RE: Block the debugger from seeing values of variables
From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 03/18/04
- Next message: Jonathan Ruckert: "RE: Impersonate User"
- Previous message: Jonathan Ruckert: "RE: Forms based security"
- In reply to: C P: "Block the debugger from seeing values of variables"
- Next in thread: C P: "Re: Block the debugger from seeing values of variables"
- Reply: C P: "Re: Block the debugger from seeing values of variables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Mar 2004 00:12:40 GMT
Hi Chris,
The short answer: Yes, they can see this information.
The longer answer: Running a debugger is a highly privileged operation on Windows. Under a debugger you can do things such as
modify and change arbitrary memory, change registers, play with data structures, etc. Even if the framework didn't support showing private
variables to managed debuggers (Which would make debugging your own classes much much harder), all the third party would have to do would
be to attach an unmanaged debugger to your process and look at the memory space, where they could very easily read your private variables.
-Shawn
http://blogs.msdn.com/shawnfa
-- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- >From: "C P" <nospam@nospam.com> >Subject: Block the debugger from seeing values of variables >Date: Wed, 17 Mar 2004 15:44:40 -0500 >Lines: 14 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <uCKGsDGDEHA.2768@tk2msftngp13.phx.gbl> >Newsgroups: microsoft.public.dotnet.security >NNTP-Posting-Host: d36-15-143.home1.cgocable.net 24.36.15.143 >Path: cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5420 >X-Tomcat-NG: microsoft.public.dotnet.security > >I'm creating some classes that will use a strongly-typed DataSet that I'm >going to load from an XML file that I've encrypted. A 3rd party will be >using my classes, but I'd like to keep them from seeing the contents of this >DataSet. I will be sending the 3rd party my classes in a pre-compiled >assembly. What I'm not clear on is if they will be able to see the values >of the private fields of my classes in their debugger? If they can, is >there any way to prevent this? The unencrypted version of my dataset will >only be available via private/internal fields, so if I can ensure the >debugger can't read this info I think I'll be set. (BTW, I'm using C#). > >Thanks, >Chris > > >
- Next message: Jonathan Ruckert: "RE: Impersonate User"
- Previous message: Jonathan Ruckert: "RE: Forms based security"
- In reply to: C P: "Block the debugger from seeing values of variables"
- Next in thread: C P: "Re: Block the debugger from seeing values of variables"
- Reply: C P: "Re: Block the debugger from seeing values of variables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
