Hijacking .Net Vol 1: Role Based Security
I had to read this – touted as the first volume in a series that could be for .NET what Appleman’s books were for the Win32 API. A fair bit of the book is just a guided tour of windows role based security, well written though. The core of the ‘hijacking’ part could be boiled down to a couple of pages. Essentially it’s this:
Marking a class or method as private in .NET impacts its visibility, but not its security boundary – i.e. it is possible to invoke private methods. And vs.net provides all the means necessary to do so:
Step One – navigate to the library/class you want with ildasm and have a peek at the IL. From that its pretty straightforward to grok the private objects/methods you might be interested in.
Step Two – use the InvokeMember method of the Type class to make use of private class/method.
That’s it. Classic Win32 API Appleman this is not, how useful the technique is – I’m not sure (not in commercial work), but it’s still worth a read.
