Developer Tips & Hints

SPECIALTHANKS TO http://www.securelist.com  Nikolay Grebennikov (2007) This article is a continuation of the previous report on keyloggers. It offers a detailed analysis of the technical aspects and inner workings of keyloggers. As was noted in the first article, keyloggers are essentially designed to be injected between any two links in the chain whereby a signal is transmitted from a key being pressed to symbols appearing on the screen. This article provides both an overview of which links exist in this chain, and how both software and hardware keyloggers work. This article is written for technical specialists and experienced users. Other users, who are not part of this target group, should simply be aware that Windows offers a multitude of ways in which data entered via the keyboard can be harvested, although the vast majority of keyloggers only use two of these methods (see:  Designing keyloggers, the first part of the article ). It should be stressed that this article does

SPECIALTHANKS TO http://www.securelist.com  Nikolay Grebennikov (2007) In February 2005, Joe Lopez, a businessman from Florida, filed a  suit  against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia. An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account. However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003. Joe Lopez’s losses were caused by a combination of over

       Download software via  http://www.ontimenow.com

Explicit Phrase: Lets say you are looking for content about internet marketing.  Instead of just typing  internet marketing  into the Google search box, you will likely be better off searching explicitly for the phrase.  To do this, simply enclose the search phrase within double quotes. Example: "internet marketing" Exclude Words: Lets say you want to search for content about internet marketing, but you want to exclude any results that contain the term  advertising .  To do this, simply use the "-" sign in front of the word you want to exclude. Example Search: internet marketing -advertising Site Specific Search: Often, you want to search a specific website for content that matches a certain phrase.  Even if the site doesn’t support a built-in search feature, you can use Google to search the site for your term. Simply use the "site:somesite.com" modifier. Example: "internet marketing" site:www.smallbusinesshub.com

The following code example shows how to use the  DllImportAttribute  attribute to import the Win32  MessageBox  function. The code example then calls the imported method. C# using System; using System.Runtime.InteropServices; class Example { // Use DllImport to import the Win32 MessageBox function. [DllImport( "user32.dll" , CharSet = CharSet.Unicode)] public static extern int MessageBox(IntPtr hWnd, String text, String caption, uint type); static void Main() { // Call the MessageBox function using platform invoke. MessageBox( new IntPtr(0), "Hello World!" , "Hello Dialog" , 0); } }

1.Make back up of your .sln file   2.Open the .sln file corresponding to the Project to be converted with Notepad   Locate the following line: Microsoft Visual Studio Solution File, Format Version 11.00 Replace 11.00 with 10.00 3.Locate the following line: # Visual Studio 10 4.Replace 2010 with 2008 5.Save the File 6.Delete the .cache files existing in the following paths: * obj/debug * obj/release 7.Open the project with Visual Studio 2008 8.Build the project with Visual Studio 2008

First you’ll need to open a command prompt in administrator mode by right-clicking and choosing “Run as administrator” (or use the Ctrl+Shift+Enter shortcut from the search box) Now type the following command: net user administrator /active:yes  You should see a message that the command completed successfully. Log out, and you’ll now see the Administrator account as a choice.

Develop, configure, and deploy applications by using Microsoft .NET Framework technologies http://msdn.microsoft.com/en-us/library/d9kh6s92(v=vs.90) [MSDN LINKS] Configuration and Deployment Tools Debugging Tools Security Tools General Tools SDK Command Prompt Assembly Linker (Al.exe) ASP.NET Compilation Tool (Aspnet_compiler.exe) ASP.NET Merge Tool (Aspnet_merge.exe) ASP.NET Browser Registration Tool (Aspnet_regbrowsers.exe) ASP.NET IIS Registration Tool (Aspnet_regiis.exe) ASP.NET SQL Server Registration Tool (Aspnet_regsql.exe) Windows Forms ActiveX Control Importer (Aximp.exe) Code Access Security Policy Tool (Caspol.exe) Code Generation Tool (SqlMetal.exe) Software Publisher Certificate Test Tool (Cert2spc.exe) Certificate Manager Tool (Certmgr.exe) Certificate Verification Tool (Chktrust.exe) Runtime Debugger (Cordbg.exe) CorFlags Conversion Tool (CorFlags.exe) Assembly Binding Log Viewer (Fuslogvw.exe) Global Assembly Cache Tool (Gacutil.exe) MSIL Assembler (Ilasm.exe

A partial method has its signature defined in one part of a partial type, and its implementation defined in another part of the type. Partial methods enable class designers to provide method hooks, similar to event handlers, that developers may decide to implement or not. If the developer does not supply an implementation, the compiler removes the signature at compile time. The following conditions apply to partial methods: Signatures in both parts of the partial type must match. The method must return void. No access modifiers or attributes are allowed. Partial methods are implicitly private. The following example shows a partial method defined in two parts of a partial class: namespace PM { partial class A { partial void OnSomethingHappened( string s); } // This part can be in a separate file. partial class A { // Comment out this method and the program // will still compile. partial void OnSomethingHapp

The  override  modifier is required to extend or modify the abstract or virtual implementation of an inherited method, property, indexer, or event. In this example, the  Square  class must provide an overridden implementation of  Area  because  Area  is inherited from the abstract  ShapesClass : abstract class ShapesClass { abstract public int Area(); } class Square : ShapesClass { int side = 0; public Square( int n) { side = n; } // Area method is required to avoid // a compile-time error. public override int Area() { return side * side; } static void Main() { Square sq = new Square(12); Console.WriteLine( "Area of the square = {0}" , sq.Area()); } interface I { void M(); } abstract class C : I { public abstract void M(); } } // Output: Area of the square = 144 An  override  method provides a new implementation

Indicates that the attributed method is exposed by an unmanaged dynamic-link library (DLL) as a static entry point. Namespace:    System.Runtime.InteropServices Assembly:    mscorlib  (in mscorlib.dll) You can apply this attribute to methods. The  DllImportAttribute  attribute provides the information needed to call a function exported from an unmanaged DLL. As a minimum requirement, you must supply the name of the DLL containing the entry point. You apply this attribute directly to C# and C++ method definitions; however, the Visual Basic compiler emits this attribute when you use the  Declare  statement. For complex method definitions that include  BestFitMapping ,  CallingConvention ,  ExactSpelling ,  PreserveSig ,  SetLastError , (MSDN LINK)  or   ThrowOnUnmappableChar   (MSDN LINK)   fields, you apply this attribute directly to Visual Basic method definitions. Note    JScript does not support this attribute. You can use C# or Visual Basic wrapper classes to acce

The  extern  modifier is used to declare a method that is implemented externally. A common use of the  extern  modifier is with the  DllImport  attribute when you are using Interop services to call into unmanaged code. In this case, the method must also be declared as  static , as shown in the following example: [DllImport("avifil32.dll")] private static extern void AVIFileInit(); NOTE: The  extern  keyword can also define an external assembly alias, which makes it possible to reference different versions of the same component from within a single assembly. For more information, see  extern alias (C# Reference) . It is an error to use the  abstract (C# Reference)  (MSDN LINK)  and  extern  modifiers together to modify the same member. Using the  extern  modifier means that the method is implemented outside the C# code, whereas using the  abstract  modifier means that the method implementation is not provided in the class. NOTE: The  extern  keyword has more limited

The  yield  keyword signals to the compiler that the method in which it appears is an iterator block. The compiler generates a class to implement the behavior that is expressed in the iterator block. In the iterator block, the  yield  keyword is used together with the  return  keyword to provide a value to the enumerator object. This is the value that is returned, for example, in each loop of a  foreach  statement. The  yield  keyword is also used with  break  to signal the end of iteration. For more information about iterators, see  Iterators (C# Programming Guide) .(MSDN LINK) The following example shows the two forms of the yield statement. public static IEnumerable Power( int number, int exponent) { int counter = 0; int result = 1; while (counter++ < exponent) { result = result * number; yield return result; } }

The  out  keyword causes arguments to be passed by reference. This is like the  ref  keyword, except that  ref  requires that the variable be initialized before it is passed. To use an  out  parameter, both the method definition and the calling method must explicitly use the  out  keyword. For example: class OutExample { static void Method( out int i) { i = 44; } static void Main() { int value; Method( out value); // value is now 44 } } Although variables passed as out arguments do not have to be initialized before being passed, the called method is required to assign a value before the method returns. Although the ref and out keywords cause different run-time behavior, they are not considered part of the method signature at compile time. Therefore, methods cannot be overloaded if the only difference is that one method takes a ref argument and the other takes an out argument. The following code, for example,

The  ref  keyword causes arguments to be passed by reference. The effect is that any changes to the parameter in the method will be reflected in that variable when control passes back to the calling method. class RefExample { static void Method( ref int i) { i = 44; } static void Main() { int val = 0; Method( ref val); // val is now 44 } }

The params keyword lets you specify a method parameter that takes a variable number of arguments. You can send a comma-separated list of arguments of the type specified in the parameter declaration, or an array of arguments of the specified type. You also can send no arguments. No additional parameters are permitted after the params keyword in a method declaration, and only one params keyword is permitted in a method declaration. public class MyClass { public static void UseParams( params int [] list) { for ( int i = 0; i < list.Length; i++) { Console.Write(list[i] + " " ); } Console.WriteLine(); } public static void UseParams2( params object [] list) { for ( int i = 0; i < list.Length; i++) { Console.Write(list[i] + " " ); } Console.WriteLine(); } static void Main() { // You can send a comma-separated l

The  lock  keyword marks a statement block as a critical section by obtaining the mutual-exclusion lock for a given object, executing a statement, and then releasing the lock. This statement takes the following form Object thisLock = new Object(); lock (thisLock) { // Critical code section. } For more information, see  Thread Synchronization (C# Programming Guide) .(MSDN link) The lock keyword ensures that one thread does not enter a critical section of code while another thread is in the critical section. If another thread tries to enter a locked code, it will wait, block, until the object is released. The section Threading (C# Programming Guide)(MSDN LINK) discusses threading. The lock keyword calls Enter at the start of the block and Exit at the end of the block. In general, avoid locking on a public type, or instances beyond your code's control. The common constructs  lock (this) ,  lock (typeof (MyType)) , and lock ("myLock")  violate this guideli