P/Invoking CryptoAPI in .NET (VB.NET version)

Hi, welcome back, This is a continuation of my previous post, P/Invoking CryptoAPI in .NET (C# version). Here you have the most common P/Invoke CryptoAPI declarations I’ve successfully used in the past, but this time for VB.NET (Note: I’ve included a couple of auxiliary functions which may be of help, too. CertContextFromCertSubject gets a certificate context from a certificate in MY/Personal…

5

P/Invoking CryptoAPI in .NET (C# version)

Hi, welcome back, Sometimes we need to call CryptoAPI from .NET because classes in System.Security.Cryptography namespace have their limitations. For instance, we can’t create a temporary key container with RSACryptoServiceProvider, but we can do it with CRYPT_VERIFYCONTEXT flag and CryptAcquireContext API. RSACryptoServiceProvider will end up calling CryptAcquireContext, but we can’t pass CRYPT_VERIFYCONTEXT to it.   You can find more info about all…

10

How to debug LSASS.exe process

Hi, welcome back, I’ve been dealing these days with an issue about a Custom Authentication Package which was crashing LSASS.exe process even before we had the opportunity to log on the machine. So, how can I debug the package/LSASS process with my favorite debugger, WinDbg (Debugging Tools for Windows), to know what’s going on there? To make things easier…

6

How to trace CryptoAPI calls (2)

Hi, welcome back, Let’s try to understand a bit better what’s going on my CryptoAPI Tracer script.  Let’s take a look to one of the most important breakpoints I set on a CryptoAPI function: bm Advapi32!CryptAcquireContextW “.printf \”\\n>>>>>>>>>>>>>>>>>>>>>>\\n\\nCryptAcquireContextW (%#x)\\n\”, @$tid;    .echo;.echo IN;    .echo pszContainer; .if(poi(@esp+8)=0) {.echo NULL} .else {du poi(@esp+8)};    .echo;.echo pszProvider; .if(poi(@esp+c)=0) {.echo NULL} .else…

2