How to call CreateProcessWithLogonW & CreateProcessAsUser in .NET

Hi, welcome back, Sometimes .NET’s System.Diagnostics.Process class and its Start method are not enough for our purposes and we need to call Win32 API directly from .NET (P/Invoke mechanism) to be able to create a process the way we need. Here you have a sample you might find useful. It includes P/Invoke declarations and usage samples…

11

SCardGetStatusChange fails with SCARD_E_NO_SERVICE error

Hi, welcome back,   Smart Card Redirection on Microsoft Remote Desktop Protocol (RDP) client 6.0 may cause SCardGetStatusChange to fail with error 0x8010001d – SCARD_E_NO_SERVICE – “The Smart card resource manager is not running.”.   When a user connects from her machine A (i.e. Windows XP SP2) to a remote machine B (i.e. Windows Vista) using Microsoft RDP client,…

3

Key Containers: Basics

Hi, welcome back, Let’s talk today a bit about Key Containers in CryptoAPI. Key containers can be created in user’s profile or machine’s. User-level key containers can only be used by the user in which profile they’ve been created, and machine-level key containers can be used by anyone with access to them. Keys are usually in…

7

Smart Card’s PIN gets cached

Hi, welcome back, When we use a Smart Card with any application (i.e. Internet Explorer), the PIN that user inserted to access the card the first time may get cached and not requested again during the live of the application. But what if we need the PIN to be requested everytime we use the card with that application? The Smart…

1

XmlDsigC14NTransform normalization behavior depends on input type

Hi, welcome back,  When using System.Security.Cryptography.Xml.XmlDsigC14NTransform, depending on the input type (XmlDsigC14NTransform.InputTypes) being passed to its LoadInput method, the result of its GetOutput method could be different: – If we pass a Stream to XmlDsigC14NTransform, it will normalize line feeds from 0xd 0xa (“\r\n”) to 0xa (“\n”) before canonicalization. After canonicalization, we will only see 0xa…

0

RSACryptoServiceProvider fails when used with ASP.NET

Hi, welcome back, I will talk today about a very common issue we face when we try to use .NET’s RSACryptoServiceProvider class in ASP.NET. When we try to create a new RSACryptoServiceProvider object in this scenario, we may get the following exception: “System.Security.Cryptography.CryptographicException: The system cannot find the file specified”.   By using my CryptoAPI Tracer…

16

P/Invoking CryptoAPI in .NET (VB.NET version)

Hi, welcome back, This is a continuation of my previous post, P/Invoking CryptoAPI in .NET (C# version). Here you have the most common P/Invoke CryptoAPI declarations I’ve successfully used in the past, but this time for VB.NET (Note: I’ve included a couple of auxiliary functions which may be of help, too. CertContextFromCertSubject gets a certificate context from a certificate in MY/Personal…

5

P/Invoking CryptoAPI in .NET (C# version)

Hi, welcome back, Sometimes we need to call CryptoAPI from .NET because classes in System.Security.Cryptography namespace have their limitations. For instance, we can’t create a temporary key container with RSACryptoServiceProvider, but we can do it with CRYPT_VERIFYCONTEXT flag and CryptAcquireContext API. RSACryptoServiceProvider will end up calling CryptAcquireContext, but we can’t pass CRYPT_VERIFYCONTEXT to it.   You can find more info about all…

10

How to debug LSASS.exe process

Hi, welcome back, I’ve been dealing these days with an issue about a Custom Authentication Package which was crashing LSASS.exe process even before we had the opportunity to log on the machine. So, how can I debug the package/LSASS process with my favorite debugger, WinDbg (Debugging Tools for Windows), to know what’s going on there? To make things easier…

6

How to trace CryptoAPI calls (2)

Hi, welcome back, Let’s try to understand a bit better what’s going on my CryptoAPI Tracer script.  Let’s take a look to one of the most important breakpoints I set on a CryptoAPI function: bm Advapi32!CryptAcquireContextW “.printf \”\\n>>>>>>>>>>>>>>>>>>>>>>\\n\\nCryptAcquireContextW (%#x)\\n\”, @$tid;    .echo;.echo IN;    .echo pszContainer; .if(poi(@esp+8)=0) {.echo NULL} .else {du poi(@esp+8)};    .echo;.echo pszProvider; .if(poi(@esp+c)=0) {.echo NULL} .else…

2