|
|
Hello buddies,
I have some important questions and will be thankful if you help me get answers soon and accurate:
If I develop a commercial control for .NET platform,
1. How can I protect my code inside the .dll assembly (MSIL) from being decompiled and visible? there are some softwares out there that can reverse engineer a compiled .dll into a good source code.
2. How they give license and perform protective actions for such controls while if anyone purchase it can give the .dll to friends and they use it wihout any payment.
(If somebuddy can give a good source on web about these sort of commercial related knowledge I really appreciate)
3. Is it possible to make a control not to obey its container transparency? I mean a control that can have any opaque value independent of it's container's opaque value.
---
"Art happens when you least expect it."
|
|
|
|
|
Den2Fly wrote:
2. How they give license and perform protective actions for such controls while if anyone purchase it can give the .dll to friends and they use it wihout any payment.
Search for LicFileLicenseProvider class.
Den2Fly wrote:
3. Is it possible to make a control not to obey its container transparency? I mean a control that can have any opaque value independent of it's container's opaque value.
Look for ControlStyles Enumeration.
Mazy
No sig. available now.
|
|
|
|
|
Den2Fly wrote:
1. How can I protect my code inside the .dll assembly (MSIL) from being decompiled and visible? there are some softwares out there that can reverse engineer a compiled .dll into a good source code.
Compilers that target the CLR ALL produce Intermediate Language, or IL. This - like Java bytecode - allows the system to JIT the IL to native code and execute it, so that it can be run on any OS (Microsoft's problem with .NET is that it relies too much on native OS resources, but it does provide a consistent UI). The Microsoft .NET Framework SDK even comes with a disassembler, ildasm.exe. For those of us who can read IL, we don't even need decompilers like .NET Reflector[^] (though it is nice at times!). There are just as many problems that can output this source code as well, although I have yet to see one that does an impeckable job with more advanced source code (using all the tricks of the languages).
All you can do - which is true of any program in any language - is make it hard and, therefore, costly to do so. I remember the words of Bruce Schneier with questions like these, who basically says that anything is crackable - it's just a question about the cost of resources to do so.
Make your program work well and hide your important code in complexity, or write native DLLs and P/Invoke or interop (use COM to make this easy) the functions and components in those native DLLs. Keep in mind, though, that they too can be decompiled (though decompiling C/C++ libs is more difficult, more expensive, and less correct than with IL and bytecode).
You can get obfuscators to obfuscate private members, but for every obfuscator there is a de-obfuscator (and they've really never stopped me - and I'm sure others - anyway, from seeing how something is done for academic reasons).
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Maybe this is a dumb question Heath:
With ildasm.exe I can see functions and variables that are used in my assembly for each lines of codes,but not the VALUE of them. Does decomling with other tools are the same or they can show the value of them too?,for example Can I store a password in my codes in a varibale?
Mazy
No sig. available now.
|
|
|
|
|
It does show the value, either in the static constructor (.cctor) or in an instance constructor (.ctor), depending on where you initialize the fields. So no, you shouldn't store a password in your code if it protected anything important. Same goes for private keys you use to decrypt values. If you store the private key, someone need only extract it and decrypt your values, whether they are in IL or your app.config (or proprietary) file.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Heath Stewart wrote:
So no, you shouldn't store a password in your code if it protected anything important. Same goes for private keys you use to decrypt values
Thats the the thing I was thinking about. So where is good place to keep it? Unmanaged DLL? Or Databse? (but not all application need databse)Or...? This could means Unmanaged World won't end soon.
Mazy
No sig. available now.
|
|
|
|
|
Even a password stored in a native library isn't safe. First ask yourself why you need to store a password. Second, ask yourself what conditions are required of your application, like being Internet-aware. If it MUST be, you could always pull an encrypted password (say, through HTTPS - HTTP over SSL - using a Web Service or .NET Remoting, or even a simple GET or POST HTTP request) from the 'net.
If not, you should look into more advanced cryptography (like using the System.Security.Cryptography namespace elements). There are a couple tutorials here on CP, but you should try googling for some examples and discussions.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Heath Stewart wrote:
First ask yourself why you need to store a password. Second, ask yourself what conditions are required of your application, like being Internet-aware.
Yes,but where ever password is and where it goes through,the KEY for encryption MUST store somewhere. You say native dll is not safe too,so where is safe?(Or safest place other than programmer mind) Of course maybe some other encryption method which do not hash with given key and methods that are one way.
Mazy
No sig. available now.
|
|
|
|
|
ANYTHING you put in your assembly is visible to other people. If you use a password, they can see that. If you use a private key to decrypt information, they can see that. If you use a custom hash algorithm to hash your password so that only you can retrieve it (so you think), they can see that and run the same thing. Heck, even using the HTTPS mechanism I talked about can be replicated, but if your application accesses secure resources over the Internet, you at least have control over who/what you allow to access your service.
This is a big topic of software security and there are a lot of books and what-not out there.
If you're doing this for licensing reasons, there are more options available. Check out my article for instance, Using XML Digital Signatures for Application Licensing[^]. This is only conceptual, I remind you, and - being that it uses IL - it can be cracked (like I said before, anything can - it's just a question of the cost of resources compared to the cost of the information). You can bury the implementation in complexity, though.
There are many other solutions out there, too, such as XHEO[^] that use the same idea but gives you lots of default implementations (since mine is merely a discussion into the concept, not a full-blown solution) like communicating with a server. Some will even use a MAC address of a NIC or the ID on a CPU (for those that support it, although this can be very difficult and not reliable since not all CPUs have it (or enable it)).
.NET is hard to protect because of the ease of seeing information, which is why you might consider doing licensing in a native DLL - and there are many solutions and articles about this on the 'net.
Why am I mentioning licensing? Because you should allow your application to access protected resources with its own credentials because, as I said, those credentials can be hacked. Many applications will make use of Windows credentials, which are harder to hack and are provided by the Windows clients and servers. If you use licensing in your application, you (mostly) ensure that undesirable users aren't using your program, and that they use their credentials to access resources. There's also some lessons to be learned in these different approaches.
For instance, our application uses SQL Server over the LAN or through .NET Remoting on the Internet. We ask the user for credentials that are passed to SQL Server and validated. The program doesn't do this themselves - the person is required to provide credentials to protected resources. If we just let the application do it, we would have to store the same credentials for everyone (or encrypt them to an individual file for each person) which means that anyone can see them - even users that aren't paying for our system!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Well,Thank you Heat. I should read your articles very soon and my .NET Framwork Security book. Thanks for the information 
Mazy
No sig. available now.
|
|
|
|
|
Hi all
Ok I know this is not entirely related to C#, but it is related to any message board on CODE PROJECT
Do the messageboards on C/P have RSS links
thnx
Mohsen
|
|
|
|
|
|
Colin's right - you should post this in the Suggestions forum. I will tell you, though, that this has been requested many times and I believe it will be a feature of the new CodeProject to be written in ASP.NET (whenever that gets finished). I guess asking again won't hurt, though, just don't be surprised if you get a barrage of insults for re-posting! 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Well i don't really know whether i should be here, but i'm just after some advice really. I'm 18yrs old, and am studying C at the moment, which i'm finding challenging to say the least. I'm probably going to Leeds University to study Computer Science later on this year, and am just wondering if C and VB are the best languages to start off on? - This is what i've heard. I'm interested in gaining a grasp of object orientated stuff, as well as a more general purpose code, like C.
If anyone can shed any light on this, or just offer me some friendly advice to a beginner-programmer, then please please get in touch.
llitanzios85@hotmail.com
Thanks so much.
Lewis.
|
|
|
|
|
Probably the work issues / résumés / certification[^] forum is better... But I'll give you my opinion here anyway.
I'd say that if you want to do hardware control systems then C is the language of choice. If you want to do business oriented software then C# or VB.NET are better [if you are staying in the Microsoft world]. C++, in my opinion, is at a juncture. I've written windows applications with it and it is still used to create them, but C# is now better in that respect unless you need to coax the last clock-cycle out of the processor. C++ will be staying for a long time but as more enterprise systems get written in languages like C# then C++ will be relegated to legacy systems, OSes, hardware control systems and anything that requires very tight optimisation (in comparison to C#)
Perhaps if you let everyone know what area(s) you wish to go into on leaving university it might help guide a better answer. However, while at university you may find a preference for a particular language. (Some people even like COBOL  )
--Colin Mackay--
|
|
|
|
|
I use the following constructors:
FileStream str = new sio.FileStream
(filename,
FileMode.Open,
FileAccess.Read,
FileShare.Read);
m_Stream = new StreamReader (str, true);
But when I'm reading a byte at a time (polling in another thread), I can't write to the file I am reading.
I am simply opening the file in Notepad - but I get prompted each time I try to save in Notepad and it won't let me save the file my program is reading from.
Is this possible? I am implementing unix "tail" and I thought I could just open any file and read from it - without implicitly locking other software from writing to the file.
Any suggestions?
Thanks,
-Luther
|
|
|
|
|
FileShare.Read says that other processes may read the file. You need to specify FileShare.ReadWrite if other processes are to be able to read and write to the file.
--Colin Mackay--
|
|
|
|
|
|
I am trying to implement the unix "tail" command.
Currently, I read a byte at a time until no bytes remain, then I sleep for 1000 milli, then I try to read a byte at a time again.
I've always disliked manually polling. Is there a more efficient way to architect this implementation? I was looking for a unix "select" style function.
Thanks,
-Luther
|
|
|
|
|
Are you talking about 'tail' that writes a certain number of lines from the end of a file? First of all, this is open source so you can see how they do it. Second of all, why are you reading a single byte at a time?! You should be using a buffer, a.k.a. byte[] array. Finally, since 'tail' reads lines, you shouldn't be using buffers anyway, unless you want to parse the line endings which are different from OS to OS (and you should take into account all the different line ends like \n, \r\n, etc., to be compatible with *nix's 'tail').
Also, is this for academic purposes, or do you just need a utility to do so? If the latter is true, just download Cygwin[^] and put the bin directory in the %PATH% environment variable. If has many of these handy *nix utilities and it works great. It's also commonly used to easily port other *nix applications to Win32.
I don't know how 'tail' works exactly, or rather what is the best way to get the last 10 (default; or user-specified) lines. 'head' would obviously be easier! The best thing I could think about is to write a custom queue that only stores 10 lines (or a custom amount), automatically pushing the first one out when a new line is added. When you reach the end of the file, just print-out the queue. Based on some 'tail'-like source I've seen, this is pretty much the way it works (but I couldn't find the actual 'tail' source and don't have the source tarballs or SRPMs on my linux system).
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
You are right - but the specific TAIL functionality that I'm trying to implement is the continuous monitoring of a file. For example, as the webserver appends to the log file, I want the new text to appear on the screen.
Originally, I was using ReadLine but it seems to drop the first 4 chars of every read. I started Reading a byte at a time to be more explicit. I am currently using the buffer version of Read (as you suggest, I do in fact, need to differentiate unix and win32 newlines).
So - I am currently spawning a Thread, echoing the entire file to a TextBox, and then sleeping for 1 second. I then try to Read again. Instead of manually polling the file every second, I was wondering if there was a "select" style call that would BLOCK until some event happens to the file (new text was added to the file).
I thought about using ReadBlock, but it seems to return when it reaches the end of the data in the file. I need it to BLOCK if it can't read any more data in - not return. Maybe I'm doing something wrong.
Or, maybe I'm doing it the correct way already. I'll take a look at an open source impl of tail.
Many Thanks,
-Luther
|
|
|
|
|
lutherbaker wrote:
I'm trying to implement is the continuous monitoring of a file.
Look into the FileSystemWatcher component. It won't give you the specific changes, but it will be a good indication that a file has changed and then you can store a pointer and increment that to get the next lines.
lutherbaker wrote:
Originally, I was using ReadLine but it seems to drop the first 4 chars of every read.
 What characters are these that are getting skipped? I take it this is just a simple IIS log or something? I've never seen such behavior.
lutherbaker wrote:
I need it to BLOCK if it can't read any more data in - not return.
Perhaps not. The information is written as a unit (i.e., one line) so you can get that and the number of bytes actually read. When the file changes (see above), continue reading the next block at the offset of the original position plus the actual bytes read.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Yes, that is exactly what I'm doing. Tailing a simple webserver's log. Sounds like FileSystemWatcher presents a few new options.
If I can write a small app to predictably generate that odd ReadLine behavior, I will post it here. Otherwise, I'll just assume I was doing something odd.
Thank you again,
-LutherB
|
|
|
|
|
Ok, that works even faster and now I don't have to manually deal with threading.
As a side note, when using ReadLine, I noticed my problem again. Here's what I did:
Open notepad, type a few lines, DO NOT newline, save the file.
The tail callback works perfectly. The new text is echoed to the TextBox (I manually insert a new line since ReadLine stripped it.)
Type in a few more characters and save again (still, never typing a newline).
The tail callback misses the first two chars!!
So, I opened cygwin - and got the same behavior!!!
As I believe you explained, tail is reading a line at a time. When I don't type a newline and simply save new text into the file - expecting it to be echoed, it doesn't pick up the first two chars (something do to with expectation of \r\n I would guess).
If I DO type a newline and then save, the following text is read correctly from the first char.
So, that means ReadLine works just fine for what I'm doing - which further simplifies this.
Thanks,
-Luther
One last tidbit, I've implemented native calls to scroll the screen with line appended. Unfortunately, its possible these windows won't have focus when they are tailing files - and it seems that the built in TextBox/RichTextBox must have focus and move manually move the caret and then must scroll to the caret. Awfully cumbersome.
I've wrapped the calls in a class, but they are similar to this:
public readonly uint EM_LINESCROLL = 0x00B6;
public readonly uint EM_GETFIRSTVISIBLELINE = 0x00CE;
public readonly uint EM_GETLINECOUNT = 0x00BA;
[DllImport("User32.dll")]
public static extern int SendMessage(IntPtr hWnd, uint Msg, uint wParam, uint lparam);
private void button1_Click(object sender, System.EventArgs e)
{
int line = SendMessage(richTextBox1.Handle, EM_GETFIRSTVISIBLELINE, 0, 0);
int linecount = SendMessage(richTextBox1.Handle, EM_GETLINECOUNT, 0, 0);
SendMessage(richTextBox1.Handle, EM_LINESCROLL, 0, (uint)(linecount - line - 2));
}
Oddly, TextBox scrolls one line at at time. RichTextBox scrolls a page at a time ... unusable for what I'm doing.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
