CodeGuru123

Discussions

Subscribe to this feed

CodeGuru123

Profile

Adding Elements to XmlNode w/o XmlDocument
Nov 06, 2009 at 12:38 AM

Sven Groot said:

Simply use the XmlNode.OwnerDocument property to get a reference to the document that a particular node belongs to.

I suppose I could do that, but then that would spaghetti my code up.

With my method, I can take an xml node from any document, and parse it into my variables. Then, I can generate the xml node from within the class that uses those variables, and pass that node to any xml document handler class for storage.

Thus, I can easily store this node in the main applications xml config file, as well as create mini import/exmport templates in xml format for people to share their configs with others.

Adding Elements to XmlNode w/o XmlDocument

Nov 05, 2009 at 6:12 PM

Thanks for the reply.

Apparently you cannot simply create an XmlNode outside of an XmlDocument..

So, here is what I ended up doing.

Inside of my main config class, I have this property:

public XmlNode FormSettings
{
	get
	{
		return XmlDoc.DocumentElement.SelectSingleNode("/configuration/" + cfgSettings.formSettings);
	}
	set
	{
		XmlNode Root = XmlDoc.DocumentElement.SelectSingleNode("/configuration/" + cfgSettings.formSettings);
		if (Root == null)
		{
			Root = XmlDoc.DocumentElement.SelectSingleNode("/configuration");
			XmlNode newNode = XmlDoc.CreateNode(XmlNodeType.Element, cfgSettings.formSettings, "");
			Root = Root.AppendChild(newNode);
		}
		else
			Root.RemoveAll();
		for (int node = 0 ; node < value.ChildNodes.Count ; node++)
		{
			XmlElement Element = XmlDoc.CreateElement(value.ChildNodes[node].Name);
			for (int attrib = 0 ; attrib < value.ChildNodes[node].Attributes.Count ; attrib++)
				Element.SetAttribute(value.ChildNodes[node].Attributes[attrib].LocalName, value.ChildNodes[node].Attributes[attrib].Value);
			Root.AppendChild(Element); 
		}
	}
}

I can easily parse that node wherever I want, without needing a reference to xmlDoc.

This allows me to put all of the code to build/parse/manage a particular forms config inside of that form class itself, instead of having to put it in the main applicaitons config file class.

To build a node I use the following code:

public XmlNode ConvertToXmlNode()
{
	XmlDocument xmlDoc = new XmlDocument();

	System.Xml.XmlNode Node = xmlDoc.CreateNode(XmlNodeType.Element, "Config", "");

	System.Xml.XmlElement Element = null;

	Element = xmlDoc.CreateElement("Image"); Element.SetAttribute("value", Image); Node.AppendChild(Element);
	
Element = xmlDoc.CreateElement("Background_Color"); Element.SetAttribute("value", Background_Color.ToArgb().ToString()); Node.AppendChild(Element);

	Element = xmlDoc.CreateElement("AntiAlias"); Element.SetAttribute("value", AntiAlias.ToString()); Node.AppendChild(Element);

	return Node;
}

This works very well and makes managing code and configs for many diferent forms much easier than the previous method where I defined all of the configurable params inside of the parent xml/cfg class itself.

Now I can easily insert/remove forms/modules to my app without having to hack up a config class as well with a ton of properties.

I hope this helps someone searching in the future...

Adding Elements to XmlNode w/o XmlDocument
Nov 05, 2009 at 3:40 PM

I'm stumped on this one, been googling for hours...

I have a central xmldoc that I use to store all of my app settings, etc..

What I'm trying to do is simply pull an entire node from that file into one of my child forms where I can parse it out.

In the child form I also want to build a new node from new settings and pass it back into my central xmldoc config.

I need to do this without holding a reference to the parent xmlDoc.

I simply want to build an xmlNode from scratch, but I cannot figure out how without using XmlDoc to .CreateElement();

Certainly there has to be a way to XmlNode.CreateElemenet or XmlNode.AppendChild(new xmlElement())...

Any pointers would be much apperciated.

Thanks a bunch!
Methods of protecting .net exe's from decompilation?
Mar 30, 2008 at 7:39 PM

evildictaitor wrote:

If you're releasing complex algorithms (such as compilers, or solution solvers or hashes or implementing protected network protocols) which might legitimately be sought after with the intent of gaining knowledge or algorihms (but not code) then you should be looking to build those algorithms in C and use a commercial grade obfuscatior over it.

Bingo.

We do exactly that for the VERY sensitive algo's we include in our app.

We also do include a hardware key for some sensitive algo's too, however our app requires a crippled functionality w/o the hardware key so we're forced to do the method you described as well.
Methods of protecting .net exe's from decompilation?
Mar 30, 2008 at 7:35 PM

Its not arrogance. Please don't be so close minded.

We develop software tools that interface with hardware built by others..

(These are just examples to get open your thought processes)
For example, it could be iPods, cell phones, pda's, etc.. devices built by vendors who we have no communication with and in many cases do not even know about us.

So in our src is methods and keys to access these "devices". So yes, to do what we do you would have to write the SAME exact code as there is one and only one way to do these things. These keys and methods are also not published by the manufacturers and are VERY, i repeat _VERY_ hard to come by.

And I know someone is going to say to put these secure pieces in a native dll or something else.. however the methods and keys are not as simple as you would think. They are actually very complicated and are really embedded into the parent .net program. To extract them into a seperate DLL would really muck up the entire program structure..

I think the list I came up with on the first page is a great list.
prevents viewing the MSIL from both a reflector type app and also via RAM dumpers.
Packs the exe into a loader application that isn't easily unpacked.
Prevents .net extraction via modification of the native core .net dll's.
Prevents debugger attachments, softice, etc...
Disables .NET profiling
Protects against ProcDump
Does not require packing the entire .net framework into the exe to achieve the above protection
Also, if you think that list is unrealistic, there is an app on the first page that does the above. It is also the most expensive one listed by far. I'm looking for more options.

Edit: I know a lot of you are trying to help.. As if I was your "average" coder trying to protect something that didn't need to be protected, or wasn't informed about software security. I know I didn't provide ALL the facts in my original post either, I didn't feel I needed to.

I'd love for this thread to be about my original question though, methods for protecting .net applications. Lets pretend the reasons for protecting the .net app are not important but instead discuss ways to do so, for even the most simple "hello world" application.

Methods of protecting .net exe's from decompilation?

Mar 30, 2008 at 12:04 PM

Its the industry I'm in..

We deal in low volume sales and our product caters to a specific market. We're able to stay ahead of our competition because we have resources that make us able to develop new products in our industry before our competitors do.

Due to the nature of our product, it would be very easy for our competitors to gain key info from reversing our product which would allow them to tap into new customer bases.

By protecting our product the way we do, the amount of time it would take to crack is similar to the amount of time it would take to develop the new products the hard way.. the way we currently do.

If we released our application in unprotected .net form, it would be only a matter of time before our market share was decreased substantially due to the fact that we'd lose our edge of being first to market. We might still be first, but the second to market companies would follow very shortly after us, unlike now where we have a year or so or more...

Methods of protecting .net exe's from decompilation?

Mar 30, 2008 at 10:47 AM

I understand that no method of software protection is completely secure, and I'm not asking for such.

My goal is to protect my investments and make it more difficult (not impossible) for would be crackers to break.

I have a solution that works very well for me now, its one of the ones already listed in this thread.. however I'm not sure about the future of this solution as an option for us, as their prices and methods of licensing are drastically changing.

The ideal solution for me, and for many .net users I'd imagine is something that:

prevents viewing the MSIL from both a reflector type app and also via RAM dumpers.
Packs the exe into a loader application that isn't easily unpacked.
Prevents .net extraction via modification of the native core .net dll's.
Prevents debugger attachments, softice, etc...
Disables .NET profiling
Protects against ProcDump
Does not require packing the entire .net framework into the exe to achieve the above protection

That is my ideal list. I'm just trying to come up with a list of solutions that achieve this type of protection.

According to my research, CodeVeil has unpackers available. Sad

Methods of protecting .net exe's from decompilation?

Mar 29, 2008 at 11:09 AM

I take it your just trying to help.

I'm not asking for assistance as to if I need .net protection, I know I do. I'm asking what options others use.

The industry I am in is very competative. There have been src leaks and startups from reversing.. its real tough.

We use .net as its real easy to develop GUI based applications, much quicker than it is in C or using other dev tools.

I look forward to when a main stream vendor releases a product in .net, should be very interesting.

Methods of protecting .net exe's from decompilation?

Mar 28, 2008 at 9:33 PM

figuerres wrote:

first thing I always ask is why?
then what is the risk?
what is the benefit?
what is the cost?
what is the audience (users, who, sales market)?

most of the time the users are not going to mess with the code and the cost far outweighs the benefit.

if the users are tech-savy hacker types then the same thing happens as a determined cracker will break any protection if they are willing to spend the time and effort.

I often see similar types of responses when people ask about protecting their source..

I guess some people simply don't understand..

For a small operation like mine, code security is key to our business future. If we were to release our product in unencrypted .net, our competitors would gain substantial IP to help rocket them into markets where we already exist, and if our .net app could easily be reversed many new competitors would pop up.

You see, not everybody is a adobe, or microsoft, or even winzip or nero...

Some outfits have a lot of development time invested into developing product for consumers that have no current available options.. We invest heavily to make a product that most of the time, others don't know how to do. Again, if we released our .net unprotected well then these others would pop up out of the wood work.

Now, most people say, well you provide great customer service and a great product and you won't have to worry about that. That only works if your target consumer is willing to pay the premium for those services. If your target consumer (unfortunately) wants the product at the lowest price that argument goes right out the door.

Methods of protecting .net exe's from decompilation?

Mar 28, 2008 at 11:36 AM

I'm not looking for obfuscators.. I use commercial dotfuscator and it seems to do the job that all dotfuscators do..

However, what other options are there from preventing our .net exe's being reversed?

I know of solutions like:
thinstall
remotesoft
http://www.xheo.com/products/codeveil/default.aspx
.NET Reactor
smartassembly

But are there any others?

I know some say to put your protected IP into native .dll's and invoke them, however if your calling .net exe is still reversable, the methods of accessing/using that .dll are still visible.

Thanks.