• .NET Security Blog

    A Few Observations about Raw Signatures

    • 3 Comments
    Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday : You can figure out the size of the key used to sign an assembly based upon the size of the signature...
  • .NET Security Blog

    Finding the Raw Strong Name Signature

    • 5 Comments
    Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual...
  • .NET Security Blog

    Shri Starts Blogging

    • 0 Comments
    Shri started up a blog today , joining David as members of the JIT team on MSDN blogs. His first post is on how the x86 JIT implements a tail call ... and why its not as fast as it could be. Now that Shri has a blog, the percentage of people in my hallway...
  • .NET Security Blog

    What Happens When You Sign With A Larger Key

    • 5 Comments
    In response to last Friday's post about creating a key that's longer than 1024 bits, Nicole wondered if anyone had tried doing this, and what the results might be. I just created a 16,384 bit key on beta 1 of the framework (confirming Eugene's time estimate...
  • .NET Security Blog

    Generating Larger Keys with SN

    • 13 Comments
    A while back, I wrote about using the StrongNameKeyGenEx API to generate keys to sign assemblies with. That API lets you pass in a dwKeySize parameter to specify the number of bits to generate in the key. If you're calling the API from your own code,...
  • .NET Security Blog

    ClickOnce vs MSI on MSDN

    • 2 Comments
    The Smart Client Developer Center on MSDN is running an overview of ClickOnce and comparing it to MSI . One of the areas where ClickOnce comes out on top is security sandboxing (or permission elevation, depending on how you look at it). Looking closely...
  • .NET Security Blog

    Mike Stall on Finding the Real Exception Call stack

    • 1 Comments
    Mike's got an interesting piece up today about using WinDbg to find the actual call stack of an unmanaged (or managed for that matter) exception . It's this kind of power debugging technique that makes WinDbg my all time favorite debugger.
  • .NET Security Blog

    Removing Permissions From FullTrust

    • 6 Comments
    Executing the following code: PermissionSet ps = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Before Removing Permissions:"); Console.WriteLine(ps.ToXml().ToString()); ps.RemovePermission( typeof (RegistryPermission)); Console.WriteLine...
  • .NET Security Blog

    How to link to an ActiveX Control from a Strongly Named Assembly

    • 3 Comments
    Windows Forms has a feature that allows you to use an ActiveX control on your managed form. All you have to do is add the control to your toolbox, and VS takes care of the rest behind the scenes. But this feature has a bit of a problem when it comes to...
  • .NET Security Blog

    Using CasPol to Fully Trust a Share

    • 73 Comments
    Since network shares by default only get LocalIntranet permissions, it's relatively common to want to use CasPol to fully trust some shares that you control and know are safe. However, CasPol syntax being what it is, the command to do this isn't immediately...
  • .NET Security Blog

    Home for the Holidays

    • 2 Comments
    I'm going to be on vacation until the end of December, so this blog will be going dark for about a week and a half. It'll be nice to get away for a while, especially since I haven't taken a vacation since last December ... I'm definitely looking forward...
  • .NET Security Blog

    Why Do I Still Get an Exception Accessing a File with Full FileIOPermission?

    • 5 Comments
    This issue (and its cousin: Why Do I Still Get an Exception Accessing the Registry with Full RegistryPermission?) come up fairly frequently on the newsgroups. The reasoning is actually very simple. The exception being thrown in these cases arises from...
  • .NET Security Blog

    Hitting the Mailbag

    • 2 Comments
    I've gotten quite a few questions from this blog over the past several months. And although I can't answer all of them, here's some quick answers to some of the more common ones. If you do have more questions, its usually best to post them in the comments...
  • .NET Security Blog

    Handling Assemblies that Won't Load: Method 2.1

    • 0 Comments
    Yesterday , I showed an alternate to the shim method of gracefully failing from an assembly using an AppDomainManager . However, as David pointed out this method isn't particularly useful if you're going to be using it to detect failure to load your main...
  • .NET Security Blog

    Handling Entry Assemblies that Won't Load: Method 2

    • 3 Comments
    The last two days we worked on a shim application that allowed us to handle gracefully the condition where a program's main assembly will not load due to declarative security issues . While we were definitely able to improve on the shim yesterday, there...
  • .NET Security Blog

    Handling Entry Assemblies that Won't Load: Method 1.1

    • 2 Comments
    Yesterday we developed a simple Shim application in order to fail gracefully when our application's entry assembly doesn't have enough permission to meet its minimum grant set, and therefore won't be loaded. However, there were quite a few problems with...
  • .NET Security Blog

    Handling Entry Assemblies that Won't Load: Method 1

    • 8 Comments
    Last week, when I posted about failing to run in partial trust gracefully , the method I showed only worked if your main assembly could be loaded. However, if it has a minimum permission request that cannot be satisfied, your main method won't ever be...
  • .NET Security Blog

    Managed StrongName Refactoring Complete

    • 2 Comments
    I've completed refactoring the Managed StrongName project , and I've uploaded the new sources. The changes I made were all pretty much what I laid out in the previous post. We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName...
  • .NET Security Blog

    MS.StrongName\Signatures.cs

    • 0 Comments
    1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using MS.StrongName.Native; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// Class that exposes the managed StrongName API for dealing with signatures...
  • .NET Security Blog

    MS.StrongName\KeyFile.cs

    • 4 Comments
    1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using System.Security; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// KeyFile I/O methods 11 /// </ summary > 12 public static class KeyFile...
  • .NET Security Blog

    MS.StrongName\KeyStore.cs

    • 0 Comments
    1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Key stores available for use 7 /// </ summary > 8 public enum KeyStore 9 { 10 /// < summary > 11 /// Machine wide key store 12 /// </ summary > 13 Machine...
  • .NET Security Blog

    MS.StrongName\Keys.cs

    • 1 Comments
    1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.Runtime.InteropServices; 5 using System.Security; 6 using Microsoft.Win32; 7 using MS.StrongName.Native; 8 9 namespace MS.StrongName 10 { 11 /// < summary >...
  • .NET Security Blog

    MS.StrongName\MS.StrongName.txt

    • 0 Comments
    1 BadFile=Invalid file specified: {0} 2 BadOperation=Error completing operation: {0} 3 CouldNotOpenMachineStoreKey=Could not open the strong name configuration key 4 InternalError=Internal error processing request 5 InvalidAssemblyName=Invalid assembly...
  • .NET Security Blog

    MS.StrongName\Registry.cs

    • 0 Comments
    1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Constants for the configuraiton registry keys 7 /// </ summary > 8 internal static class Registry 9 { 10 /// < summary > 11 /// Name of the registry key under HKLM...
  • .NET Security Blog

    MS.StrongName\Utility.cs

    • 0 Comments
    1 using System; 2 using System.Diagnostics; 3 using System.IO; 4 using System.Security; 5 using System.Runtime.InteropServices; 6 using MS.StrongName.Native; 7 8 namespace MS.StrongName 9 { 10 /// < summary > 11 /// General-purpose utility methods...
Page 9 of 15 (368 items) «7891011»