P/Invoking CryptoAPI in .NET (VB.NET version)

Hi, welcome back, This is a continuation of my previous post, P/Invoking CryptoAPI in .NET (C# version). Here you have the most common P/Invoke CryptoAPI declarations I’ve successfully used in the past, but this time for VB.NET (Note: I’ve included a couple of auxiliary functions which may be of help, too. CertContextFromCertSubject gets a certificate context from a certificate in MY/Personal…


P/Invoking CryptoAPI in .NET (C# version)

Hi, welcome back, Sometimes we need to call CryptoAPI from .NET because classes in System.Security.Cryptography namespace have their limitations. For instance, we can’t create a temporary key container with RSACryptoServiceProvider, but we can do it with CRYPT_VERIFYCONTEXT flag and CryptAcquireContext API. RSACryptoServiceProvider will end up calling CryptAcquireContext, but we can’t pass CRYPT_VERIFYCONTEXT to it.   You can find more info about all…


How to debug LSASS.exe process

Hi, welcome back, I’ve been dealing these days with an issue about a Custom Authentication Package which was crashing LSASS.exe process even before we had the opportunity to log on the machine. So, how can I debug the package/LSASS process with my favorite debugger, WinDbg (Debugging Tools for Windows), to know what’s going on there? To make things easier…


How to trace CryptoAPI calls (2)

Hi, welcome back, Let’s try to understand a bit better what’s going on my CryptoAPI Tracer script.  Let’s take a look to one of the most important breakpoints I set on a CryptoAPI function: bm Advapi32!CryptAcquireContextW “.printf \”\\n>>>>>>>>>>>>>>>>>>>>>>\\n\\nCryptAcquireContextW (%#x)\\n\”, @$tid;    .echo;.echo IN;    .echo pszContainer; .if(poi(@esp+8)=0) {.echo NULL} .else {du poi(@esp+8)};    .echo;.echo pszProvider; .if(poi(@esp+c)=0) {.echo NULL} .else…