Answer might be a bit opinion-based but really important to me as I am pretty sure that certutil is accurate. Not sure for c# MD5 class.
I have a zip file and to verify if it's correct, I want to find its MD5 hash value. This is to then extract the zip file and use its contents in my C# .Net Framework 4.8 console application.
I have currently asked clients (each client has a my men appointed for tech support) to use CertUtil -hashfile command to get the hash and verify it but now, I guess due to increase in clients, I must automate it in my app and give a relief to my men.
I am confused should I use CertUtil and get the output in a C# string using Process.Start() or should i use the .net framework's MD5 class.
C# app is deployed only on windows 10 and I have administrative access to it so not finding certutil isn't an excuse.
Using CertUtil it will be something like this:
public static bool check_correct_installation()
{
var md5Checksum = "";
var startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
FileName = "cmd.exe",
Arguments = $"/C CertUtil -hashfile \"{HolocronFolders["Root"]}\" MD5 | find /i /v \"md5\" | find /i /v \"certutil\"",
};
using var process = new Process {StartInfo = startInfo};
process.OutputDataReceived += (sender, e) => md5Checksum = e.Data;
process.Start();
var fileToRead = $"{HolocronFolders["Council"]}\\force.sith";
if (!File.Exists(fileToRead)) return false;
var sithForce = JsonSerializer.Deserialize<SithForce>(File.ReadAllText(fileToRead));
return sithForce != null && sithForce.Checksum.Md5.ToString() != md5Checksum.Trim();
}
Yes, opinion based, but still here is mine:
Well, you're launching 4(!) processes for each signature you create (cmd.exe, certutil.exe and 2x find.exe). That alone would drag me away from it.
Then, the MD5 classes are being used in a multitude of applications projects, I would say there is no objective way to distrust them, unless you have a proven example where they were "wrong" or an security advisory, etc. that says so.
Finally, the MD5 implementation uses the underlying Windows API (see here to look into the rabbit whole) anyway. So chances are that it uses the same code (in the end) aus CertUtil.exe.
As you said, this might be an opinion-based answer, however I don't see many issues with sticking to your use as you stated with the code. Searching on the internet, it seems that other people chose similar approach, too. Give it a try!
Related
So I am trying to write a cd -like program that can be executed using cmd and after it exits the working directory of the calling cmd process should be changed.
Now before this post is flagged as a duplicate: I am aware of this and this question that were asked for pretty much this exact problem but using Linux instead of Windows as well as being pretty broad and unspecific, and I am aware that similar limitations apply to Windows as well (changing the working directory of my process will not change the parent’s working directory).
There is actually is a working solution to this for linux. However it is using gdb for this, and I would like to achieve this task using only built-in Windows utilities (WinAPI, dotNET, etc.).
What I have tried so far
I did manage to use Cheat Engine and the OpenProcess() / WriteProcessMemory() WinAPI funtions to successfully override cmd's working directory. However this solution feels sloppy and doesn't work well (or at least requires more work to be put into.)
My question
Is there a different (maybe simpler?) way on Windows to achieve this? Like a way to invoke/inject code to the cmd process to execute cd whatever\directory\I\want directly without overriding its memory? I have seen the CreateRemoteThread() functions however I didn't manage to find a way to put them to use.
FYI: I am mainly using C# but C/C++ solutions should help too as long as they are based on the native Microsoft libraries.
This post describes a Windows implementation of a function that launches a child process, creates pipes to stdin and stdout from which a command is sent, and a response is returned. Finally, once all response is captured the child process is terminated. If this sounds familiar it is similar in concept to Linux's popen() function with the exception that this implementation was specifically created to capture the response into a buffer of any command that returns one. (Also included is a variant for use when no-response is expected or needed.)
The full source can be adapted for use within a standalone executable, or as an API. (.dll) Either way, the resulting functions accept and process any command using standard Windows CMD syntax. The function cmd_rsp(...) returns the Windows response via stdout into a self-sizing buffer.
The exported prototypes are:
int __declspec(dllexport) cmd_rsp(const char *command, char **chunk, unsigned int size);
int __declspec(dllexport) cmd_no_rsp(const char *command);
A simple use case when capturing a response:
#include "cmd_rsp.h"
int main(void)
{
char *buf = {0};
buf = calloc(100, 1);//initialize to some initial size
if(!buf)return 0;
cmd_rsp("dir /s", &buf, 100);//buffer will grow to accommodate response as needed.
printf("%s", buf);
free(buf);
return 0;
}
A simple use case when response is not needed:
#include "cmd_rsp.h"
int main(void)
{
cmd_no_rsp("cd C:\\dir1\\dir2");
return 0;
}
A detailed description of purpose and usage is described in the link provided above. To illustrate, here are a few sample command inputs, each in this case change the working directory, then execute a command from that directory:
A command to change to sqlite directory, then execute a query:
cd c:\\tempExtract\\sqlite\\Tools\\sqlite-tools-win32-x86-3250300 && sqlite3.exe .\\extract.db \"select * from event, eventdata where eventType=38 and eventdata .eventid=event.eventid\
A command to change to teraterm directory, then execute a script:
"c:\\Program Files (x86)\\teraterm\" && ttpmacro c:\\DevPhys\\LPCR_2\\play\\Play.ttl
A command to change directory then execute a command to send multiple digital acquisition channel settings.
cd C:\\Dir1\\Dir2\\Dir3\\support\\Exes\\WriteDigChannel && .\\WriteDigChannel.exe P1_CH0 1 && .\\WriteDigChannel.exe P1_C H0 0 && .\\WriteDigChannel.exe P1_CH0 1
A recursive directory search from a specified location:
cd C:\\dir1\\dir2 && dir /s /b
I got it working. As was suggested SendInput finally did the trick.
I used a combination of WinAPI calls to GetForegroundWindow() / SetForegroundWindow() and the Windows Forms System.Windows.Forms.SendKeys.SendWait() Method to achieve what I wanted:
Upon calling my cd-wrapper program (sd.exe) and providing my custom target directory (~/ home) it generates the corresponding command along with the "Enter-Pressed-Event" to be sent to it's parent cmd process.
Here's the complete C# code:
if (args.Length != 1)
{
Console.WriteLine(Directory.GetCurrentDirectory());
return;
}
string targetDirectory = args[0];
string command = string.Empty;
if (targetDirectory.Equals("~"))
{
command = #"pushd C:\Users\fred\Desktop";
}
else if (!Directory.Exists(targetDirectory))
{
Console.WriteLine("I/O Error: No such file or directory.");
return;
}
else
{
command = #"cd " + targetDirectory;
}
Target target = Target.Create(Process.GetCurrentProcess().GetParentProcess());
target.SendKeys(command + "{ENTER}", true);
Note that I kind of started to write a complete Framework for this and similar problems alongside this project that contains all my different approaches to this question and the low level WinAPI calls as well as the Extension methods to get the parent process :D
As it would be a bit overkill to paste all of it's code in this answer, here's the GitHub. If I can find the time I'll go ahead and optimize the code, but for now this'll do. Hope this helps anyone encountering a similar problem :)
Edit:
An even "cleaner" way is to use dll injection to directly make cmd switch it's working directory. While it is a lot harder to get working it has the advantage of not littering the cmd command history as compared to the approach described above. In addition to that cmd seems to be aware of any changes to it's current working directory, so it automatically updates the prompt text. Once I have a fully working example, that allows to dynamically specify the target directory I will post it here :)
Our organization utilizes VisualStudioOnline, GitHub and BitBucket for various repositories. I've been trying to figure out a way in c# to automate the pull of changes from various git repositories on a regular schedule. I've tried starting a process like this and then redirecting the standard input/output.
var p = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = #"C:\Program Files (x86)\Git\bin\sh.exe",
RedirectStandardInput = true,
UseShellExecute = false,
RedirectStandardOutput = true,
Arguments = "--login -i"
}
};
p.Start();
using (var so = p.StandardOutput)
{
using (var si = p.StandardInput)
{
if (si.BaseStream.CanWrite)
{
...
}
}
}
Inside of the block, I'm able to execute git commands like this:
si.WriteLine("cd \"P:/code/testapp\""); which navigates the git
shell to that directory
si.WriteLine("git rev-parse HEAD");
which will give me the latest hash of the repository at that location.
I can see the hash returned in the bash shell and can also read it in through the standard input like this var hash = so.ReadLine();
When I try to do si.WriteLint("git pull"); though, it asks for username and password, which I would expect, but that isn't done through the standard input/output. I can't us var prompt = so.ReadLine(); to get the prompt for username or password and I can't use si.WriteLine("username"); to input my password to the prompt.
I've tried a number of things to get this to work, but so far no luck.
WARNING: messy code ahead, just tried to quickly prototype something, not create a masterpiece
Attempt 1: used standard input/output redirects as shown above to try to write/read the prompts for username/password.
Attempt 2: attempt to get the ssh-agent process that is being utilized by the git bash and write to it
si.WriteLine("ssh-agent --help");
var sshAgentInfo = string.Empty;
var tmp = a.ReadLine();
while (a.Peek() != -1)
{
sshAgentInfo += tmp;
tmp = a.ReadLine();
}
var begPos = sshAgentInfo.IndexOf("SSH_AGENT_PID=", StringComparison.Ordinal);
begPos = begPos + "SSH_AGENT_PID=".Length;
var endPos = sshAgentInfo.IndexOf(";", begPos, StringComparison.Ordinal);
var processId = int.Parse(sshAgentInfo.Substring(begPos, endPos - begPos));
var sshProcess = Process.GetProcessById(processId);
sshProcess.StartInfo.RedirectStandardInput = true;
sshProcess.StartInfo.RedirectStandardInput = true;
using (var si1 = sshProcess.StandardInput) { ... }
Attempt 3: Utilize credential git config credential.helper wincred
This and four were very similar attempts. Again just trying to figure out how to set the password in either of these credential managers from the command line.
Attempt 4: Utilize Git-Credential-Manager-for-Windows
I've tried looking through the documentation here and it seems as though there is an enhancement request to do something along these lines.
Both of these seem to have similar problems to attempt one. The git shell seems to be invoking another process which handles the standard input and output separate from the git shell. The difference and hope I have for these last two though is, Is there a way to call into those credential managers directly to set username/passwords for different urls? In the .git directory, the config file has the credentials setting to tell it which manager to use and it stores the username and email in plain text.
If I invoke a git pull through the shell on the machine and enter my credentials once through that shell it seems to store them, but is there a way to allow users to enter their credentials through a website and then call into the manager through the command line to securely store that information for future automated use?
I also came across this. I haven't had a chance to try it yet, but is this a viable option for doing something like this?
Any help would be greatly appreciated.
On a Windows machine, is there a way to programmatically find out which application is responsible for opening files with a particular extension? Suppose I want to find out programmatically which application is responsible for opening .PDF files. (don't care if you have C# or VB.NET code)
Well, you will start out by looking in the registry in the following position:
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.pdf\OpenWithList
There will be one or more keys from a and onwards, which point to the program used for opening a file of that type:
using Microsoft.Win32;
var key = Registry.CurrentUser
.OpenSubKey("Software")
.OpenSubKey("Microsoft")
.OpenSubKey("Windows")
.OpenSubKey("CurrentVersion")
.OpenSubKey("Explorer")
.OpenSubKey("FileExts")
.OpenSubKey(".doc")
.OpenSubKey("OpenWithList");
var firstProgram = key.GetValue("a"); // E.g. Winword.exe
You might want to split the assignment to key into several statements with null checks ;-)
Hope this helps!
The command-line command ASSOC finds file associations, and the command FTYPE finds actions assigned to them:
C:\> assoc .docx
.docx=Word.Document.12
C:\> ftype Word.Document.12
Word.Document.12="C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
You can probably invoke them programmatically from any script.
From C#, you'd want to do something like this:
private string ShellCommand(string command)
{
var psi = new ProcessStartInfo("cmd", "/c " + command) {
RedirectStandardOutput = true,
CreateNoWindow = true
};
var p = Process.Start(psi);
return p.StandardOutput.ReadToEnd();
}
private string FindDefaultProgram(string extension)
{
assoc = ShellCommand("assoc " + extension).Split('=')[1];
program = ShellCommand("ftype " + assoc).Split('=')[1];
return program;
}
Haven't tested any of this, so take it with a grain of salt, but this should get you on the right track.
I won’t give you code but rather tell you where this information is stored – I’m sure you can figure out the rest on your own :)
So, all that data is stored inside the registry, in HKEY_CLASSES_ROOT. Taking .pdf as an example, there is a key .pdf which contains AcroExch.Document as it’s default value (on my setup at least).
Again in HKEY_CLASSES_ROOT there is a key AcroExch.Document\Shell\Open\Command and that one contains "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe" "%1" as its value. And that’s what is being used on my computer to open a PDF file.
I using C# .NET , vs 2008 , .net 3.5
For me, is difficult, but I need sample code in C# for this:
Check if a file or a folder is in use
If file or a folder is in use, the name of Process that use it
For example, in my issue.
I try delete file, and I get "The process cannot access the file 'XYZ' because it is being used by another process." Exception.
File.Delete(infoFichero.Ruta);
I want check if a file is in use, and the name of Process that use it.
I need sample code, source code, please. I dont want use c++, I dont know c, c++, unmanaged code, or WinApi. I want use only C# code (managed code .net).
I have read several references but not get sample code source,
How to check if a file is in use?
Emulate waiting on File.Open in C# when file is locked
http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/9dabc172-237a-42db-850e-ada08885a5d5
How to check if a file is in use?
Easiest way to read text file which is locked by another application
Using C# is it possible to test if a lock is held on a file
EDIT:
From Yan Jun - MSFT
string path = "D:\\temp2.xlsx";
foreach (Process c in Process.GetProcesses()) {
if (c.MainWindowTitle.Contains(Path.GetFileName(path))){
MessageBox.Show(c.ProcessName);
return;
}
}
try{
FileInfo f = new FileInfo(path);
f.Delete();
}
catch (Exception ex){
MessageBox.Show(ex.Message);
}
...
But it is difficult get solution for all 100% issues.
Problem if c.MainWindowTitle == null or not contains filename.
Problem for shared folder in another machine, PC, server,... like:
File.Delete(#\desiis\TEmporal\Project\script.targets);
any sample code, I ask for help gurus, MVPs, anyone.
UPDATE: the same issue for a folder
There's not going to be a way to find the process that has the file opened without stepping into the WinApi, I don't think. And as far as checking whether its in use, the only thing you can really do, as the SO questions you linked to state, is to wrap the file access attempts in a try/catch block.
The code to find which file has it opened is likely to be ugly, but there may be an API out there that wraps this up nicely. There are 3rd party utilities that will tell you this (Unlocker being the best known example). You can also use ProcessExplorer to search for open file handles by the filename. Those don't really help you though.
The short answer of what I'm trying to get across here is you have the answer for the first part of your question in the SO questions you already linked, and the second part would probably require WIN32 calls, which you want to avoid, but you're probably going to have to get your hands dirty in Win32... Still want help?
EDIT: You could shell out to sysinternals Handle utility. You would need to get the output of that command and parse it yourself. You can read the executed process's output like this
string result = proc.StandardOutput.ReadToEnd();
The issue with this is you're going to get a license agreement popup the first time you run the Handle utility. Not to mention the whole licensing issues if this is something you hope to deploy...
If you're still interested, I can show you how you'd go about this.
EDIT: Here's a runnable program that will find the exe name and pid of any program that has an open handle to a file. I added comments, but can elaborate further if necessary. I use Regular Expressions here to parse the output as that makes the most sense given the task at hand.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Text.RegularExpressions;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
ProcessStartInfo si = new ProcessStartInfo();
si.FileName = "handle.exe"; //name of the handle program from sysinternals
//assumes that its in the exe directory or in your path
//environment variable
//the following three lines are required to be able to read the output (StandardOutput)
//and hide the exe window.
si.RedirectStandardOutput = true;
si.WindowStyle = ProcessWindowStyle.Hidden;
si.UseShellExecute = false;
si.Arguments = "test.xlsx"; //this is the file you're trying to access that is locked
//these 4 lines create a process object, start it, then read the output to
//a new string variable "s"
Process p = new Process();
p.StartInfo = si;
p.Start();
string s = p.StandardOutput.ReadToEnd();
//this will use regular expressions to search the output for process name
//and print it out to the console window
string regex = #"^\w*\.EXE";
MatchCollection matches = Regex.Matches(s, regex, RegexOptions.Multiline);
foreach (var match in matches)
{
Console.WriteLine(match);
}
//this will use regex to search the output for the process id (pid)
//and print it to the console window.
regex = #"pid: (?<pid>[0-9]*)";
matches = Regex.Matches(s, regex, RegexOptions.Multiline);
foreach (var obj in matches)
{
Match match = (Match)obj; //i have to cast to a Match object
//to be able to get the named group out
Console.WriteLine(match.Groups["pid"].Value.ToString());
}
Console.Read();
}
}
}
There is no purely managed way to do this. You have to use some low-level APIs through P/invoke or similar.
There's good information here on a way to do it, but it's C++ code. You'd have to do the porting yourself.
http://www.codeproject.com/KB/shell/OpenedFileFinder.aspx
Note there are some complex issues with this, namely the issues around kernel vs. userspace memory. This is not a simple problem you're trying to solve.
Try the windows Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Won't let you do it from code, but at least you can figure out what the source of your locks are.
I would like to take a file that is an IL file, and at run time compile it back to an exe.
Right now I can use process.start to fire off the command line with parameters (ilasm.exe) but I would like to automate this process from a C# service I will create.
Is there a way to do this with reflection and reflection.emit?
While this works:
string rawText = File.ReadAllText(string.Format("c:\\temp\\{0}.il", Utility.GetAppSetting("baseName")), Encoding.ASCII);
rawText = rawText.Replace("[--STRIP--]", guid);
File.Delete(string.Format("c:\\temp\\{0}.il", Utility.GetAppSetting("baseName")));
File.WriteAllText(string.Format("c:\\temp\\{0}.il", Utility.GetAppSetting("baseName")),rawText, Encoding.ASCII);
pi = new ProcessStartInfo();
pi.WindowStyle = ProcessWindowStyle.Hidden;
pi.FileName = "\"" + ilasm + "\"";
pi.Arguments = string.Format("c:\\temp\\{0}.il", Utility.GetAppSetting("baseName"));
using(Process p = Process.Start(pi))
{
p.WaitForExit();
}
It is not ideal as I really would like this to be a streamlined process.
I have seen examples of creating the IL at runtime, then saving, but I need to use the IL I already have in file form and compile it back to an exe.
Thanks.
What do you mean by a "streamlined process"? Is it not performing well enough for you? I know it feels slightly dirty to spawn a separate process, but it's the simplest way I can think of. With the appropriate permissions you should still be able to do this from a service.
You want something like CSharpCodeProvider but for IL; I don't know of any such class, I'm afraid.
Actually, many obfuscators, like preemtive and BitHelmet uses ilasm.exe and Process. I think it is the best strategy.