Related
How would you write this type of struct in c#?
struct _JOBOBJECT_BASIC_PROCESS_ID_LIST {
DWORD NumberOfAssignedProcesses;
DWORD NumberOfProcessIdsInList;
ULONG_PTR ProcessIdList[1];
}
sins there is no set size for the ProcessIdList array, what do you do? Do you just write it like this:
[StructLayout(LayoutKind.Sequential)]
struct JOBOBJECT_BASIC_PROCESS_ID_LIST
{
int NumberOfAssignedProcesses;
int NumberOfProcessIdsInList;
IntPtr ProcessIdList; //Must point to a allocated array, thanks jdweng for letting me know.
}
or do you just assign a size which is big enough, e.g.:
[StructLayout(LayoutKind.Sequential)]
struct JOBOBJECT_BASIC_PROCESS_ID_LIST
{
int NumberOfAssignedProcesses;
int NumberOfProcessIdsInList;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = MAX_PATH)]
UIntPtr[] ProcessIdList; //Works just fine, but is limited to the SizeConst.
}
This sort of structure is usually declared (there are others like this one in WLan APIs for example) :
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct JOBOBJECT_BASIC_PROCESS_ID_LIST
{
public int NumberOfAssignedProcesses;
public int NumberOfProcessIdsInList;
public IntPtr[] ProcessIdList;
public JOBOBJECT_BASIC_PROCESS_ID_LIST(IntPtr pList)
{
int nIntSize = Marshal.SizeOf<int>(); // 4
NumberOfAssignedProcesses = Marshal.ReadInt32(pList, 0);
NumberOfProcessIdsInList = Marshal.ReadInt32(pList, nIntSize);
ProcessIdList = new IntPtr[NumberOfProcessIdsInList];
for (int i = 0; i < NumberOfProcessIdsInList; i++)
{
IntPtr pItemList = IntPtr.Zero;
if (Marshal.SizeOf<IntPtr>() == 4)
pItemList = new IntPtr(pList.ToInt32() + (i * Marshal.SizeOf<IntPtr>()) + (nIntSize * 2));
else
pItemList = new IntPtr(pList.ToInt64() + (i * Marshal.SizeOf<IntPtr>()) + (nIntSize * 2));
IntPtr nPID = new IntPtr();
nPID = Marshal.ReadIntPtr(pItemList, 0);
ProcessIdList[i] = nPID;
}
}
}
A test with 5 Notepad launched and assigned to a job with JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE,
then QueryInformationJobObject to enumerate the PIDs by using this structure =>
private IntPtr hJob = IntPtr.Zero;
bool bRet = false;
hJob = CreateJobObject(IntPtr.Zero, "Test Job Object");
JOBOBJECT_EXTENDED_LIMIT_INFORMATION jbeli = new JOBOBJECT_EXTENDED_LIMIT_INFORMATION();
jbeli.BasicLimitInformation.LimitFlags |= (JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE | JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK | JOB_OBJECT_LIMIT_BREAKAWAY_OK);
int nLength = Marshal.SizeOf(typeof(JOBOBJECT_EXTENDED_LIMIT_INFORMATION));
IntPtr pJobInfo = Marshal.AllocHGlobal(nLength);
Marshal.StructureToPtr(jbeli, pJobInfo, false);
SetInformationJobObject(hJob, JOBOBJECTINFOCLASS.JobObjectExtendedLimitInformation, pJobInfo, (uint)nLength);
Marshal.FreeHGlobal(pJobInfo);
int nNbProcesses = 5;
for (int i = 0; i < nNbProcesses; i++)
{
using (Process exeProcess = new Process())
{
exeProcess.StartInfo.FileName = "notepad";
exeProcess.Start();
exeProcess.WaitForInputIdle();
IntPtr hProcess = exeProcess.Handle;
bRet = AssignProcessToJobObject(hJob, hProcess);
}
}
JOBOBJECT_BASIC_PROCESS_ID_LIST jobpil = new JOBOBJECT_BASIC_PROCESS_ID_LIST();
jobpil.NumberOfAssignedProcesses = nNbProcesses;
int nSize = Marshal.SizeOf<JOBOBJECT_BASIC_PROCESS_ID_LIST>() + (nNbProcesses - 1) * Marshal.SizeOf<IntPtr>();
IntPtr pJobpil = Marshal.AllocHGlobal(nSize);
Marshal.StructureToPtr(jobpil, pJobpil, false);
int nReturnLength = 0;
bRet = QueryInformationJobObject(hJob, JOBOBJECTINFOCLASS.JobObjectBasicProcessIdList, pJobpil, nSize, out nReturnLength);
if (bRet)
{
var processidlist = new JOBOBJECT_BASIC_PROCESS_ID_LIST(pJobpil);
foreach (var pid in processidlist.ProcessIdList)
{
Console.WriteLine("PID: {0}", pid.ToString());
}
}
else
{
int nErr = Marshal.GetLastWin32Error();
Win32Exception win32Exception = new Win32Exception(nErr);
this.Activate();
MessageBox.Show("Error: " + win32Exception.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
Marshal.FreeHGlobal(pJobpil);
// CloseHandle can be added in Form1_FormClosed :
private void Form1_FormClosed(object sender, FormClosedEventArgs e)
{
CloseHandle(hJob);
}
Declarations =>
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern IntPtr CreateJobObject(IntPtr lpJobAttributes, string lpName);
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool SetInformationJobObject(IntPtr hJob, JOBOBJECTINFOCLASS JobObjectInfoClass, IntPtr lpJobObjectInfo, uint cbJobObjectInfoLength);
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool AssignProcessToJobObject(IntPtr hJob, IntPtr hProcess);
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool CloseHandle(IntPtr hObject);
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool QueryInformationJobObject(IntPtr hJob, JOBOBJECTINFOCLASS JobObjectInformationClass, [Out, MarshalAs(UnmanagedType.SysUInt)] IntPtr lpJobObjectInformation, int cbJobObjectInformationLength, out int lpReturnLength);
[StructLayout(LayoutKind.Sequential)]
struct JOBOBJECT_BASIC_LIMIT_INFORMATION
{
public ulong PerProcessUserTimeLimit;
public ulong PerJobUserTimeLimit;
public int LimitFlags;
public IntPtr MinimumWorkingSetSize;
public IntPtr MaximumWorkingSetSize;
public int ActiveProcessLimit;
public IntPtr Affinity;
public int PriorityClass;
public int SchedulingClass;
}
[StructLayout(LayoutKind.Sequential)]
struct IO_COUNTERS
{
public ulong ReadOperationCount;
public ulong WriteOperationCount;
public ulong OtherOperationCount;
public ulong ReadTransferCount;
public ulong WriteTransferCount;
public ulong OtherTransferCount;
}
[StructLayout(LayoutKind.Sequential)]
struct JOBOBJECT_EXTENDED_LIMIT_INFORMATION
{
public JOBOBJECT_BASIC_LIMIT_INFORMATION BasicLimitInformation;
public IO_COUNTERS IoInfo;
public IntPtr ProcessMemoryLimit;
public IntPtr JobMemoryLimit;
public IntPtr PeakProcessMemoryUsed;
public IntPtr PeakJobMemoryUsed;
}
//
// Basic Limits
//
public const int JOB_OBJECT_LIMIT_WORKINGSET = 0x00000001;
public const int JOB_OBJECT_LIMIT_PROCESS_TIME = 0x00000002;
public const int JOB_OBJECT_LIMIT_JOB_TIME = 0x00000004;
public const int JOB_OBJECT_LIMIT_ACTIVE_PROCESS = 0x00000008;
public const int JOB_OBJECT_LIMIT_AFFINITY = 0x00000010;
public const int JOB_OBJECT_LIMIT_PRIORITY_CLASS = 0x00000020;
public const int JOB_OBJECT_LIMIT_PRESERVE_JOB_TIME = 0x00000040;
public const int JOB_OBJECT_LIMIT_SCHEDULING_CLASS = 0x00000080;
//
// Extended Limits
//
public const int JOB_OBJECT_LIMIT_PROCESS_MEMORY = 0x00000100;
public const int JOB_OBJECT_LIMIT_JOB_MEMORY = 0x00000200;
public const int JOB_OBJECT_LIMIT_JOB_MEMORY_HIGH = JOB_OBJECT_LIMIT_JOB_MEMORY;
public const int JOB_OBJECT_LIMIT_DIE_ON_UNHANDLED_EXCEPTION = 0x00000400;
public const int JOB_OBJECT_LIMIT_BREAKAWAY_OK = 0x00000800;
public const int JOB_OBJECT_LIMIT_SILENT_BREAKAWAY_OK = 0x00001000;
public const int JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE = 0x00002000;
public const int JOB_OBJECT_LIMIT_SUBSET_AFFINITY = 0x00004000;
public const int JOB_OBJECT_LIMIT_JOB_MEMORY_LOW = 0x00008000;
public enum JOBOBJECTINFOCLASS
{
JobObjectBasicAccountingInformation = 1,
JobObjectBasicLimitInformation,
JobObjectBasicProcessIdList,
JobObjectBasicUIRestrictions,
JobObjectSecurityLimitInformation, // deprecated
JobObjectEndOfJobTimeInformation,
JobObjectAssociateCompletionPortInformation,
JobObjectBasicAndIoAccountingInformation,
JobObjectExtendedLimitInformation,
JobObjectJobSetInformation,
JobObjectGroupInformation,
JobObjectNotificationLimitInformation,
JobObjectLimitViolationInformation,
JobObjectGroupInformationEx,
JobObjectCpuRateControlInformation,
JobObjectCompletionFilter,
JobObjectCompletionCounter,
JobObjectReserved1Information = 18,
JobObjectReserved2Information,
JobObjectReserved3Information,
JobObjectReserved4Information,
JobObjectReserved5Information,
JobObjectReserved6Information,
JobObjectReserved7Information,
JobObjectReserved8Information,
JobObjectReserved9Information,
JobObjectReserved10Information,
JobObjectReserved11Information,
JobObjectReserved12Information,
JobObjectReserved13Information,
JobObjectReserved14Information = 31,
JobObjectNetRateControlInformation,
JobObjectNotificationLimitInformation2,
JobObjectLimitViolationInformation2,
JobObjectCreateSilo,
JobObjectSiloBasicInformation,
JobObjectReserved15Information = 37,
JobObjectReserved16Information,
JobObjectReserved17Information,
JobObjectReserved18Information,
JobObjectReserved19Information = 41,
JobObjectReserved20Information,
MaxJobObjectInfoClass
}
I think any of the ways you mentioned should work.
In addition, there is a matching feature in c#: Define an array with the fixed keyword:
struct JOBOBJECT_BASIC_PROCESS_ID_LIST
{
int NumberOfAssignedProcesses;
int NumberOfProcessIdsInList;
fixed IntPtr ProcessIdList[1];
}
See documentation:
https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/unsafe-code-pointers/fixed-size-buffers
Also no bounds check, so you should be able to read behind the end of the struckt easily:
Note
Except for memory created by using stackalloc, the C# compiler and the common language runtime (CLR) do not perform any security buffer overrun checks. As with all unsafe code, use caution.
I am using the below code to pass special keys using SendInput. I am facing one strange issue. If user sends any of Alt/Ctrl/Shift, the key remains pressed e.g. if user passes Alt + F4, the code runs properly and action is completed successfully but Alt key remains pressed. I need to manually click Alt key after the operation is completed. Please let me know to handle the same in the code itself. Below is the code used to send special keys.
namespace RemoteDesktopSendKeys
{
class Program
{
struct INPUT
{
public INPUTType type;
public INPUTUnion Event;
}
[StructLayout(LayoutKind.Explicit)]
struct INPUTUnion
{
[FieldOffset(0)]
internal MOUSEINPUT mi;
[FieldOffset(0)]
internal KEYBDINPUT ki;
[FieldOffset(0)]
internal HARDWAREINPUT hi;
}
[StructLayout(LayoutKind.Sequential)]
struct MOUSEINPUT
{
public int dx;
public int dy;
public int mouseData;
public int dwFlags;
public uint time;
public IntPtr dwExtraInfo;
}
[StructLayout(LayoutKind.Sequential)]
struct KEYBDINPUT
{
public ushort wVk;
public ushort wScan;
public KEYEVENTF dwFlags;
public int time;
public IntPtr dwExtraInfo;
}
[StructLayout(LayoutKind.Sequential)]
struct HARDWAREINPUT
{
public int uMsg;
public short wParamL;
public short wParamH;
}
enum INPUTType : uint
{
INPUT_KEYBOARD = 1
}
[Flags]
enum KEYEVENTF : uint
{
EXTENDEDKEY = 0x0001,
KEYUP = 0x0002,
SCANCODE = 0x0008,
UNICODE = 0x0004
}
[DllImport("user32.dll", SetLastError = true)]
static extern UInt32 SendInput(int numberOfInputs, INPUT[] inputs, int sizeOfInputStructure);
[DllImport("user32.dll")]
public static extern IntPtr GetMessageExtraInfo();
[System.Runtime.InteropServices.DllImport("user32.dll")]
internal static extern uint MapVirtualKey(uint uCode, uint uMapType);
private const int KEYEVENTF_KEYUP1 = 0x0002;
[DllImport("user32.dll")]
static extern void keybd_event(byte bVk, byte bScan, int dwFlags, int dwExtraInfo);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
internal static extern int MapVirtualKey(int uCode, int uMapType);
static void Main(string[] args)
{
Thread.Sleep(3000);
int[] keyboardStrokes = { (int)Keys.LMenu,(int)Keys.F4 };
//int[] keyboardStrokes = { (int)Keys.ControlKey, (int)Keys.A };
SendSpecialKeys("test", keyboardStrokes);
//SendSpecialKeys("F5",keyboardStrokes);
}
private static void SendSpecialKeys(string text, int[] modifiers)
{
List<int> arrKeys = new List<int>();
Keys key;
if (modifiers != null && modifiers.Length > 0)
{
for (int i = 0; i < modifiers.Length; i++)
{
arrKeys.Add(modifiers[i]);
}
}
if (!string.IsNullOrEmpty(text))
{
if (Enum.TryParse(text, out key))
arrKeys.Add((int)key);
else
SendText(text);
}
System.Threading.Thread.Sleep(1000);
int[] arrKeyStrokes = arrKeys.ToArray();
INPUT[] inputs = new INPUT[arrKeyStrokes.Length + 1];
for (int i = 0; i < arrKeyStrokes.Length; i++)
{
uint skey = MapVirtualKey((uint)arrKeyStrokes[i], (uint)0x0);
inputs[i].type = INPUTType.INPUT_KEYBOARD;
inputs[i].Event.ki.dwFlags = KEYEVENTF.SCANCODE;
inputs[i].Event.ki.wScan = (ushort)skey;
}
inputs[arrKeyStrokes.Length].type = INPUTType.INPUT_KEYBOARD;
inputs[arrKeyStrokes.Length].Event.ki.dwFlags = KEYEVENTF.SCANCODE;
inputs[arrKeyStrokes.Length].Event.ki.dwFlags |= KEYEVENTF.KEYUP;
SendInput(inputs.Length, inputs, Marshal.SizeOf(typeof(INPUT)));
}
public static void SendText(string text)
{
List<INPUT> kbInput = new List<INPUT>();
foreach (char c in text)
{
// Send a key down followed by key up.
foreach (bool keyUp in new bool[] { false, true })
{
INPUT input = new INPUT
{
type = INPUTType.INPUT_KEYBOARD,
Event = new INPUTUnion
{
// This will contain keyboard event information
ki = new KEYBDINPUT
{
wVk = 0,
wScan = c,
dwFlags = KEYEVENTF.UNICODE | (keyUp ? KEYEVENTF.KEYUP : 0),
dwExtraInfo = GetMessageExtraInfo(),
}
}
};
kbInput.Add(input);
}
}
// Call SendInputWindows API to send input
SendInput((int)kbInput.Count, kbInput.ToArray(), Marshal.SizeOf(typeof(INPUT)));
}
}
}
The following code can be used to release particular key. Below is the sample code to release control key.
uint ctrlkey = MapVirtualKey((uint)Keys.ControlKey, (uint)0x0);
inputs[index].type = INPUTType.INPUT_KEYBOARD;
inputs[index].Event.ki.dwFlags = KEYEVENTF.SCANCODE;
inputs[index].Event.ki.dwFlags |= KEYEVENTF.KEYUP;
inputs[index].Event.ki.wScan = (ushort)ctrlkey;
Need to make sure that proper key is released by passing index properly.
I try to programmatically enumerate the DHCP filters on my Windows 2012 R2 DHCP server. Using P/Invoke, the code looks like:
public const uint ERROR_SUCCESS = 0;
public const uint ERROR_MORE_DATA = 234;
public const uint ERROR_NO_MORE_ITEMS = 259;
public const int MAX_PATTERN_LENGTH = 255;
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DHCP_ADDR_PATTERN {
public bool MatchHWType;
public byte HWType;
public bool IsWildCard;
public byte Length;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = MAX_PATTERN_LENGTH)]
public byte[] Pattern;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DHCP_FILTER_ENUM_INFO {
public uint NumElements;
public IntPtr pEnumRecords;
}
public enum DHCP_FILTER_LIST_TYPE : uint {
Deny = 0x1,
Allow = 0x2
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct DHCP_FILTER_RECORD {
public DHCP_ADDR_PATTERN AddrPatt;
public string Comment;
}
[DllImport("dhcpsapi.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint DhcpEnumFilterV4(string ServerIpAddress,
ref DHCP_ADDR_PATTERN ResumeHandle, uint PreferredMaximum,
DHCP_FILTER_LIST_TYPE ListType, out IntPtr EnumFilterInfo,
out uint ElementsRead, out uint ElementsTotal);
public static IEnumerable<DHCP_FILTER_RECORD> DhcpEnumFilterV4(
string serverIpAddress, DHCP_FILTER_LIST_TYPE listType,
uint preferredMaximum = 1024) {
uint cntRead = 0;
uint cntTotal = 0;
uint error = ERROR_SUCCESS;
var hResume = new DHCP_ADDR_PATTERN();
var data = IntPtr.Zero;
var size = Marshal.SizeOf(typeof(DHCP_FILTER_RECORD));
do {
error = DhcpEnumFilterV4(serverIpAddress, ref hResume,
preferredMaximum, listType, out data, out cntRead,
out cntTotal);
//
// PROBLEM OCCURS HERE: 'error' is always 259
//
if ((error == ERROR_SUCCESS) || (error == ERROR_MORE_DATA)) {
var array = data.ToStructure<DHCP_FILTER_ENUM_INFO>();
for (uint i = 0; i < array.NumElements; ++i) {
var ptr = new IntPtr((long) array.pEnumRecords + i * size);
var obj = (DHCP_FILTER_RECORD) Marshal.PtrToStructure(ptr, typeof(DHCP_FILTER_RECORD));
yield return obj;
}
DhcpRpcFreeMemory(array.pEnumRecords);
DhcpRpcFreeMemory(data);
data = IntPtr.Zero;
} else if (error != ERROR_NO_MORE_ITEMS) {
Debug.Assert(data == IntPtr.Zero);
throw new Win32Exception((int) error);
}
} while (error == ERROR_MORE_DATA);
}
[DllImport("dhcpsapi.dll", SetLastError = true)]
public static extern void DhcpRpcFreeMemory(IntPtr BufferPointer);
The documentation (http://msdn.microsoft.com/en-us/library/windows/desktop/dd897526(v=vs.85).aspx) of the whole DHCP APIs is imho a bit sketchy, so I am not completely sure whether I am doing the right thing.
The problem is: I never get any results, DhcpEnumFilterV4 always returns ERROR_NO_MORE_ITEMS. Any suggestions?
I just stumbled over an important user comment regarding DHCP_FILTER_LIST_TYPE in MSDN (http://msdn.microsoft.com/en-us/library/windows/desktop/dd897586(v=vs.85).aspx). It seems that the definition of the enumeration in MSDN is wrong. The following
typedef enum {
Deny = 0x1, // This is wrong!
Allow = 0x2 // This is wrong!
} DHCP_FILTER_LIST_TYPE;
should be
typedef enum {
Deny = 0x0, // This is correct!
Allow = 0x1 // This is correct!
} DHCP_FILTER_LIST_TYPE;
Using the updated constants, my code works.
We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in this wonderful sample: How To Get Information from Authenticode Signed Executables
However we live in a managed world :) hence looking for C# solution to the same problem. Straight approach would be to pInvoke Crypt32.dll and all is done. But there is similar managed API in System.Security.Cryptography.X509Certificates Namespace. X509Certificate2 Class seems to provide some information but no timestamp. Now we came to the original question how can we get that timestamp of a digital signature in C Sharp?
Back to the original question, I could not find managed way so ended up using pInvoke as follows:
public static bool IsTimestamped(string filename)
{
try
{
int encodingType;
int contentType;
int formatType;
IntPtr certStore = IntPtr.Zero;
IntPtr cryptMsg = IntPtr.Zero;
IntPtr context = IntPtr.Zero;
if (!WinCrypt.CryptQueryObject(
WinCrypt.CERT_QUERY_OBJECT_FILE,
Marshal.StringToHGlobalUni(filename),
WinCrypt.CERT_QUERY_CONTENT_FLAG_ALL,
WinCrypt.CERT_QUERY_FORMAT_FLAG_ALL,
0,
out encodingType,
out contentType,
out formatType,
ref certStore,
ref cryptMsg,
ref context))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
//expecting contentType=10; CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
//Logger.LogInfo(string.Format("Querying file '{0}':", filename));
//Logger.LogInfo(string.Format(" Encoding Type: {0}", encodingType));
//Logger.LogInfo(string.Format(" Content Type: {0}", contentType));
//Logger.LogInfo(string.Format(" Format Type: {0}", formatType));
//Logger.LogInfo(string.Format(" Cert Store: {0}", certStore.ToInt32()));
//Logger.LogInfo(string.Format(" Crypt Msg: {0}", cryptMsg.ToInt32()));
//Logger.LogInfo(string.Format(" Context: {0}", context.ToInt32()));
// Get size of the encoded message.
int cbData = 0;
if (!WinCrypt.CryptMsgGetParam(
cryptMsg,
WinCrypt.CMSG_ENCODED_MESSAGE,//Crypt32.CMSG_SIGNER_INFO_PARAM,
0,
IntPtr.Zero,
ref cbData))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var vData = new byte[cbData];
// Get the encoded message.
if (!WinCrypt.CryptMsgGetParam(
cryptMsg,
WinCrypt.CMSG_ENCODED_MESSAGE,//Crypt32.CMSG_SIGNER_INFO_PARAM,
0,
vData,
ref cbData))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var signedCms = new SignedCms();
signedCms.Decode(vData);
foreach (var signerInfo in signedCms.SignerInfos)
{
foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
{
if (unsignedAttribute.Oid.Value == WinCrypt.szOID_RSA_counterSign)
{
//Note at this point we assume this counter signature is the timestamp
//refer to http://support.microsoft.com/kb/323809 for the origins
//TODO: extract timestamp value, if required
return true;
}
}
}
}
catch (Exception)
{
// no logging
}
return false;
}
and the WinCrypt.cs contains the following:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
namespace MyNamespace.Win32
{
static class WinCrypt
{
[StructLayout(LayoutKind.Sequential)]
public struct BLOB
{
public int cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ALGORITHM_IDENTIFIER
{
public String pszObjId;
BLOB Parameters;
}
[StructLayout(LayoutKind.Sequential)]
public struct CERT_ID
{
public int dwIdChoice;
public BLOB IssuerSerialNumberOrKeyIdOrHashId;
}
[StructLayoutAttribute(LayoutKind.Sequential)]
public struct SIGNER_SUBJECT_INFO
{
/// DWORD->unsigned int
public uint cbSize;
/// DWORD*
public System.IntPtr pdwIndex;
/// DWORD->unsigned int
public uint dwSubjectChoice;
/// SubjectChoiceUnion
public SubjectChoiceUnion Union1;
}
[StructLayoutAttribute(LayoutKind.Explicit)]
public struct SubjectChoiceUnion
{
/// SIGNER_FILE_INFO*
[FieldOffsetAttribute(0)]
public System.IntPtr pSignerFileInfo;
/// SIGNER_BLOB_INFO*
[FieldOffsetAttribute(0)]
public System.IntPtr pSignerBlobInfo;
}
[StructLayout(LayoutKind.Sequential)]
public struct CERT_NAME_BLOB
{
public uint cbData;
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)]
public byte[] pbData;
}
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_INTEGER_BLOB
{
public UInt32 cbData;
public IntPtr pbData;
}
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ATTR_BLOB
{
public uint cbData;
[MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 0)]
public byte[] pbData;
}
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ATTRIBUTE
{
[MarshalAs(UnmanagedType.LPStr)]
public string pszObjId;
public uint cValue;
[MarshalAs(UnmanagedType.LPStruct)]
public CRYPT_ATTR_BLOB rgValue;
}
[StructLayout(LayoutKind.Sequential)]
public struct CMSG_SIGNER_INFO
{
public int dwVersion;
private CERT_NAME_BLOB Issuer;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
BLOB EncryptedHash;
CRYPT_ATTRIBUTE[] AuthAttrs;
CRYPT_ATTRIBUTE[] UnauthAttrs;
}
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern Boolean CryptQueryObject(
int dwObjectType,
IntPtr pvObject,
int dwExpectedContentTypeFlags,
int dwExpectedFormatTypeFlags,
int dwFlags,
out int pdwMsgAndCertEncodingType,
out int pdwContentType,
out int pdwFormatType,
ref IntPtr phCertStore,
ref IntPtr phMsg,
ref IntPtr ppvContext);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern Boolean CryptMsgGetParam(
IntPtr hCryptMsg,
int dwParamType,
int dwIndex,
IntPtr pvData,
ref int pcbData
);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern Boolean CryptMsgGetParam(
IntPtr hCryptMsg,
int dwParamType,
int dwIndex,
[In, Out] byte[] vData,
ref int pcbData
);
[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptDecodeObject(
uint CertEncodingType,
UIntPtr lpszStructType,
byte[] pbEncoded,
uint cbEncoded,
uint flags,
[In, Out] byte[] pvStructInfo,
ref uint cbStructInfo);
public const int CRYPT_ASN_ENCODING = 0x00000001;
public const int CRYPT_NDR_ENCODING = 0x00000002;
public const int X509_ASN_ENCODING = 0x00000001;
public const int X509_NDR_ENCODING = 0x00000002;
public const int PKCS_7_ASN_ENCODING = 0x00010000;
public const int PKCS_7_NDR_ENCODING = 0x00020000;
public static UIntPtr PKCS7_SIGNER_INFO = new UIntPtr(500);
public static UIntPtr CMS_SIGNER_INFO = new UIntPtr(501);
public static string szOID_RSA_signingTime = "1.2.840.113549.1.9.5";
public static string szOID_RSA_counterSign = "1.2.840.113549.1.9.6";
//+-------------------------------------------------------------------------
// Get parameter types and their corresponding data structure definitions.
//--------------------------------------------------------------------------
public const int CMSG_TYPE_PARAM = 1;
public const int CMSG_CONTENT_PARAM = 2;
public const int CMSG_BARE_CONTENT_PARAM = 3;
public const int CMSG_INNER_CONTENT_TYPE_PARAM = 4;
public const int CMSG_SIGNER_COUNT_PARAM = 5;
public const int CMSG_SIGNER_INFO_PARAM = 6;
public const int CMSG_SIGNER_CERT_INFO_PARAM = 7;
public const int CMSG_SIGNER_HASH_ALGORITHM_PARAM = 8;
public const int CMSG_SIGNER_AUTH_ATTR_PARAM = 9;
public const int CMSG_SIGNER_UNAUTH_ATTR_PARAM = 10;
public const int CMSG_CERT_COUNT_PARAM = 11;
public const int CMSG_CERT_PARAM = 12;
public const int CMSG_CRL_COUNT_PARAM = 13;
public const int CMSG_CRL_PARAM = 14;
public const int CMSG_ENVELOPE_ALGORITHM_PARAM = 15;
public const int CMSG_RECIPIENT_COUNT_PARAM = 17;
public const int CMSG_RECIPIENT_INDEX_PARAM = 18;
public const int CMSG_RECIPIENT_INFO_PARAM = 19;
public const int CMSG_HASH_ALGORITHM_PARAM = 20;
public const int CMSG_HASH_DATA_PARAM = 21;
public const int CMSG_COMPUTED_HASH_PARAM = 22;
public const int CMSG_ENCRYPT_PARAM = 26;
public const int CMSG_ENCRYPTED_DIGEST = 27;
public const int CMSG_ENCODED_SIGNER = 28;
public const int CMSG_ENCODED_MESSAGE = 29;
public const int CMSG_VERSION_PARAM = 30;
public const int CMSG_ATTR_CERT_COUNT_PARAM = 31;
public const int CMSG_ATTR_CERT_PARAM = 32;
public const int CMSG_CMS_RECIPIENT_COUNT_PARAM = 33;
public const int CMSG_CMS_RECIPIENT_INDEX_PARAM = 34;
public const int CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM = 35;
public const int CMSG_CMS_RECIPIENT_INFO_PARAM = 36;
public const int CMSG_UNPROTECTED_ATTR_PARAM = 37;
public const int CMSG_SIGNER_CERT_ID_PARAM = 38;
public const int CMSG_CMS_SIGNER_INFO_PARAM = 39;
//-------------------------------------------------------------------------
//dwObjectType for CryptQueryObject
//-------------------------------------------------------------------------
public const int CERT_QUERY_OBJECT_FILE = 0x00000001;
public const int CERT_QUERY_OBJECT_BLOB = 0x00000002;
//-------------------------------------------------------------------------
//dwContentType for CryptQueryObject
//-------------------------------------------------------------------------
//encoded single certificate
public const int CERT_QUERY_CONTENT_CERT = 1;
//encoded single CTL
public const int CERT_QUERY_CONTENT_CTL = 2;
//encoded single CRL
public const int CERT_QUERY_CONTENT_CRL = 3;
//serialized store
public const int CERT_QUERY_CONTENT_SERIALIZED_STORE = 4;
//serialized single certificate
public const int CERT_QUERY_CONTENT_SERIALIZED_CERT = 5;
//serialized single CTL
public const int CERT_QUERY_CONTENT_SERIALIZED_CTL = 6;
//serialized single CRL
public const int CERT_QUERY_CONTENT_SERIALIZED_CRL = 7;
//a PKCS#7 signed message
public const int CERT_QUERY_CONTENT_PKCS7_SIGNED = 8;
//a PKCS#7 message, such as enveloped message. But it is not a signed message,
public const int CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9;
//a PKCS7 signed message embedded in a file
public const int CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10;
//an encoded PKCS#10
public const int CERT_QUERY_CONTENT_PKCS10 = 11;
//an encoded PKX BLOB
public const int CERT_QUERY_CONTENT_PFX = 12;
//an encoded CertificatePair (contains forward and/or reverse cross certs)
public const int CERT_QUERY_CONTENT_CERT_PAIR = 13;
//-------------------------------------------------------------------------
//dwExpectedConentTypeFlags for CryptQueryObject
//-------------------------------------------------------------------------
//encoded single certificate
public const int CERT_QUERY_CONTENT_FLAG_CERT = (1 << CERT_QUERY_CONTENT_CERT);
//encoded single CTL
public const int CERT_QUERY_CONTENT_FLAG_CTL = (1 << CERT_QUERY_CONTENT_CTL);
//encoded single CRL
public const int CERT_QUERY_CONTENT_FLAG_CRL = (1 << CERT_QUERY_CONTENT_CRL);
//serialized store
public const int CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << CERT_QUERY_CONTENT_SERIALIZED_STORE);
//serialized single certificate
public const int CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << CERT_QUERY_CONTENT_SERIALIZED_CERT);
//serialized single CTL
public const int CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CTL);
//serialized single CRL
public const int CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << CERT_QUERY_CONTENT_SERIALIZED_CRL);
//an encoded PKCS#7 signed message
public const int CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED);
//an encoded PKCS#7 message. But it is not a signed message
public const int CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << CERT_QUERY_CONTENT_PKCS7_UNSIGNED);
//the content includes an embedded PKCS7 signed message
public const int CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED);
//an encoded PKCS#10
public const int CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << CERT_QUERY_CONTENT_PKCS10);
//an encoded PFX BLOB
public const int CERT_QUERY_CONTENT_FLAG_PFX = (1 << CERT_QUERY_CONTENT_PFX);
//an encoded CertificatePair (contains forward and/or reverse cross certs)
public const int CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << CERT_QUERY_CONTENT_CERT_PAIR);
//content can be any type
public const int CERT_QUERY_CONTENT_FLAG_ALL =
CERT_QUERY_CONTENT_FLAG_CERT |
CERT_QUERY_CONTENT_FLAG_CTL |
CERT_QUERY_CONTENT_FLAG_CRL |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL |
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL |
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED |
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED |
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED |
CERT_QUERY_CONTENT_FLAG_PKCS10 |
CERT_QUERY_CONTENT_FLAG_PFX |
CERT_QUERY_CONTENT_FLAG_CERT_PAIR;
//-------------------------------------------------------------------------
//dwFormatType for CryptQueryObject
//-------------------------------------------------------------------------
//the content is in binary format
public const int CERT_QUERY_FORMAT_BINARY = 1;
//the content is base64 encoded
public const int CERT_QUERY_FORMAT_BASE64_ENCODED = 2;
//the content is ascii hex encoded with "{ASN}" prefix
public const int CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3;
//-------------------------------------------------------------------------
//dwExpectedFormatTypeFlags for CryptQueryObject
//-------------------------------------------------------------------------
//the content is in binary format
public const int CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CERT_QUERY_FORMAT_BINARY);
//the content is base64 encoded
public const int CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << CERT_QUERY_FORMAT_BASE64_ENCODED);
//the content is ascii hex encoded with "{ASN}" prefix
public const int CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED);
//the content can be of any format
public const int CERT_QUERY_FORMAT_FLAG_ALL =
CERT_QUERY_FORMAT_FLAG_BINARY |
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED |
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED;
}
}
Thank you guys,
You help me a lot :)
BTW: I found simpler way how to obtain the time stamp.
here it is:
foreach (var signerInfo in signedCms.SignerInfos)
{
foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
{
if (unsignedAttribute.Oid.Value == WinCrypt.szOID_RSA_counterSign)
{
foreach (var counterSignInfo in signerInfo.CounterSignerInfos)
{
foreach (var signedAttribute in counterSignInfo.SignedAttributes)
{
if (signedAttribute.Oid.Value == WinCrypt.szOID_RSA_signingTime)
{
Pkcs9SigningTime signingTime = (Pkcs9SigningTime)signedAttribute.Values[0];
Console.Out.WriteLine("Signing Time UTC: " + signingTime.SigningTime);
}
}
}
return true;
}
}
}
Thanks to the OP for your work. I added the implementation to get the actual TimeStamp of the cert.
foreach (var signerInfo in signedCms.SignerInfos)
{
foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
{
if (unsignedAttribute.Oid.Value == WinCrypt.szOID_RSA_counterSign)
{
foreach (var counterSignInfo in signerInfo.CounterSignerInfos)
{
foreach (var signedAttribute in counterSignInfo.SignedAttributes)
{
if (signedAttribute.Oid.Value == WinCrypt.szOID_RSA_signingTime)
{
System.Runtime.InteropServices.ComTypes.FILETIME fileTime = new System.Runtime.InteropServices.ComTypes.FILETIME();
int fileTimeSize = Marshal.SizeOf(fileTime);
IntPtr fileTimePtr = Marshal.AllocCoTaskMem(fileTimeSize);
Marshal.StructureToPtr(fileTime, fileTimePtr, true);
byte[] buffdata = new byte[fileTimeSize];
Marshal.Copy(fileTimePtr, buffdata, 0, fileTimeSize);
uint buffSize = (uint)buffdata.Length;
uint encoding = WinCrypt.X509_ASN_ENCODING | WinCrypt.PKCS_7_ASN_ENCODING;
UIntPtr rsaSigningTime = (UIntPtr)(uint)Marshal.StringToHGlobalAnsi(WinCrypt.szOID_RSA_signingTime);
byte[] pbData = signedAttribute.Values[0].RawData;
uint ucbData = (uint)pbData.Length;
bool workie = WinCrypt.CryptDecodeObject(encoding, rsaSigningTime.ToUInt32(), pbData, ucbData, 0, buffdata, ref buffSize);
if (workie)
{
IntPtr fileTimePtr2 = Marshal.AllocCoTaskMem(buffdata.Length);
Marshal.Copy(buffdata, 0, fileTimePtr2, buffdata.Length);
System.Runtime.InteropServices.ComTypes.FILETIME fileTime2 = (System.Runtime.InteropServices.ComTypes.FILETIME)Marshal.PtrToStructure(fileTimePtr2, typeof(System.Runtime.InteropServices.ComTypes.FILETIME));
long hFT2 = (((long)fileTime2.dwHighDateTime) << 32) + ((uint)fileTime2.dwLowDateTime);
DateTime dte = DateTime.FromFileTime(hFT2);
Console.WriteLine(dte.ToString());
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
}
}
return true;
}
}
}
I wanted to get the subject off the digital certificate, its an OU type string like
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
I found the X509Certificate to be really slow and load the entire file into memory. I tried to read an 800Mb patch file and my memory increased by 800Mb as it read it, and it took over 30 seconds!!
I have stood on the sholders of the posters above an managed to tweak the above code to get an X509Certificate2 object hundreds of time faster than using the X509 Object.
Please read my blog post for more details with images of the performance differences. X509Certificate object c# performance and memory issues alternative – fixed
Try this:
public static X509Certificate2 GetDigitalCertificate(string filename)
{
X509Certificate2 cert = null;
int encodingType;
int contentType;
int formatType;
IntPtr certStore = IntPtr.Zero;
IntPtr cryptMsg = IntPtr.Zero;
IntPtr context = IntPtr.Zero;
if (!WinCrypt.CryptQueryObject(
WinCrypt.CERT_QUERY_OBJECT_FILE,
Marshal.StringToHGlobalUni(filename),
(WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
| WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
| WinCrypt.CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED), // <-- These are the attributes that makes it fast!!
WinCrypt.CERT_QUERY_FORMAT_FLAG_ALL,
0,
out encodingType,
out contentType,
out formatType,
ref certStore,
ref cryptMsg,
ref context))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
// Get size of the encoded message.
int cbData = 0;
if (!WinCrypt.CryptMsgGetParam(
cryptMsg,
WinCrypt.CMSG_ENCODED_MESSAGE,
0,
IntPtr.Zero,
ref cbData))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var vData = new byte[cbData];
// Get the encoded message.
if (!WinCrypt.CryptMsgGetParam(
cryptMsg,
WinCrypt.CMSG_ENCODED_MESSAGE,
0,
vData,
ref cbData))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
var signedCms = new SignedCms();
signedCms.Decode(vData);
if (signedCms.SignerInfos.Count > 0)
{
var signerInfo = signedCms.SignerInfos[0];
if (signerInfo.Certificate != null)
{
cert = signerInfo.Certificate;
}
}
return cert;
}
It seems that if you use the "WinCrypt.CERT_QUERY_CONTENT_FLAG_ALL" on the CryptQueryObject call it suffers from the same memory performance hit as the X509Certificate object, but if you trim it down to just the PKCS7 content types it performs like a dream and seems to give me the info I need.
As I see that you've got no replies anyway, let me offer one.
If you don't mind using third-party components, take a look at TElAuthenticodeVerifier component of our SecureBlackbox product. With this component you can verify the signature and check the timestamps.
The provided answers didn't worked in my case for SHA256 signing method. I newer reached the bottom within those nested foreach loops. But Nuget AuthenticodeExaminer seams to works just fine. Here is example for single certificate with single timestamp:
var extractor = new FileInspector(#"D:\Temp\file.exe");
var signTime = extractor.GetSignatures().FirstOrDefault()?.TimestampSignatures.FirstOrDefault()?.TimestampDateTime?.UtcDateTime;
I like the idea of avoiding some nasty p/invoke code by using the SignedCms class, but be aware that under some network circumstances the SignedCms constructor can block for a long time --- I'm seeing about 15 seconds on a test I'm currently running. Alejandro Campos Magencio has some information on this on his MSDN blog in a post titled Big delay while calling EnvelopedCms constructor.
Guys, I have a C# Winforms application with a panel inside the form. What I want to do is, whenever the mouse pointer enters this panel, I want to slow the movement speed of the mouse by 50%. Once the pointer moves outside this panel, I want to speed of the mouse to resume normal 100% speed. How can I accomplish this in C#?
This article might help
Here's the code from the article:
using System;
using System.Runtime.InteropServices;
namespace MouseSpeedSwitcher
{
class Program
{
public const UInt32 SPI_SETMOUSESPEED = 0x0071;
[DllImport("User32.dll")]
static extern Boolean SystemParametersInfo(
UInt32 uiAction,
UInt32 uiParam,
UInt32 pvParam,
UInt32 fWinIni);
static void Main(string[] args)
{
SystemParametersInfo(
SPI_SETMOUSESPEED,
0,
uint.Parse(args[0]),
0);
}
}
}
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace ConsoleApplication1
{
class Program
{
public const UInt32 SPI_GETMOUSESPEED = 0x0070;
const UInt32 SPIF_UPDATEINIFILE = 0x01;
const UInt32 SPIF_SENDWININICHANGE = 0x02;
[DllImport("User32.dll")]
static extern Boolean SystemParametersInfo(
UInt32 uiAction,
UInt32 uiParam,
IntPtr pvParam,
UInt32 fWinIni);
static unsafe void Main(string[] args)
{
MouseOptions m = new MouseOptions();
MouseOptions.GetDefaults();
int speed;
SystemParametersInfo(SPI_GETMOUSESPEED, 0, new IntPtr(&speed), 0);
Console.WriteLine(speed);
MouseOptions.SetDefaults();
SystemParametersInfo(SPI_GETMOUSESPEED, 0, new IntPtr(&speed), 0);
Console.WriteLine(speed);
Console.ReadLine();
}
public class MouseOptions
{
[DllImport("user32.dll")]
public static extern int SystemParametersInfo( int uAction, int uParam, IntPtr lpvParam, int fuWinIni );
[DllImport("kernel32.dll")]
public static extern int GetLastError();
public const int SPI_GETMOUSESPEED = 112;
public const int SPI_SETMOUSESPEED = 113;
private static int intDefaulSpeed = 10;
private static int intCurrentSpeed;
private static int intNewSpeed;
public static void GetDefaults()
{
intCurrentSpeed = GetMouseSpeed();
}
public static void SetDefaults()
{
if ( intCurrentSpeed == 20 )
{
SetMouseSpeed(intDefaulSpeed);
}
else if ( intCurrentSpeed < 10 )
{
SetMouseSpeed(intDefaulSpeed);
}
}
public static int GetMouseSpeed()
{
int intSpeed = 0;
IntPtr ptr;
ptr = Marshal.AllocCoTaskMem(4);
SystemParametersInfo(SPI_GETMOUSESPEED, 0, ptr, 0);
intSpeed = Marshal.ReadInt32(ptr);
Marshal.FreeCoTaskMem(ptr);
return intSpeed;
}
public static void SetMouseSpeed( int intSpeed )
{
IntPtr ptr = new IntPtr(intSpeed);
int b = SystemParametersInfo(SPI_SETMOUSESPEED, 0, ptr, 0);
if (b == 0)
{
Console.WriteLine("Not able to set speed");
}
else if ( b == 1 )
{
Console.WriteLine("Successfully done");
}
}
}
}
}
As it was not very clear how to use code from the answers, I found more concise solution for changing Mouse speed. Add this code to class where you want to change the speed:
[DllImport("user32.dll", CharSet = CharSet.Auto),]
public static extern int SystemParametersInfo(uint uiAction, uint uiParam, uint pvParam, uint fWinIni);
And then call SystemParametersInfo with required Mouse speed:
//SPEED is an integer value between 0 and 20. 10 is the default.
SystemParametersInfo(113,0,SPEED,0);
Not forget to add using System.Runtime.InteropServices; Credits.