Hijacking .NET 561
Hijacking .NET - Volume 1 | |
author | Dan Appleman |
pages | 46 |
publisher | Dan Appleman |
rating | 10 |
reviewer | Matt Solnit |
ISBN | (N/A) |
summary | An eye-opening look at how you can use undocumented and private features from the .NET framework. |
In the .NET Framework, it's possible to access a private member of any class -- your own, another developer's, or even the classes in the .NET Framework itself! Appleman demonstrates this with a great example that uses private members to get the list of groups that the current user is a member of -- in a single line of code -- by accessing a private member that is not exposed by the .NET Framework.
Appleman also explains the tradeoffs of using this technique. The code you're using is not documented, and it's not guaranteed to be present in future versions. He describes how to deal with these problems, and how to make the most of the technique while remaining relatively safe.
Once the basic technique is explained, Appleman takes you into how to find out what private members are available, and how to call them. He shows how to use the object browser available in Visual Studio .NET and the Microsoft IL Disassembler, freely available in the Framework SDK, to discover the private members in a class and determine how to call them correctly.
The example is great -- Dan shows you how he used "hijacking" with a collection of private members to develop a FileAccessControlList class that can be used to manipulate ACL's on Windows files. This is a piece of functionality that is not included with the .NET Framework, but developers have a need for all the time. To write the code from scratch would take days, including translating Windows API declarations to C# or another .NET language and poring over MSDN documentation. As it turns out, all the pieces are in the Framework -- they're just not public. Appleman accomplishes the task in under 200 lines of code, all of which is included with the e-book. As a bonus, you get a great introduction to how Windows security works, and how the example could be extended to other ACL-controlled things like Registry keys.
The fact that private in .NET isn't really private is something that isn't well known, and even if you're not interested in security, this e-book is worth a read just to get some insight into what you can do with the .NET framework, and what other people might someday try to do to your code.
As far as the author's writing style, I will say that Dan has a great knack for intuiting what needs to be explained and what doesn't. His laid-back approach makes everything seem fun -- this is a book you could read on a Saturday afternoon in a hammock.
This e-book is not for beginning .NET programmers, but should be easy for intermediate developers to understand. The whole text weighs in at just under 50 pages, and is well worth the cost of $9.95. Sample code is provided in both C# and VB .NET.
This e-book can be purchased and downloaded immediately from amazon.com or through the author's web site.
Conclusion (Score:4, Funny)
Microsoft maybe in deeeeeep trouble now (Score:4, Funny)
public method doStuff ( &task ) {
if ( (int) (Math.rand() * 10) == 8) {
throwError(BSOD);
} else {
actuallyDoStuff ( &task );
}
}
}
private method actuallyDoStuff ( &task ) {
...
}
Unsure... (Score:4, Funny)
Harumph (Score:5, Funny)
((<sneaky_private_type_I_wanna_access> *)<void_starish_opaque_handle>)-><ha_take_that_hi
Microsoft Security (Score:4, Funny)
He just violated the DMCA!!!!!!!!! (Score:1, Funny)
Soon the only developers that are not breaking the law will be those working for MS or using
Why should they always bypass logic? (Score:3, Funny)
All this fighting for Intellectual Property, for information privacy, DRM, to discover that actually, behind the scenes, in the Microsoft world,
a private member is not private
Look, ma, we'll sell this slow API, and on our side we'll use undocumented features, make private members public, get a performance boost and say afterwards we've got a better product and that it was all fair play.
Innovation, would say Ballmer.
Washington Strikes Again (see prior story) (Score:5, Funny)
In related news, Washington State has banned the sale of this book because of gratuitous discussion of "private members".
Re:Harumph (Score:1, Funny)
#define private public
Worked like a charm. A hack of some type was needed since the class in question did not release resources properly.
Sweet! (Score:3, Funny)
Re:Microsoft maybe in deeeeeep trouble now (Score:3, Funny)
Don't do that!!!! (Score:2, Funny)
Besides, it's impolite to access stranger's privates if you weren't supposed to. If you're a 'friend', on the other hand, you presumably have access to all the privates of interest.
New .NET keyword (Score:2, Funny)
For added security you can use the "really" keyword multiple times to define your level of security. So "really private" is less secure then "really really private".
Use of this keyword with other keywords such as "public" can have unpredictable results.
Re:But (Score:1, Funny)
And all the while Urgth the Common with the funny Lisp has been giving round wheels with ball bearings away for free for years...
Not a problem at all (Score:4, Funny)
This implies that Microsoft, in switching to the
Unofficially, of course. And people who implement it without being registered members of the Department of Homeland Security *could* be branded terrorist hijackers. But not to worry: only the evil ones will be. The others will accept automatic induction into the DHL framework.
Re:Conclusion (Score:3, Funny)
So as long as I run it here, I'm OK. Is that what you are saying?
Re:subtitled... (Score:1, Funny)