473,473 Members | 2,122 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

MSIL Not Coding String Variables

See This Code
================================================== =====
..method private specialname rtspecialname static
void .cctor() cil managed
{
// Code size 52 (0x34)
.maxstack 8
IL_0000:
ldstr "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
IL_0005: call string [System.Windows.Forms]
System.Windows.Forms.Application::get_StartupPath( )
IL_000a: ldstr "/sel.mdb;Jet OLEDB:Database
Password=sba "
IL_000f: call string [mscorlib]
System.String::Concat(string,

string,

string)
IL_0014: stsfld string sel.Module1::sConStr
IL_0019: ldsfld string sel.Module1::sConStr
IL_001e: newobj instance void [System.Data]
System.Data.OleDb.OleDbConnection::.ctor(string)
IL_0023: stsfld class [System.Data]
System.Data.OleDb.OleDbConnection sel.Module1::oCnn
IL_0028: ldstr "C:\\windows\\pas"
IL_002d: stsfld string sel.Module1::ahmed
IL_0032: nop
IL_0033: ret
} // end of method Module1::.cctor
================================================== =====

Notice That ConnectionString Is Readable
And I Can Get PassWord Very Easy
So We can any Secured Database From MSIL Language
Realy It's Big Problem
Please Advice Me To Protect My Programs
Thanks

Nov 20 '05 #1
2 1181
If you open a regular PE program in a hex editor, you can see all literal
string values just as plainly. Compile a C++ or VB6 program with a
connection string, open it in a hex editor, and you'll see what I mean.

There are several ways to protect the data from casual inspection. Check out
the encryption classes for starters (System.Security.Cryptography
namespace).

-Rob Teixeira [MVP]

<az**********@hotmail.com> wrote in message
news:00****************************@phx.gbl...
See This Code
================================================== =====
.method private specialname rtspecialname static
void .cctor() cil managed
{
// Code size 52 (0x34)
.maxstack 8
IL_0000:
ldstr "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
IL_0005: call string [System.Windows.Forms]
System.Windows.Forms.Application::get_StartupPath( )
IL_000a: ldstr "/sel.mdb;Jet OLEDB:Database
Password=sba "
IL_000f: call string [mscorlib]
System.String::Concat(string,

string,

string)
IL_0014: stsfld string sel.Module1::sConStr
IL_0019: ldsfld string sel.Module1::sConStr
IL_001e: newobj instance void [System.Data]
System.Data.OleDb.OleDbConnection::.ctor(string)
IL_0023: stsfld class [System.Data]
System.Data.OleDb.OleDbConnection sel.Module1::oCnn
IL_0028: ldstr "C:\\windows\\pas"
IL_002d: stsfld string sel.Module1::ahmed
IL_0032: nop
IL_0033: ret
} // end of method Module1::.cctor
================================================== =====

Notice That ConnectionString Is Readable
And I Can Get PassWord Very Easy
So We can any Secured Database From MSIL Language
Realy It's Big Problem
Please Advice Me To Protect My Programs
Thanks

Nov 20 '05 #2
> Notice That ConnectionString Is Readable
And I Can Get PassWord Very Easy
So We can any Secured Database From MSIL Language
Realy It's Big Problem

Welcome to the world of security! Head on over to the MS patterns &
practices ( http://msdn.microsoft.com/patterns/ ) and check out the data
access patterns, there is one that extensivly discusses data access,
encrypting & storing connection strings etc...

( FYI, this problem is present in PE EXEs as well, its not new )

HTH,
Jeremy

Nov 20 '05 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
7
Assembling and Executing MSIL from C# Code
by: carl.manaster | last post by:
Hi, I'd like to take a string containing MSIL code, assemble it, execute it, and receive the result all from my running C# application. So far I've managed to manually create some MSIL code...
C# / C Sharp
4
Need a clear explanation of CLR,MSIL and JIT?
by: James dean | last post by:
My understanding is the MSIL runs on the CLR and the CLR is basically the JIT compiler plus Garbage collection. This part "MSIL runs on the CLR" is a bit vague to me can anyone give me a clearer...
C# / C Sharp
19
CSharp Coding Standards
by: auratius | last post by:
http://www.auratius.co.za/CSharpCodingStandards.html Complete CSharp Coding Standards 1. Naming Conventions and Styles 2. Coding Practices 3. Project Settings and Project Structure 4....
C# / C Sharp
4
Checking string for multiple values
by: ziycon | last post by:
I have a string passed in and I want to check validate it to make sure that multiple values don't exist at the start, the below would only check the entire string for the value??...
PHP
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us