Hijacking .NET

Matt Solnit writes "What can I say - Dan Appleman never fails to please. In this e-book, he takes a look at 'hijacking' .NET by accessing private members in .NET classes. Private members are, in essence, pieces of code that you don't want other programmers to access. You use them to support your own code, and you make public the pieces that you want to make available to other developers. Typically, a language ensures that a member marked as private is hidden from anyone who doesn't have your source code, but Appleman shows how in .NET it's not so." Read on for more of Matt's review of this guide to tricking private members to do your bidding.

Hijacking .NET - Volume 1
author	Dan Appleman
pages	46
publisher	Dan Appleman
rating	10
reviewer	Matt Solnit
ISBN	(N/A)
summary	An eye-opening look at how you can use undocumented and private features from the .NET framework.

In the .NET Framework, it's possible to access a private member of any class -- your own, another developer's, or even the classes in the .NET Framework itself! Appleman demonstrates this with a great example that uses private members to get the list of groups that the current user is a member of -- in a single line of code -- by accessing a private member that is not exposed by the .NET Framework.

Appleman also explains the tradeoffs of using this technique. The code you're using is not documented, and it's not guaranteed to be present in future versions. He describes how to deal with these problems, and how to make the most of the technique while remaining relatively safe.

Once the basic technique is explained, Appleman takes you into how to find out what private members are available, and how to call them. He shows how to use the object browser available in Visual Studio .NET and the Microsoft IL Disassembler, freely available in the Framework SDK, to discover the private members in a class and determine how to call them correctly.

The example is great -- Dan shows you how he used "hijacking" with a collection of private members to develop a FileAccessControlList class that can be used to manipulate ACL's on Windows files. This is a piece of functionality that is not included with the .NET Framework, but developers have a need for all the time. To write the code from scratch would take days, including translating Windows API declarations to C# or another .NET language and poring over MSDN documentation. As it turns out, all the pieces are in the Framework -- they're just not public. Appleman accomplishes the task in under 200 lines of code, all of which is included with the e-book. As a bonus, you get a great introduction to how Windows security works, and how the example could be extended to other ACL-controlled things like Registry keys.

The fact that private in .NET isn't really private is something that isn't well known, and even if you're not interested in security, this e-book is worth a read just to get some insight into what you can do with the .NET framework, and what other people might someday try to do to your code.

As far as the author's writing style, I will say that Dan has a great knack for intuiting what needs to be explained and what doesn't. His laid-back approach makes everything seem fun -- this is a book you could read on a Saturday afternoon in a hammock.

This e-book is not for beginning .NET programmers, but should be easy for intermediate developers to understand. The whole text weighs in at just under 50 pages, and is well worth the cost of $9.95. Sample code is provided in both C# and VB .NET.

---

This e-book can be purchased and downloaded immediately from amazon.com or through the author's web site.

Conclusion

[borgdows]

If you code in a Microsoft programming language, you can't even trust your own code!

Microsoft maybe in deeeeeep trouble now

[dk.r*nger]

.. now we can just bypass this part of all Microsofts APIs:

public method doStuff ( &task ) {

if ( (int) (Math.rand() * 10) == 8) {
throwError(BSOD);
} else {
actuallyDoStuff ( &task );
}
}
}

private method actuallyDoStuff ( &task ) {

...

}

Unsure...

[cruppel]

I'm not sure I'd want people accessing my private parts :) Seriously though, isn't the goal of a class to disable another programmer, co-worker or not, from having access to potentially destructive options in a program? If you can use the private parts of a class then why use a class? I read this review twice just now, maybe I'm missing a key detail that would clarify.

Harumph

[renehollan]

...and here I thought that
((<sneaky_private_type_I_wanna_access> *)<void_starish_opaque_handle>)-><ha_take_that_hid den_member> = 0; was bad style.

Microsoft Security

[rossz]

As a bonus, you get a great introduction to how Windows security works

How is that possible. By his own statements he proves that Microsoft security DOES NOT work.

He just violated the DMCA!!!!!!!!!

[DailyGrind]

This is Microsofts secret attempt at putting all anti-MS developers in jail. They pick up the book, try to access private functions and data and presto --> just broke the law.

Soon the only developers that are not breaking the law will be those working for MS or using .NET

Why should they always bypass logic?

[ptaff]

So, a private member is not private.

All this fighting for Intellectual Property, for information privacy, DRM, to discover that actually, behind the scenes, in the Microsoft world,

a private member is not private

Look, ma, we'll sell this slow API, and on our side we'll use undocumented features, make private members public, get a performance boost and say afterwards we've got a better product and that it was all fair play.

Innovation, would say Ballmer.

Washington Strikes Again (see prior story)

[rc5-ray]

Read on for more of Matt's review of this guide to tricking private members to do your bidding.

In related news, Washington State has banned the sale of this book because of gratuitous discussion of "private members".

Re:Harumph

[Anonymous Coward]

I once saw the following hack to access a private member in a thirdparty library on the IRIX platform :

#define private public

Worked like a charm. A hack of some type was needed since the class in question did not release resources properly.

Sweet!

[mschoolbus]

I can finally call the BSOD member! uh.. nevermind...

Re:Microsoft maybe in deeeeeep trouble now

[kenthorvath]

Shouldn't that mean that certain users could have a higher saving throw vs. evil, and actually get their OS to work properly most of the time? May paladins using paladium won't experience any errors!

Don't do that!!!!

[Rajesh Raman]

You'll be arrested for breaking the DMCA!! After all what is a private method? Code that has access protection!

Besides, it's impolite to access stranger's privates if you weren't supposed to. If you're a 'friend', on the other hand, you presumably have access to all the privates of interest.

New .NET keyword

[kmahan]

Today Microsoft announced a major new feature in their .NET c# language. They have introduced a new keyword "really". To be used with the "private" keyword. By declaring something "really private" you can make sure that it will not be exported in a "blatantly obvious" manner.

For added security you can use the "really" keyword multiple times to define your level of security. So "really private" is less secure then "really really private".

Use of this keyword with other keywords such as "public" can have unpredictable results.

Re:But

[Anonymous Coward]

Well, it's more like they've made a better version of a square wheel and flogged it to Ogg the Clueless by saying "now with 10% less friction to make sliding your square-wheeled cart around easier...(small print: new improved square wheel only compatible with Millistone carts.)"

And all the while Urgth the Common with the funny Lisp has been giving round wheels with ball bearings away for free for years...

Not a problem at all

[MickLinux]

How could this ever be a problem?

This implies that Microsoft, in switching to the .net development model, is going open source!

Unofficially, of course. And people who implement it without being registered members of the Department of Homeland Security *could* be branded terrorist hijackers. But not to worry: only the evil ones will be. The others will accept automatic induction into the DHL framework.

Re:Conclusion

[Anonymous Coward]

Microsoft has secuirty holes in there software.

So as long as I run it here, I'm OK. Is that what you are saying?

Re:subtitled...

[Miguel de Icaza]

:-) or ...How to find out how Microsofts really complicated classes actually work so we can build ip-free clones for mono.