(I)What is CODE Access security?
CAS is part of .NET security model that determines whether a piece of code is allowed to run and
what resources it can use while running. Example CAS will allow an application to read but not
to write and delete a file or a resource from a folder..
(I)What is a satellite assembly?
Refer Localization chapter for more details
(A) How to prevent my .NET DLL to be decompiled?
By design, .NET embeds rich Meta data inside the executable code using MSIL. Any one can
easily decompile your DLL back using tools like ILDASM (owned by Microsoft) or Reflector for
.NET which is a third party. Secondly, there are many third party tools, which make this
decompiling process a click away. So any one can easily look in to your assemblies and reverse
engineer them back in to actual source code and understand some real good logic, which can
make it easy to crack your application.
The process by which you can stop this reverse engineering is using “obfuscation”. It is a
technique, which will foil the decompilers. Many third parties (XenoCode, Demeanor for .NET)
provide .NET obfuscation solution. Microsoft includes one that is Dotfuscator Community
Edition with Visual Studio.NET.
(I) what is the difference between Convert.toString and .toString ()
method?
Just to give an understanding of what the above question means see the below code.
int i =0;
MessageBox.Show(i.ToString());
MessageBox.Show(Convert.ToString(i));
We can convert the integer “i” using “i.ToString()” or “Convert.ToString” so what is the
difference. The basic difference between them is “Convert” function handles NULLS while
“i.ToString()” does not it will throw a NULL reference exception error. So as a good coding
practice using “convert” is always safe.
(A) What is Native Image Generator (Ngen.exe)?
The Native Image Generator utility (Ngen.exe) allows you to run the JIT compiler on your
assembly's MSIL and generate native machine code which is cached to disk. After the image is
created .NET runtime will use the image to run the code rather than from the hard disk. Running
Ngen.exe on an assembly potentially allows the assembly to load and execute faster, because it
restores code and data structures from the native image cache rather than generating them
dynamically.
Below are some points to be remembered for Native Image Generator:-
• Native images load faster than MSIL because JIT compilation and type-safety
verifications is eliminated.
• If you are sharing code between process Ngen.exe improves the performance
significantly. As Native image generated Windows PE file so a single DLL file can
be shared across applications. By contrast JIT produced code are private to an
assembly and cannot be shared.
• Native images enable code sharing between processes.
• Native images require more storage space and more time to generate.
• Startup time performance improves lot. We can get considerable gains when
applications share component assemblies because after the first application has been
started the shared components are already loaded for subsequent applications. If
assemblies in an application must be loaded from the hard disk, does not benefit as
much from native images because the hard disk access time shadows everything.
• Assemblies in GAC do not benefit from Native image generator as the loader
performs extra validation on the strong named assemblies thus shadowing the
benefits of Native Image Generator.
• If any of the assemblies change then Native image should also be updated.
• You should have administrative privilege for running Ngen.exe.
• While this can fasten, your application startup times as the code is statically compiled
but it can be somewhat slower than the code generated dynamically by the JIT
compiler. Therefore, you need to compare how the whole application performance
with Ngen.exe and with out it.
To run Ngen.exe, use the following command line.
ngen.exe install
This will synchronously precompile the specified assembly and all of its dependencies. The
generated native images are stored in the native image cache.
In .NET Framework 2.0 there is a service (.NET Runtime Optimization Service) which can
precompile managed assemblies in the background. You can schedule your assemblies to be
precompiled asynchronously by queuing them up with the NGEN Service. Use the following
command line.
Ngen.exe install /queue :
Assemblies, which are critical to your application’s start up time, should be precompiled either
synchronously or asynchronously with priority 1. Priority 1 and 2 assemblies are precompiled
aggressively while Priority 3 assemblies are only precompiled during machine idle-time.
Synchronously precompiling your critical assemblies guarantees that the native images will be
available prior to the first time your end user launches the application but increases the time taken
to run your application's set up program.
You can uninstall an assembly and its dependencies (if no other assemblies are dependent on
them) from the native image cache by running the following command.
ngen.exe uninstall
Native images created using Ngen.exe cannot be deployed; instead, they need to be created on the
end user's machine. These commands therefore need to be issued as part of the application's setup
program. Visual Studio .NET can be used to implement this behavior by defining custom actions
in a Microsoft Installer (MSI) package.
Note:- One of the things the interviewer will expect to be answered is
what scenario will use a Native Image generator. Best is to say that we
first need to test the application performance with Native Image and
with out it and then make a decision. If we see that we have
considerable performance difference we can then use native image
generator.
(A) If we have two version of same assembly in GAC how do we make
a choice?
Note:- We really want to explain this in depth for two reasons. First
we have seen this question been frequently asked and second it’s of
real practical importance. So let’s try to get this fundamental not in
our brain but in our heart.
OK first let us try to understand what the interviewer is talking about. Let us say you have made
an application and its using a DLL which is present in GAC. Now for some reason you make
second version of the same DLL and put it in GAC. Now which DLL does the application refer?
Ok by default, it always uses the version by which you have compiled. However, you want that it
should actually use the older version.
So first, we answer in short. You need to specify “bindingRedirect” in your config file. For
instance in the below case “ClassLibraryVersion” has two versions “1.1.1830.10493” and
“1.0.1830.10461” from which “1.1.1830.10493” is the recent version. However, using the
bindingRedirect we can specify saying “1.0.1830.10461” is the new version. Therefore, the client
will not use “1.1.1830.10493”.
PublicKeyToken="b035c4774706cc72"
Culture="neutral"/>
NewVersion= "1.0.1830.10461"/>
Ok now we will try to answer it in long way by doing a small sample project. Again, this project
will be done using C#. In CD you can find the “Versioning” project. Below is the solution
display, it has two projects one the windows client project (“WindowsVersioningCSharp”) and
second the class library project (“ClassLibraryVersion”) which will be installed in GAC with two
versions.
Figure 1.11: - Solution files for the versioning project.
Our first primary goal is to put two different versions of the same DLL in GAC. So let us make a
walk through of “ClassLibraryVersion” project. It is a very simple class that has “Version”
function, which just sends a string “This is old Version”. Second, we will also just ensure that the
assembly version is “1.0” in the “AssemblyInfo.cs”.
Figure 1.12: - Assembly Version 1.0
Second, in order that we can put a DLL in GAC we need to create generate strong names and
assign the same to the class. For instance, in below figure I have generated the strong name in
“mykey.snk” and assigned the same to the DLL.
Figure 1.13: - Strong naming your DLL
Finally, we need to install the same in GAC using “gacutil” tool. Below is the figure that shows
the same. This installs one version of “ClassLibraryVersion.dll” in GAC.
Figure 1.14: - Install the same in GAC
Now it is time to create a second version of the DLL. So here is what we will do first, we will just
return a different string value for this new version DLL. You can see in the below figure I have
changed the string to return “This is New Version”. Secondly we also need to change the
AssemblyVersion to “1.1.*” in the “AssemblyInfo.cs” file. After that again compile the DLL and
run the “gacutil” to register this second version of the “ClasLibraryVersion.dll”.
Figure 1.15: - Rename to Assembly Version 1.1
Now when we view the GAC we can see two version of “ClassLibraryVersion” i.e.
“1.1.1832.2619” and “1.0.1832.2172” (see figure below).
Figure 1.16: - Two version of “ClassLibraryVersion” dll.
Now that we have created the environment of two version of the same DLL in GAC its time to
look at how client can make a choice between those versions. We need to generate
“publicKeyToken” in order to move ahead. Below is a sample print screen, which shows how we
can use “sn.exe” to generated the public key token. Note the “-T” parameter.
Figure 1.17: - Get the PublicKeyToken
Now let us look at the client that will consume this DLL. I have just added windows form and a
button to the same. In the button click, we will try to call the version function and display the
data. Therefore, below is the code in the first step we create the object of
“ClassLibraryVersion.Class1” and in the second step we call the “Version” function to display
the data.
Figure 1.18: - Client code calling the GAC class.
Now comes the most important part of the whole thing the “app.config” file, which will decide
which version, should be used. So add a new “app.config” file in the project and add the
“AssemblyBinding” section as show below. Therefore, you need to specify the following things:-
• Assembly name in the “name” attribute of “assemblyIdentity” section.
• Specify the “publicKeyToken” value in the “assemblyIndentity”section which was
generated using “sn.exe –T ‘dllname.dll’ “.
• Specify the “oldVersion” and “newVersion” values in the “bindingRedirect” element. So
whatever version we want the client to use should be specified in the “newVersion”
attribute.
You can see from the figure below I have specified that client should use “1.0.*” version.
Therefore, the client will display “This is old Version”.
Figure 1.19: - App.config file using the BindingRedirect
If you run the source code with changing version numbers you can see the below two message
boxes on different version numbers.” This is old version” will be displayed when “newVersion”
value is “1.0.1832.5411” and “This is new Version” will be displayed when “newVersion” value
is “1.1.1832.5427”.
Figure 1.20: - Different Display depending on version numbers
Note:- Source code is provided in “versioning” folder. But as you
compile the DLL’s different publicToken numbers are created so you need
to run the sn.exe in your machine and change the token number
accordingly in the “App.config” file.
Read more ...
CAS is part of .NET security model that determines whether a piece of code is allowed to run and
what resources it can use while running. Example CAS will allow an application to read but not
to write and delete a file or a resource from a folder..
(I)What is a satellite assembly?
Refer Localization chapter for more details
(A) How to prevent my .NET DLL to be decompiled?
By design, .NET embeds rich Meta data inside the executable code using MSIL. Any one can
easily decompile your DLL back using tools like ILDASM (owned by Microsoft) or Reflector for
.NET which is a third party. Secondly, there are many third party tools, which make this
decompiling process a click away. So any one can easily look in to your assemblies and reverse
engineer them back in to actual source code and understand some real good logic, which can
make it easy to crack your application.
The process by which you can stop this reverse engineering is using “obfuscation”. It is a
technique, which will foil the decompilers. Many third parties (XenoCode, Demeanor for .NET)
provide .NET obfuscation solution. Microsoft includes one that is Dotfuscator Community
Edition with Visual Studio.NET.
(I) what is the difference between Convert.toString and .toString ()
method?
Just to give an understanding of what the above question means see the below code.
int i =0;
MessageBox.Show(i.ToString());
MessageBox.Show(Convert.ToString(i));
We can convert the integer “i” using “i.ToString()” or “Convert.ToString” so what is the
difference. The basic difference between them is “Convert” function handles NULLS while
“i.ToString()” does not it will throw a NULL reference exception error. So as a good coding
practice using “convert” is always safe.
(A) What is Native Image Generator (Ngen.exe)?
The Native Image Generator utility (Ngen.exe) allows you to run the JIT compiler on your
assembly's MSIL and generate native machine code which is cached to disk. After the image is
created .NET runtime will use the image to run the code rather than from the hard disk. Running
Ngen.exe on an assembly potentially allows the assembly to load and execute faster, because it
restores code and data structures from the native image cache rather than generating them
dynamically.
Below are some points to be remembered for Native Image Generator:-
• Native images load faster than MSIL because JIT compilation and type-safety
verifications is eliminated.
• If you are sharing code between process Ngen.exe improves the performance
significantly. As Native image generated Windows PE file so a single DLL file can
be shared across applications. By contrast JIT produced code are private to an
assembly and cannot be shared.
• Native images enable code sharing between processes.
• Native images require more storage space and more time to generate.
• Startup time performance improves lot. We can get considerable gains when
applications share component assemblies because after the first application has been
started the shared components are already loaded for subsequent applications. If
assemblies in an application must be loaded from the hard disk, does not benefit as
much from native images because the hard disk access time shadows everything.
• Assemblies in GAC do not benefit from Native image generator as the loader
performs extra validation on the strong named assemblies thus shadowing the
benefits of Native Image Generator.
• If any of the assemblies change then Native image should also be updated.
• You should have administrative privilege for running Ngen.exe.
• While this can fasten, your application startup times as the code is statically compiled
but it can be somewhat slower than the code generated dynamically by the JIT
compiler. Therefore, you need to compare how the whole application performance
with Ngen.exe and with out it.
To run Ngen.exe, use the following command line.
ngen.exe install
This will synchronously precompile the specified assembly and all of its dependencies. The
generated native images are stored in the native image cache.
In .NET Framework 2.0 there is a service (.NET Runtime Optimization Service) which can
precompile managed assemblies in the background. You can schedule your assemblies to be
precompiled asynchronously by queuing them up with the NGEN Service. Use the following
command line.
Ngen.exe install
Assemblies, which are critical to your application’s start up time, should be precompiled either
synchronously or asynchronously with priority 1. Priority 1 and 2 assemblies are precompiled
aggressively while Priority 3 assemblies are only precompiled during machine idle-time.
Synchronously precompiling your critical assemblies guarantees that the native images will be
available prior to the first time your end user launches the application but increases the time taken
to run your application's set up program.
You can uninstall an assembly and its dependencies (if no other assemblies are dependent on
them) from the native image cache by running the following command.
ngen.exe uninstall
Native images created using Ngen.exe cannot be deployed; instead, they need to be created on the
end user's machine. These commands therefore need to be issued as part of the application's setup
program. Visual Studio .NET can be used to implement this behavior by defining custom actions
in a Microsoft Installer (MSI) package.
Note:- One of the things the interviewer will expect to be answered is
what scenario will use a Native Image generator. Best is to say that we
first need to test the application performance with Native Image and
with out it and then make a decision. If we see that we have
considerable performance difference we can then use native image
generator.
(A) If we have two version of same assembly in GAC how do we make
a choice?
Note:- We really want to explain this in depth for two reasons. First
we have seen this question been frequently asked and second it’s of
real practical importance. So let’s try to get this fundamental not in
our brain but in our heart.
OK first let us try to understand what the interviewer is talking about. Let us say you have made
an application and its using a DLL which is present in GAC. Now for some reason you make
second version of the same DLL and put it in GAC. Now which DLL does the application refer?
Ok by default, it always uses the version by which you have compiled. However, you want that it
should actually use the older version.
So first, we answer in short. You need to specify “bindingRedirect” in your config file. For
instance in the below case “ClassLibraryVersion” has two versions “1.1.1830.10493” and
“1.0.1830.10461” from which “1.1.1830.10493” is the recent version. However, using the
bindingRedirect we can specify saying “1.0.1830.10461” is the new version. Therefore, the client
will not use “1.1.1830.10493”.
PublicKeyToken="b035c4774706cc72"
Culture="neutral"/>
NewVersion= "1.0.1830.10461"/>
Ok now we will try to answer it in long way by doing a small sample project. Again, this project
will be done using C#. In CD you can find the “Versioning” project. Below is the solution
display, it has two projects one the windows client project (“WindowsVersioningCSharp”) and
second the class library project (“ClassLibraryVersion”) which will be installed in GAC with two
versions.
Figure 1.11: - Solution files for the versioning project.
Our first primary goal is to put two different versions of the same DLL in GAC. So let us make a
walk through of “ClassLibraryVersion” project. It is a very simple class that has “Version”
function, which just sends a string “This is old Version”. Second, we will also just ensure that the
assembly version is “1.0” in the “AssemblyInfo.cs”.
Figure 1.12: - Assembly Version 1.0
Second, in order that we can put a DLL in GAC we need to create generate strong names and
assign the same to the class. For instance, in below figure I have generated the strong name in
“mykey.snk” and assigned the same to the DLL.
Figure 1.13: - Strong naming your DLL
Finally, we need to install the same in GAC using “gacutil” tool. Below is the figure that shows
the same. This installs one version of “ClassLibraryVersion.dll” in GAC.
Figure 1.14: - Install the same in GAC
Now it is time to create a second version of the DLL. So here is what we will do first, we will just
return a different string value for this new version DLL. You can see in the below figure I have
changed the string to return “This is New Version”. Secondly we also need to change the
AssemblyVersion to “1.1.*” in the “AssemblyInfo.cs” file. After that again compile the DLL and
run the “gacutil” to register this second version of the “ClasLibraryVersion.dll”.
Figure 1.15: - Rename to Assembly Version 1.1
Now when we view the GAC we can see two version of “ClassLibraryVersion” i.e.
“1.1.1832.2619” and “1.0.1832.2172” (see figure below).
Figure 1.16: - Two version of “ClassLibraryVersion” dll.
Now that we have created the environment of two version of the same DLL in GAC its time to
look at how client can make a choice between those versions. We need to generate
“publicKeyToken” in order to move ahead. Below is a sample print screen, which shows how we
can use “sn.exe” to generated the public key token. Note the “-T” parameter.
Figure 1.17: - Get the PublicKeyToken
Now let us look at the client that will consume this DLL. I have just added windows form and a
button to the same. In the button click, we will try to call the version function and display the
data. Therefore, below is the code in the first step we create the object of
“ClassLibraryVersion.Class1” and in the second step we call the “Version” function to display
the data.
Figure 1.18: - Client code calling the GAC class.
Now comes the most important part of the whole thing the “app.config” file, which will decide
which version, should be used. So add a new “app.config” file in the project and add the
“AssemblyBinding” section as show below. Therefore, you need to specify the following things:-
• Assembly name in the “name” attribute of “assemblyIdentity” section.
• Specify the “publicKeyToken” value in the “assemblyIndentity”section which was
generated using “sn.exe –T ‘dllname.dll’ “.
• Specify the “oldVersion” and “newVersion” values in the “bindingRedirect” element. So
whatever version we want the client to use should be specified in the “newVersion”
attribute.
You can see from the figure below I have specified that client should use “1.0.*” version.
Therefore, the client will display “This is old Version”.
Figure 1.19: - App.config file using the BindingRedirect
If you run the source code with changing version numbers you can see the below two message
boxes on different version numbers.” This is old version” will be displayed when “newVersion”
value is “1.0.1832.5411” and “This is new Version” will be displayed when “newVersion” value
is “1.1.1832.5427”.
Figure 1.20: - Different Display depending on version numbers
Note:- Source code is provided in “versioning” folder. But as you
compile the DLL’s different publicToken numbers are created so you need
to run the sn.exe in your machine and change the token number
accordingly in the “App.config” file.
