I'm trying to create a system that will be very modular. with the idea in mind that no module should really know about any other module (each running in it's own process).
There will be another program that will open, and will be able to tell what these modules will send and receive(this I largely have covered).
the issue I'm having at the moment, is there a way for me to be able to interrogate the application inside another process, or app domain? and in so doing late bind these modules together.
EG:
A module that can broadcast 'X' at runtime will be liked to a module that can accept 'X'.
This may be quite vague, and if so please ask me to clarify on anything I have not covered.
Right now, I Just need to know if it is possible to interrogate a process, and if so how? I Am fairly new to this but my initial research hasn't taken me to far.
I modeled a system like this recently for a personal home automation system. Basically, I'd want to be able to have certain sensors (microphones, cameras, etc.) broadcast what they have, and have other computers or programs get that information whenever they need it, without knowing exactly who is going to be getting the data at compile time.
If this sounds like what you're looking for, I'd look into a Pub-Sub style architecture.
http://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern
You're not really interrogating the process in this kind of architecture, but I think you get a similar result. Basically, you'll have one main pub-sub server.
In the Diagram above, Clients 2 and 3 "subscribe" to receive a specific kind of message. The server knows who is subscribed to what, so that when Client 1 sends that message, the server knows it needs to route it to the correct clients.
I hope this helps.
EDIT: After re-reading your question, I feel that you may have already gotten this far. Maybe all you need is something like
http://msdn.microsoft.com/en-us/library/bb546102(v=vs.110).aspx
Pipes allow you to pass some information between processes. You'll have to serialize and de-serialize the data across the pipe, but this (coupled with a pub-sub architecture) should give you what you need.
Related
I want to get the list of window services and their ports in C#. I'm able to get all window services by using ServiceController but I'm unable to get ports of these services.
Please check this question on stackoverlow. It is not exactly the same as you are asking, but it points to a useful function called GetExtendedTcpTable available through PInvoke, that can do what you need. Also check this one.
After a lot of looking around I found that there's undocumented "OwningModuleInfo" in MIB_TCPROW_OWNER_MODULE structure.
Then looking for that I found this comment:
Weird issue regarding GetOwnerModuleFromTcpEntry when targeting x64
"I have reached the conclusion that the first item in the array is the index of the service in the list of running services, ..."
So the answer to the question would then be to use that to get name info that netstat -b shows (service name and address+port), filtering for your desired service. I found this https://github.com/Loriowar/IpHlpApidotnet lib which has bunch of related code already set up except for this feature.
Other useful links :
Marshalling Struct with Array of Struct Member
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366911(v=vs.85).aspx
The answers to similar questions always propose using Iphlpapi but it is not at all clear how would you get the RpcSs (service name) in this netstat -ban copy paste:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
Or the Schedule here:
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
I looked for solution to this and didn't find anything (-easy). Netstat calls into some undocumented functions in Iphlpapi but it's not clear whether it gets the service name from Iphlpapi or somehow uses the pid from Iphlpapi and uses something else to get the service name. I'm not really tempted spend time with a debugger to answer this because..:
However ideally one wouldn't want to use a polling-style approach from C# anyway. It would be more appropriate to use ETW. I think the lack of examples of using it from C# is because there's some overhead to getting started with it and examples around may be specific to other type of tracing/monitoring scenarios.
Summary: If you are short on time to implement this, just saving the netstat output seems to be the "solution". Ideally I would have liked to find a simple to use C# example to monitor any network connections and figuring out what service or process handled/initiated them along with possible firewall changes. I believe doing both is possible with ETW but for my current needs its hard to justify the unknown amount of time needed to get that working. I have atleast figured out that "logman query providers" lists the providers, then you need to do something to enable the provider (and driver support for tracing in some cases like packet capture). There's a C# project for using ETW around. But it's not at all clear how much effort it would be to reproduce the netstat output with ETW.
Apps downloaded from the Windows Store are installed in this location:
C:\Program Files\WindowsApps
If you look inside this folder you can access each application's .exe and use reflector to decompile them.
Currently, my Windows RT application sends a password over SSL to a WCF service to ensure that only people using my app can access my database (via the service).
If my code can be read by anybody, how can I ensure that only people using my Windows 8 app are accessing the service?
Thanks!
In the very general sense, it is impossible. If ever you create anything that is placed on the customer's computer, eventually you will stumble upon someone that will manage to decipher your code and understand how to call your service. You may obfuscate it into insane levels, but still it has to be executable by the processor, so the processor has to understand it. And if it does, then potentially anyone knowing assembly can understand it too. You may smartly obfuscate it so that it will be very time-consuming to cleanup the code from unimportant trash, but still, at some point of time someone will read it.
One of common defenses is in trying to detect who* is actually trying to use your service. This is why all the "portals" require you to "register". This way, the application identity is marginalized and it is the user who provides login, password, PGP keys, etc is checked and verified whether he/she is allowed to actually run your service.
Also, on the OS/framework layer, there are several ways to selectively provide "licenses" to your customers and then in your application you may use keys/hashes from the licenses to authenticate in your service. This may partially remove from the user the burden of remebering the passwords etc, or it may provide an additional authentication factor, or it may simply be a yes-no flag that allows to run the app or not. Still, it will not guard your code against being read. Licenses just help in verifying if the software copy is legit and if belongs to that specific user/computer.
You may act selectively only against 'reflectoring' (or dotpeeking, or ildasming, or ...). Those tools really make the decompilation easy (although the original reflector is now paid software). So, the simpliest form would be to use obfuscator that will make the decompilation impossible or harder - that cuts some percentage of the potential code-readers and you can assume scriptkiddies are gone. You may ignore obfuscators and you may write the service connector in native code (C++, not C++/cli). That will make the code completely un-reflectorable and un-ildasmable, and that will cut off another large percentage of people, but with some will still be left (me and thousands of others, but that's much less than millions).
While this does not give you definitive answer, I wanted to show you that you can only get some "level of hardness", but you cannot make it totally safe from being read. This is why you should focus on making the service access in that way, that showing your code to a stranger on the street does not compromise your security.
Now gettint to your problem: the core thing seems to lie not in the fact that your app uses some secret algorithms, but rather - that you have hardcoded the password in. You see, there's with this approach, they do not need to read your code at all. They just need to listen what data your app sends over the sockets..
Another issue is that everyone uses the same keyphrase.
A hardcoded magic string may be some sort of validation, but never authentication. If you want the app to be register-free, make the registration silent and automatic at first run? Of course, you will just bounce the problem: anyone could read the code and learn how to autoregister, and then they will make a clone.. But, again, like I've said: you never know who's on the other side. Is it your app, or is it an ideal-clone of it? Or maybe is it a clone that uses your own hacked-a-bit libraries to connect to you? If it looks like a duck, and quacks like a duck, it is a duck..
Im building a small winforms app using: ayende rhino licensing. The licensing is working fine, I can create licences and distribute them as I choose.
The problem is, How do I make each license work on just one machine? I know there is a class in ayende's project called LicensingService which I believe does something like what I'm trying to do, but I just cant figure it out. I've done quite a bit of searching and couldnt really find any tutorials except this one.
Maybe someone has implemented this, or has some tips on how I could accomplish this? I do have access to a webserver, if that helps.
Any help is much appreciated, as always.
Depends how annoying you want to make it for your users to be honest. You could implement a HWID (see How to fast get Hardware-ID in C#? on how to generate them) which will be unique from system to system, then have your program check if the HWID matches the ID found to the place you store them on-line (usually by using a database).
Needless to say, this will make your application require internet connection in order to run which might be a bit frustrating for your users.
Or you can merge the HWID with the serial and have your application do the same to verify if they match, but that would be easily cracked by the average cracker.
In the end of the day, .net isn't the best as far as security goes since you can easily get the source code and modify the assemblies as needed to patch certain protections. Keep that in mind when deciding what route you want to take to protect your software.
I do not know what exactly is a rhino licensing. To tackle your need generally there are two approaches.
Either give some randomly generated password to the client machine, and maintain a pool of passwords in your server. Each time a password is entered to register the application in a local machine, check if it was already registered elsewhere by connecting to your server via internet.
Or, what we do is, generate a code unique to that machine (perhaps a hash of some unique machine id, say mac id) and get the client sent it to you. You would then rehash the code and send it back using some logic. Now when the client enters this code to his machine do the same thing: fetch the very machine id, do the same rehashing using the same some logicand check if it matches.
I cant think of anything else
For this post, I'm looking for more conceptual help than a specific technical solution (although anything helps).
Basically, I've been asked to automate an XML HTTP POST through an application layer. I've never done anything like this before, so I'm a bit confused where to even start on a high level. It would be great if someone could share with me what steps I would need to take to accomplish this task. Here is some more background information:
Currently, our company uses an application (we'll call it Program.exe) on a daily basis to design front-end interfaces with a visual editor. Once the interface is completed, Program.exe creates JSP files and submits them to the server. Unfortunately, the process of creating and sending the files takes an awfully large number of clicks, so management would like to automate this process by running a script that would take the project files from Program.exe, convert them to JSP and accurately submit them through the application layer of Program.exe to the appropriate server.
So far I have used WireShark to sniff the packets of a simple transaction using Program.exe and discovered a number of HTTP/XML POST packets that contained XML data with information like "Current File Name" "User name" and more. Curiously, all of these data items were submitted in different packets, not all in one. There are also multiple references to SOAP. (I have almost no knowledge of SOAP, except that it exists)
At this point, this is all of the information I have. I am unsure what steps I should take from here. I would really like to understand this process on a high level, so any conceptual information would be greatly appreciated.
Finally, we use C# primarily for these sorts of tasks, so if someone would like to share a technical solution feel free to use C#.
Thank you all very much.
I would tackle this by completely ignoring the expected method of solving the problem (generating an HTTP POST) and instead focusing on what the actual problem is.
What are your inputs? A bunch of JSP files by the sound of it.
What are your outputs? The same bunch of JSP files.
What has to be accomplished? Moving the inputs from one know location to another.
Now with a well defined problem, a solution is much more likely to clearly present itself.
For example, by looking at the problem I've defined I would think that XCopy would be an elegant solution to the problem.
Any time I get handed a solution and then told to go solve a certain problem, I am always highly suspicious of the tool I've been given. If they knew that this was the best solution to the problem, why didn't they do it themselves?
My advice: Find your own solution.
Hope that helps!
I need to design a new API which models networked devices which have a large amount of attributes which vary quite a lot based on the device's type. The attribute set is not totally arbitrary though, it is a big set of known attributes. That said, with new devices come new attributes so the situation is never totally fixed.
The network devices themselves come and go all the time so that's a central part of the API design. Also, it would be preferable to get updates on the attributes/attribute sets via some variant of the Observer pattern.
Note: I'm not talking about network management, although this might sound like that. That said, the APIs on those systems might very well be suitable/worth looking at.
So my question is, do you know any good APIs out there in the Open Source world from which I could learn and derive some inspiration from?
The system will be Java-based so the examples would preferably be from close relative languages, e.g. Java (of course :)), C#, Scala and other similar statically typed languages.
I'm not sure what exactly your API is intended to do, but I'm guessing that since the network devices "come and go all the time" and that you wanted to use the observer pattern, you're looking for something that can get updates on the current state of stuff out on the network.
Have you looked at SLP? It's a pub/sub protocol that may do what you want: it lets network devices broadcast their presence and properties out over the network and also listen for other people. It works over TCP and UDP (unicast and multicast).
There's a couple of java implementations around (like jslp for example), but I was never entirely satisfied with them (so I ended up writing my own). As far as C# goes, I couldn't find one easily.
Not positive that I understand your question completely, but I'll give it a shot.
Are you looking for a way to allow a device to publicize its attributes when it is on a network? If so, there really isn't a good way unless you write code that understands now to interact with the device. After you have something like that, all you need to have is a class which holds attribute data in some type of data structure of your liking. For updating, you will probably need to poll the devices periodically unless they have a way of reporting when their attributes change:
Dictionary<string, Dictionary<string, string>> deviceAttributes = new
Dictionary<string, Dictionary<string, string>>();
void AddAttribute(string deviceIdentifier, string attribute, string value)
{
if(!deviceAttributes.Keys.Contains(deviceIdentifier))
deviceAttributes.Add(deviceIdentifier, new Dictionary(attribute, value);
else
deviceAttributes[deviceIdentifier].Add(attribute, value);
}
If each device has some kind of standard method for retrieving the attributes of interest, you can write code that would accept an array of whatever and add that to the data structure using a for or foreach loop. I can't really say more without more specific knowledge of what you are trying to do.
I might look at LDAP/ActiveDirectory/ADAM(User Mode Active Directory) . . .
TheEruditeTroglodyte