I am trying to write a program in c#. Part of it needs to be be able to detect if a file(mostly dlls, but some other aswell) is registered. And the user must then be able to select a file(or files) that he/she wants to register and the program must register it. It shouldnt just register all the files, the user must decide which to register
So mainly I am wonder how to detect if its registered, and how to register it
Thank you in advance for your help
EDIT: OK, so how do you detect if a .net assembly is registered from within a C# program?
You should define what does it mean "to be registered". Standard DLL files are NOT registered anywhere. (That's why can see chaos called "DLL Hell".)
Or is it COM?
COM components are registered using regsvr32.exe. You can call it to register your files. This is the simplest way. If you for some reason think you don't want this simple way, you can do it manually - read COM documentation on information how the component can register itself. (You load the file into your address space and let it register itself by calling the registering function in it.)
I don't know how to legally detect if a particular file is registered as a COM component host if you don't know what component is inside. But if you know the component, you can try to create the component. If the creation fails, the file is not registered yet.
Or are they .NET assembly files?
In .NET you are not allowed to "register" files at your will, you need administrator rights. (The process must run in elevated mode.) But again, you normally use these .NET DLL files without registration. Normally only well trusted core system components are registered in GAC. I think it can be a security hole if you try to add your private files into GAC. So I would ask if it is relly so important to have them registered there.
Related
I've successfully implemented a Pluginsystem in my WPF-Application:
Every Plugin has its own *.dll to be loaded and instantiated at the start of my App.
Are there any security issues caused by the fact that someone could develop a plugin and write everything in the constructor she/he wants to?
If so, how could I prevent this?
Think what you are looking for is AppDomain, here you can create an isolated sandbox and grant permissions for the running code. For example a specific folder for reading/writing.
https://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx
I am developing an application which will invoke a file created by third party application, everytime the file was placed in default location defined by third party application, I want to change the default file location on the fly, I mean I need an event which will trigger before the file has been created.
Short answer: NO, you can't know that without third-party provider help.
You seems to be looking for an early indication that a file will be created. You must check on your third party application provider if they offer any hook for the event you're looking for, as probably will be lots of business rules in place.
As workaround, you can set up a FileSystemWatcher object to monitor your default location and, if required, move the created file a more convenient location.
Xavier,
Do you want to change the default location in the 3rd party app? Your question does not expose your ultimate goal.
Unless there are side effect from the file being created by the 3rd party app, or from said files disappearance, then you can try to 'head it off at the pass'.
Let the app create it's file. You can use FileSystemWatch class to 'intercept' the file once it's created.
Your code can then move it to your new default folder and then invoke the app against that file. If the app needs the file to remain in that folder, then copy the file to your new location.
Hope that helps.
I can load up the control fine (pseudo code):
Set o = CreateObject("DevsoftCustom.CommControl")
Now, I need to find the file and directory for that ocx (so I can read the version stamp on the ocx, and read from a config file in that directory).
How is this done in C# and vb.net? (This project is in vb.net)
Now, I need to find the file and directory for that ocx
Assuming you are not using private COM registration, such information is in the registry.
HKCR\CLSID\<SOME-GUID>\LocalServer="<path>"
...or:
HKCR\<PROG-ID>\CLSID=<GUID> // use this GUID in the example above
Or if you don't want to use the registry you can make use of the native function CLSIDFromProgID(). Tell me more...
Here's an easy representation of Microsoft Outlook Date Control in OLE/COM Object Viewer.
You can use the OLE/COM Object Viewer to view a control's interfaces.
So in your case, look up the class ID in the registry based on the prog ID "DevsoftCustom.CommControl"
i.e.
Under HKCR, look for the key DevsoftCustom.CommControl
There will be a child key called CLSID, take note of the default value
Open HKCR\CLSID\ < your-key-from-step-2 >
The path will be in a subkey called LocalServer32
Using the Office example:
Once you know how COM works, its easy to implement the above in c#.
Isn't there a more direct way to ask the OS based on the object/control name?
Not that I'm aware of and as Damien mentioned, the point of COM (including OCX) is that you don't care where something is, you just want an instance.
The closest parallel is having a .NET assembly in the GAC where you want to create an instance of an object but don't want to have to worry about deploying the same assembly over and over on the same computer. Of course, the GAC serves far more purposes than that so that's where the comparison ends.
I'm looking into registering a directshow filter at runtime and probably need to use reflection to do this and then call regsvr32 somehow on binary data. Not sure if this is possible, sounds tricky. Basically I have a dll file that is a filter and I added it to the solution as an embedded resource but after this I'm stuck... not sure how to go about registering it. Does anybody have any insight? Is this possible to do or do I have to have the file existent to register it? Thanks.
Cheers.
Are you sure you need to register it? You only need to do it if it is to participate in Intelligent Connect. Otherwise you might just LoadLibrary the DLL and create an instance of the filter via DllGetClassObject bypassing COM instantiation. Good news you don't have to be administrator with elevated privileges to do this, as opposed to registering the filter DLL.
Then see also:
Embedding unmanaged dll into a managed C# dll
How can a C++ windows dll be merged into a C# application exe?
I have written an ActiveX control in C# and have made it working using regasm command, and it works fine as long as the security level is set to low.. Then as a next step I have made a .cab installer (ICD - Internet component downloader), and have signed my .cab file and ActiveX .dll file with a test certificate. when I hit the html page from my browser the installation parts works fine with default security settings of IE, but at the end it seems that nothing is installed and a red cross is shown on place of ActiveX. Moreover I have explored the Download Program Files folder under Windows directory, in status column it is showing word "unknown". while it is "installed" for all other activeX. what may be the problem.
Moreover if i use the regasm command to register the assembly it works fine, and I have signed the ActiveX but still I have to move the security bar to low in my browser setting? why it is so? then what is the purpose of signing? I have used RegisterServer=yes in my .inf file
Please let me know, if some one has gone through this problem already?
In order to run in IE, you also need to implement IObjectSafety so that IE knows that it is safe to be called by an untrusted caller and/or with untrusted data. (If it is actually safe, that is)
Personally, I have only done this in C++ & ATL, not C#, but here is a blog post that looks like it should help you achieve this in C#.
http://blog.devstone.com/aaron/2007/06/12/ImplementingIObjectSafetyInNETMarkingClassesSafeForScripting.aspx
The reason for this is that scripts by nefarious individuals may use your object to bypass the normal security offered by IE, so your ActiveX Object must defend against untrusted pages itself.
When you sign a cab, you are telling the user that the cab they are downloading is the one they think they are downloading - i.e. that some malicious individual hasn't replaced your cab with a dangerous one. If they trust you as a publisher, then they can trust that the ActiveXObject will not do anything evil on its own, or in combination with other code that they trust.
When you implement IObjectSafety, to return INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA, you are telling IE that the object cannot be used maliciously by anyone else, and is therefore safe to run in conjunction with code that the user doesn't explicitly trust.
For me the solution above doesn't work.
I needed to register also the tlb
with : regasm MyDll.DLL /tlb