Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

When Cecil met Dot...

Ok, I admit, I'm a big Cecil fan. I started looking at Cecil as soon as it hit Mono's SVN repository. Jean Bastiste Evain has done a great job to make Cecil the best assembly/metadata/IL reader library ever, and while Cecil may not be ready for prime time, at least if you need writing abilities, it is already very capable and has proven a lot of fun to work with.

My first project using Cecil was to re-write a better version of the permview tool. This is the tool that can extract the declarative security attributes inside an assembly metadata - something no managed API (before 2.0) could do [note: the current version, shipping in Mono 1.1.x is limited to assembly-level security attributes]. This new and fully functional (even more than the original version) of permview.exe is located inside Cecil SVN trunk. It's currently unsupported as no version of Cecil as yet been released with any Mono release.

Following this I began using Cecil to extract some informations about Mono's assemblies. For example it is very simple for Cecil to find (some) potentially critical, from a security point of view, methods (e.g. internal calls, p/invokes, ...) in assemblies - which then allows me (or anyone else ;-) to track their changes (e.g. changing it's declaration from private to public). This is nice but not enough - it still requires a lot of manual work as we do not have the context (good guys / bad guys) of the calls.

Again Cecil helps as it can read IL. So it is (again) easy to use Cecil to learn that method A calls methods X, Y and Z. Knowning this for every methods we're now able to deduce that X, a critical method, is being called by A.

Sadly extracting (a lot of) data is much easier than interpretating it. Human minds, well I can only speak for mine but I'll generalize for the benefits of other monkey-like coding creatures, can absorb a lot of data. However the representation of the data makes a big difference how much/fast the data can be processed. So this is when I (finally) introduced Cecil to Dot.

The dot-generated graphic shows the critical method Suspend_internal, an internal call in Mono's mscorlib.dll, in red. We can see that the icall cannot be directly called by public code outside the assembly (as there's no link between any public method and the icall.

We can see that the only* way to get to the icall is thru of of the two public Thread.Suspend methods. Both methods being protected by Code Access Security (CAS) demands for ControlThread.

Seeing this I already feel a lot better about the security of that particular icall. One done, a few thousands more to do... and yes - you can click on the public methods ;-).

* No I'm not really concerned about reflection (if you can reflect you better be a nice guy or it's too late) or bad code inside mscorlib.dll - again too late.

Void\lThread\lAbort\l()\l Void\lThread\lAbort\l(Object)\l


3/27/2005 21:40:52 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.