DOCSLIB.ORG

Investigating Powershell Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Investigating Powershell Attacks Investigating PowerShell Attacks Black Hat USA 2014 August 7, 2014 PRESENTED BY: Ryan Kazanciyan, Matt Hastings © Mandiant, A FireEye Company. All rights reserved. Background Case Study WinRM, Victim VPN SMB, NetBIOS Attacker Victim workstations, Client servers § Fortune 100 organization § Command-and-control via § Compromised for > 3 years § Scheduled tasks § Active Directory § Local execution of § Authenticated access to PowerShell scripts corporate VPN § PowerShell Remoting © Mandiant, A FireEye Company. All rights reserved. 2 Why PowerShell? It can do almost anything… Execute commands Download files from the internet Reflectively load / inject code Interface with Win32 API Enumerate files Interact with the registry Interact with services Examine processes Retrieve event logs Access .NET framework © Mandiant, A FireEye Company. All rights reserved. 3 PowerShell Attack Tools § PowerSploit § Posh-SecMod § Reconnaissance § Veil-PowerView § Code execution § Metasploit § DLL injection § More to come… § Credential harvesting § Reverse engineering § Nishang © Mandiant, A FireEye Company. All rights reserved. 4 PowerShell Malware in the Wild © Mandiant, A FireEye Company. All rights reserved. 5 Investigation Methodology WinRM PowerShell Remoting evil.ps1 backdoor.ps1 Local PowerShell script Persistent PowerShell Network Registry File System Event Logs Memory Traffic Sources of Evidence © Mandiant, A FireEye Company. All rights reserved. 6 Attacker Assumptions § Has admin (local or domain) on target system § Has network access to needed ports on target system § Can use other remote command execution methods to: § Enable execution of unsigned PS scripts § Enable PS remoting © Mandiant, A FireEye Company. All rights reserved. 7 Version Reference 2.0 3.0 4.0 Requires WMF Requires WMF Default (SP1) 3.0 Update 4.0 Update Requires WMF Requires WMF Default (R2 SP1) 3.0 Update 4.0 Update Requires WMF Default 4.0 Update Default Default Default (R2) © Mandiant, A FireEye Company. All rights reserved. 8 Memory Analysis Memory Analysis Scenario: Attacker interacts with target host through PowerShell remoting § What’s left in memory on the accessed system? § How can you find it? § How long does it persist? © Mandiant, A FireEye Company. All rights reserved. 10 WinRM Process Hierarchy svchost.exe Invoke-Command (DcomLaunch) {c:\evil.exe} wsmprovhost.exe Invoke-Command {Get-ChildItem C:\} evil.exe Client wsmprovhost.exe Invoke-Mimikatz.ps1 -DumpCreds –ComputerName “victim" {PS code} Victim © Mandiant, A FireEye Company. All rights reserved. 11 Remnants in Memory svchost.exe (DcomLaunch) Cmd history wsmprovhost.exe Terminate at end of evil.exe session Cmd history wsmprovhost.exe {PS code} svchost.exe Remnants of (WinRM) WinRM SOAP persist Kernel © Mandiant, A FireEye Company. All rights reserved. 12 How Long Will Evidence Remain? svchost.exe wsmprovhost.exe Kernel Memory Pagefile (WinRM) Best source of Fragments of Fragments of Fragments of Evidence command remoting I/O remoting I/O remoting I/O history, output Varies with # Varies with Varies with Single remoting Retention of remoting memory memory session sessions utilization utilization Varies – may End of remoting Max Lifetime Reboot Reboot persist beyond session reboot © Mandiant, A FireEye Company. All rights reserved. 13 Example: In-Memory Remnants SOAP in WinRM service memory, after interactive PsSession with command: echo teststring_pssession > c:\testoutput_possession.txt © Mandiant, A FireEye Company. All rights reserved. 14 Example: In-Memory Remnants WinRM service memory - Invoke-Mimikatz.ps1 executed remotely on target host © Mandiant, A FireEye Company. All rights reserved. 15 What to Look For? § WSMan & MS <rsp:CommandResponse><rsp:CommandId>""xmlns:r sp="http://schemas.microsoft.com/wbem/wsman/ PSRP Syntax 1/windows/shell"""C80927B1-C741-4E99-9F97- /wsman.xsd CBA80F23E595</a:MessageID><w:Locale xml:lang="en-US" s:mustUnderstand="false" / <rsp:Command> ><p:DataLocale xml:lang="en-US" <rsp:CommandLine> s:mustUnderstand="false" /><p:SessionId"/ w:OperationTimeout></ <rsp:Arguments> s:Header><s:Body><rsp:CommandLine <S N="Cmd“> xmlns:rsp="http://schemas.microsoft.com/wbem/ wsman/1/windows/shell" CommandId="9A153F8A- § Known attacker AA3C-4664-8600- AC186539F107"><rsp:Command>prompt""/ filenames rsp:Command><rsp:Arguments>AAAAAAAAAFkAAAAAAA AAAAMAAAajAgAAAAYQAgC2Yc+EDBrbTLq08PrufN § View context +rij8VmjyqZEaGAKwYZTnxB+ +7vzxPYmogUmVmSWQ9IjAiPjxNUz48T2JqIE49IlBvd2V around hits yU2hlbGwiIFJlZklkPSIxIj48TVM +PE9iaiBOPSJDbWRzIiBSZWZJZD0iMiI § Yes, this is painful +PFROIFJlZklkPSIwIj48VD5TeXN0ZW0uQ29sbG . © Mandiant, A FireEye Company. All rights reserved. 16 Memory Analysis Summary § Timing is everything § Challenging to recover evidence § Many variables § System uptime § Memory utilization § Volume of WinRM activity © Mandiant, A FireEye Company. All rights reserved. 17 Event Logs Event Logs Scenario: Attacker interacts with target host through local PowerShell script execution or PowerShell remoting § Which event logs capture activity? § Level of logging detail? § Differences between PowerShell 2.0 and 3.0? © Mandiant, A FireEye Company. All rights reserved. 19 PowerShell Event Logs § Application Logs § Windows PowerShell.evtx § Microsoft-Windows- PowerShell/Operational.evtx § Microsoft-Windows-WinRM/ Operational.evtx § Analytic Logs § Microsoft-Windows- PowerShell/Analytic.etl § Microsoft-Windows-WinRM/ Analytic.etl © Mandiant, A FireEye Company. All rights reserved. 20 Local PowerShell Execution EID 400: Engine state is changed from None to Available. … HostName=ConsoleHost Start & stop times of PowerShell session EID 403: Engine state is changed PowerShell from Available to Stopped. … HostName=ConsoleHost © Mandiant, A FireEye Company. All rights reserved. 21 Local PowerShell Execution EID 40961: PowerShell console is Start time of starting up PowerShell session EID 4100: Error Message = File C: PowerShell \temp\test.ps1 cannot be loaded Error provides path to Operational** because running scripts is disabled PowerShell script on this system ** Events exclusive to PowerShell 3.0 or greater © Mandiant, A FireEye Company. All rights reserved. 22 Local PowerShell Execution EID 7937: Command test.ps1 is Started. Executed cmdlets, scripts, EID 7937: Command Write-Output is Started. or commands PowerShell (no arguments) Analytic** EID 7937: Command dropper.exe is Started ** Log disabled by default. Events exclusive to PowerShell 3.0 or greater © Mandiant, A FireEye Company. All rights reserved. 23 Remoting EID 6: Creating WSMan Session. The Start of remoting connection string is: 192.168.1.1/wsman? session (client host) PowerShell PSVersion=2.0 EID 400: Engine state is changed from None to Available. … HostName=ServerRemoteHost Start & stop of remoting session EID 403: Engine state is changed from (accessed host) PowerShell Available to Stopped. … HostName=ServerRemoteHost © Mandiant, A FireEye Company. All rights reserved. 24 Remoting (Accessed Host) EID 169: User CORP\MattH Who connected via authenticated successfully using NTLM remoting EID 81: Processing client request for operation CreateShell WinRM Timeframe of Operational remoting activity EID 134: Sending response for operation DeleteShell © Mandiant, A FireEye Company. All rights reserved. 25 Remoting (Accessed Host) EID 32850: Request 7873936. Creating a Who connected via server remote session. UserName: CORP \JohnD remoting EID 32867: Received remoting fragment […] Payload Length: 752 Payload Data: 0x020000000200010064D64FA51E7C784 PowerShell 18483DC[…] Analytic Encoded contents of remoting I/O EID 32868: Sent remoting fragment […] Payload Length: 202 Payload Data: 0xEFBBBF3C4F626A2052656649643D22 30223E3[…] © Mandiant, A FireEye Company. All rights reserved. 26 PS Analytic Log: Encoded I/O Invoke-Command {Get-ChildItem C:\} © Mandiant, A FireEye Company. All rights reserved. 27 PS Analytic Log: Decoded Input Invoke-Command {Get-ChildItem C:\} © Mandiant, A FireEye Company. All rights reserved. 28 PS Analytic Log: Decoded Output Invoke-Command {Get-ChildItem C:\} © Mandiant, A FireEye Company. All rights reserved. 29 Logging via PowerShell Profiles %windir%\system32\WindowsPowerShell\v1.0\profile.ps1 § Add code to global profile § Loads with each local PS session § Start-Transcript cmdlet § Overwrite default prompt function § Limitations § Will not log remoting activity § Can launch PowerShell without loading profiles © Mandiant, A FireEye Company. All rights reserved. 30 Logging via AppLocker § Set Audit or Enforce script rules § Captures user, script path © Mandiant, A FireEye Company. All rights reserved. 31 PowerShell 3.0: Module Logging Solves (almost) all our logging problems! Computer Configuration → Administrative Templates → Windows Components → Windows PowerShell → Turn on Module Logging © Mandiant, A FireEye Company. All rights reserved. 32 Module Logging Example: File Listing Get-ChildItem c:\temp -Filter *.txt -Recurse | Select-String password Microsoft-Windows-PowerShell/Operational (EID 4103) ParameterBinding(Get-ChildItem): name="Filter"; value="*.txt" ParameterBinding(Get-ChildItem): name="Recurse"; value="True" ParameterBinding(Get-ChildItem): name="Path"; value="c:\temp" ParameterBinding(Select-String): name="Pattern"; value="password" ParameterBinding(Select-String): name="InputObject"; value="creds.txt" ... Command Name = Get-ChildItem User = CORP\MHastings Logged upon command execution ParameterBinding(Out-Default): name="InputObject"; value="C:\temp\creds.txt:2:password: secret" ParameterBinding(Out-Default):
Load more

Recommended publications
  • Scoping Changes with Method Namespaces
    Scoping Changes with Method Namespaces Alexandre Bergel ADAM Project, INRIA Futurs Lille, France [email protected] Abstract. Size and complexity of software has reached a point where modular constructs provided by traditional object-oriented programming languages are not expressive enough. A typical situation is how to modify a legacy code without breaking its existing clients. We propose method namespaces as a visibility mechanism for behavioral refine- ments of classes (method addition and redefinition). New methods may be added and existing methods may be redefined in a method namespace. This results in a new version of a class accessible only within the defining method namespace. This mechanism, complementary to inheritance in object-orientation and tradi- tional packages, allows unanticipated changes while minimizing the impact on former code. Method Namespaces have been implemented in the Squeak Smalltalk system and has been successfully used to provide a translated version of a library without ad- versely impacting its original clients. We also provide benchmarks that demon- strate its application in a practical setting. 1 Introduction Managing evolution and changes is a critical part of the life cycle of all software sys- tems [BMZ+05, NDGL06]. In software, changes are modeled as a set of incremental code refinements such as class redefinition, method addition, and method redefinition. Class-based object-oriented programming languages (OOP) models code refinements with subclasses that contain behavioral differences. It appears that subclassing is well adapted when evolution is anticipated. For example, most design patterns and frame- works rely on class inheritance to express future anticipated adaptation and evolution. However, subclassing does not as easily help in expressing unanticipated software evo- lution [FF98a, BDN05b].
    [Show full text]
  • The Rise of Autorun- Based Malware by Vinoo Thomas, Prashanth Ramagopal, and Rahul Mohandas Report the Rise of Autorun-Based Malware
    Report The Rise of AutoRun- Based Malware By Vinoo Thomas, Prashanth Ramagopal, and Rahul Mohandas Report The Rise of AutoRun-Based Malware Table of Contents Abstract 3 The Return of Removable-Disk Malware 3 Distribution of AutoRun-Based Malware 4 AutoRun Woes 6 Incomplete autorun.inf cleaning 7 Traditional detection methods 8 Smart removal of autorun.inf 8 Leveraging In-the-Cloud Computing Technology 10 The Road Ahead 11 About the authors 12 Report The Rise of AutoRun-Based Malware Abstract Most people associate today’s computer viruses and other prevalent malware with the Internet. But that’s not where they started. Lest we forget, the earliest computer threats came from the era of floppy disks and removable media. With the arrival of the Internet, email and network-based attacks became the preferred infection vector for hackers to spread malicious code—while security concerns about removable media took a back seat. Now, however, our attention is returning to plug-in media. Over the years, floppy disks have been replaced by portable hard drives, flash media cards, memory sticks, and other forms of data storage. Today’s removable devices can hold 10,000 times more data than yesterday’s floppy disks. Not only can they store more data, today’s devices are “smart”—with the ability to run portable software programs1 or boot operating systems. 2,3 Seeing the popularity of removable storage, virus authors realized the potential of using this media as an infection vector. And they are greatly aided by a convenience feature in operating systems called AutoRun, which launches the content on a removable disk without any user interaction.
    [Show full text]
  • Hunting Red Team Activities with Forensic Artifacts
    Hunting Red Team Activities with Forensic Artifacts By Haboob Team 1 [email protected] Table of Contents 1. Introduction .............................................................................................................................................. 5 2. Why Threat Hunting?............................................................................................................................. 5 3. Windows Forensic.................................................................................................................................. 5 4. LAB Environment Demonstration ..................................................................................................... 6 4.1 Red Team ......................................................................................................................................... 6 4.2 Blue Team ........................................................................................................................................ 6 4.3 LAB Overview .................................................................................................................................. 6 5. Scenarios .................................................................................................................................................. 7 5.1 Remote Execution Tool (Psexec) ............................................................................................... 7 5.2 PowerShell Suspicious Commands ......................................................................................
    [Show full text]
  • Resource Management: Linux Kernel Namespaces and Cgroups
    Resource management: Linux kernel Namespaces and cgroups Rami Rosen [email protected] Haifux, May 2013 www.haifux.org 1/121 http://ramirose.wix.com/ramirosen TOC Network Namespace PID namespaces UTS namespace Mount namespace user namespaces cgroups Mounting cgroups links Note: All code examples are from for_3_10 branch of cgroup git tree (3.9.0-rc1, April 2013) 2/121 http://ramirose.wix.com/ramirosen General The presentation deals with two Linux process resource management solutions: namespaces and cgroups. We will look at: ● Kernel Implementation details. ●what was added/changed in brief. ● User space interface. ● Some working examples. ● Usage of namespaces and cgroups in other projects. ● Is process virtualization indeed lightweight comparing to Os virtualization ? ●Comparing to VMWare/qemu/scaleMP or even to Xen/KVM. 3/121 http://ramirose.wix.com/ramirosen Namespaces ● Namespaces - lightweight process virtualization. – Isolation: Enable a process (or several processes) to have different views of the system than other processes. – 1992: “The Use of Name Spaces in Plan 9” – http://www.cs.bell-labs.com/sys/doc/names.html ● Rob Pike et al, ACM SIGOPS European Workshop 1992. – Much like Zones in Solaris. – No hypervisor layer (as in OS virtualization like KVM, Xen) – Only one system call was added (setns()) – Used in Checkpoint/Restart ● Developers: Eric W. biederman, Pavel Emelyanov, Al Viro, Cyrill Gorcunov, more. – 4/121 http://ramirose.wix.com/ramirosen Namespaces - contd There are currently 6 namespaces: ● mnt (mount points, filesystems) ● pid (processes) ● net (network stack) ● ipc (System V IPC) ● uts (hostname) ● user (UIDs) 5/121 http://ramirose.wix.com/ramirosen Namespaces - contd It was intended that there will be 10 namespaces: the following 4 namespaces are not implemented (yet): ● security namespace ● security keys namespace ● device namespace ● time namespace.
    [Show full text]
  • Moscow ML .Net Owner's Manual
    Moscow ML .Net Owner's Manual Version 0.9.0 of November 2003 Niels Jørgen Kokholm, IT University of Copenhagen, Denmark Peter Sestoft, Royal Veterinary and Agricultural University, Copenhagen, Denmark This document describes Moscow ML .Net 0.9.0, a port of Moscow ML 2.00 to the .Net platform. The focus is on how Moscow ML .Net differs from Moscow ML 2.0. Three other documents, the Moscow ML Owner’s Manual [7], the Moscow ML Language Overview [5] and the Moscow ML Library Documentation [6] describe general aspects of the Moscow ML system. Moscow ML implements Standard ML (SML), as defined in the 1997 Definition of Standard ML, including the SML Modules language and some extensions. Moreover, Moscow ML supports most re- quired parts of the SML Basis Library. It supports separate compilation and the generation of stand-alone executables. The reader is assumed to be familiar with the .Net platform [2]. Contents 1 Characteristics of Moscow ML .Net 2 1.1 Compiling and linking 2 1.2 Command-line options 3 1.3 Additional primitives in the built-in units 3 1.4 The libraries 4 2 Installation 5 3 External programming interface 5 3.1 How external assemblies are found and loaded 5 3.2 How to call a .Net static method from Moscow ML .Net. 6 3.2.1 An example 7 3.2.2 Passing arguments and using results 7 3.2.3 Representation of ML Values 8 3.2.4 Notes 8 3.2.5 An experimental auto-marshalling import mechanism: clr_val 8 3.3 How to call an ML function from .Net 10 3.3.1 Example 10 3.3.2 Experimental, easier export of ML values via exportVal 11 The Moscow ML home page is http://www.dina.kvl.dk/~sestoft/mosml.html 1 1 Characteristics of Moscow ML .Net Unlike most other ports of Moscow ML, this port is not based on porting the Caml Light runtime, but is based on the creation of a new backend that generates .Net CIL code.
    [Show full text]
  • Dolphin Power Tools User's with Windows Embedded Handheld 6.5
    Dolphin™ Power Tools with Windows® Mobile 6.X for the Dolphin 6000 Scanphone User’s Guide Disclaimer Honeywell International Inc. (“HII”) reserves the right to make changes in specifications and other information contained in this document without prior notice, and the reader should in all cases consult HII to determine whether any such changes have been made. The information in this publication does not represent a commitment on the part of HII. HII shall not be liable for technical or editorial errors or omissions contained herein; nor for incidental or consequential damages resulting from the furnishing, performance, or use of this material. This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HII. © 2011 Honeywell International Inc. All rights reserved. Microsoft® Windows®, Windows NT®, Windows 2000, Windows ME, Windows XP, Windows Vista, Windows .NET Framework, Windows ActiveSync®, and the Windows logo are trademarks or registered trademarks of Microsoft Corporation. The Bluetooth® word mark and logos are owned by Bluetooth SIG, Inc. Other product names or marks mentioned in this document may be trademarks or registered trademarks of other companies and are the property of their respective owners. Web Address: www.honeywellaidc.com Table of Contents Chapter 1 - Introduction Dolphin Power Tools Overview............................................................................................1-1
    [Show full text]
  • Objective C Runtime Reference
    Objective C Runtime Reference Drawn-out Britt neighbour: he unscrambling his grosses sombrely and professedly. Corollary and spellbinding Web never nickelised ungodlily when Lon dehumidify his blowhard. Zonular and unfavourable Iago infatuate so incontrollably that Jordy guesstimate his misinstruction. Proper fixup to subclassing or if necessary, objective c runtime reference Security and objects were native object is referred objects stored in objective c, along from this means we have already. Use brake, or perform certificate pinning in there attempt to deter MITM attacks. An object which has a reference to a class It's the isa is a and that's it This is fine every hierarchy in Objective-C needs to mount Now what's. Use direct access control the man page. This function allows us to voluntary a reference on every self object. The exception handling code uses a header file implementing the generic parts of the Itanium EH ABI. If the method is almost in the cache, thanks to Medium Members. All reference in a function must not control of data with references which met. Understanding the Objective-C Runtime Logo Table Of Contents. Garbage collection was declared deprecated in OS X Mountain Lion in exercise of anxious and removed from as Objective-C runtime library in macOS Sierra. Objective-C Runtime Reference. It may not access to be used to keep objects are really calling conventions and aggregate operations. Thank has for putting so in effort than your posts. This will cut down on the alien of Objective C runtime information. Given a daily Objective-C compiler and runtime it should be relate to dent a.
    [Show full text]
  • GFD.191 Freek Dijkstra, SARA GFSG Richard Hughes-Jones, DANTE Gregory B
    GFD.191 Freek Dijkstra, SARA GFSG Richard Hughes-Jones, DANTE Gregory B. Newby, Arctic Region Supercomputing Center Joel Replogle, Open Grid Forum December 2011 Procedure for Registration of Subnamespace Identifiers in the URN:OGF Hierarchy Status of This Document Community Practice (CP) Copyright Notice Copyright c Open Grid Forum (2011). Some Rights Reserved. Distribution is unlimited. Abstract URNs in the OGF namespace take the form urn:ogf:<snid>:<subnamespace-specific-string>. This document describes the procedure how to register subnamespace identifiers (<snid>) in the urn:ogf: namespace. Contents Abstract ........................................... 1 Contents ........................................... 1 1 introduction ....................................... 3 1.1 Notational Conventions .............................. 3 1.2 Globally Uniqueness of URNs ........................... 3 1.3 Persistency of URNs ................................ 4 2 Selecting a Namespace ................................. 4 3 Canonical Syntax of URN:OGF identifiers ........................ 5 4 Procedure for Registering a Namespace Identifier .................... 6 5 Review Criteria for SNID Proposals ........................... 7 1 GFD.191 December 2011 6 Template for Registering a Namespace Identifier .................... 8 7 Security Considerations ................................. 18 8 Glossary ......................................... 18 9 Contributors ....................................... 19 10 Acknowledgments .................................... 20 Intellectual
    [Show full text]
  • A Baseline for XP Boot Changes AAFS - 26 February 2010
    A Baseline for XP Boot Changes AAFS - 26 February 2010 Ben Livelsberger NIST Information Technology Laboratory CFTT Project 1 Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the products are necessarily the best available for the purpose. 2 Introduction Methodology/Approach Expected Results Analysis/Findings Conclusion 3 Question: What changes on a hard drive when you boot a system? Answer: Sector content of installed devices containing volumes Accessed, write, created date and time metadata Files created Files deleted 4 Build Vanilla XP system not networked Cycle through several boots and shutdowns Image with dd Boot, 2 minutes idle, shutdown, and reimage (5x) Compare images- Linux & perl Analyze differences- perl scripts and SleuthKit Tools 5 Build (vanilla) XP system DCO drive to 12 GB Partitioned 7 GB primary FAT32 2 GB secondary NTFS & 2 GB secondary FAT32 Windows XP Professional SP2 Add user files to secondary partitions 5 files - 2.4 Mb Types: .inf, .pdf, .exe, .ico, & .html 6 2.1 GB secondary NTFS partition.Payload 898,594 of 5 files copied from bootable CD (a 43 unallocated byte autorun.inf, a 17 Kb .pdf, a 2.4 sectors 7.3 GB FAT32 Mb .exe, a 13 Kb .ico, & a 13 Kb .html MBR (boot code, boot partition file). partition table, with XP SP2 Primary extended signature value) installed 2.1 GB secondary partition table + Secondary + 62 sectors) FAT32 partition. 62 sectors) extended partition table + Payload same as 62 sectors) NTFS partition Primary extended Secondary extended partition 7 partition 2.1 GB secondary NTFS partition.Payload of 5 files copied from bootable CD (a 43 byte autorun.inf, a 17 Kb .pdf, a 2.4 7.3 GB FAT32 Mb .exe, a 13 Kb .ico, & a 13 Kb .html boot partition file).
    [Show full text]
  • Namespaces and Templates in C++ Robot Vision Systems - Seminar 1
    Namespaces and Templates in C++ Robot Vision Systems - Seminar 1 Mattias Tiger Cognitive Robotics Group, Knowledge Processing Laboratory Artificial Intelligence and Integrated Computer Systems Division Department of Computer and Information Science Link¨opingUniversity, Sweden Outline Namespaces Templates Template Meta Programming Template Summary Namespace Declaration and usage Using directive Alias Template Arguments/Parametrization Specialization Function and Class templates Some examples Mattias Tiger 2/13 Outline Basics Namespaces Using namespace Templates Namespace Alias Template Meta Programming Namespace Summary Template Summary Structure a program into logical units Manage variable/function shadowing Allow functions and types to have the same name (within different namespaces) int fn(int a) { return a; }// First fn() declaration namespace foo { int fn(int a) { return a+1; }// Second fn() declaration namespace bar {// Nestled namespace int fn(int a) { return a+2; }// Third fn() declaration } } int main() { std::cout << fn(1) <<"\n"; std::cout << foo::fn(1) <<"\n"; std::cout << foo::bar::fn(1) <<"\n"; ... Mattias Tiger 3/13 Outline Basics Namespaces Using namespace Templates Namespace Alias Template Meta Programming Namespace Summary Template Summary The using keyword. namespace foo { int fn(int a) { return a; }// First fn() declaration } namespace bar { int fn(int a) { return a+1; }// Second fn() declaration } using namespace bar;// Remove the need to use bar:: when calling bar::fn() int main() { std::cout << fn(1) <<"\n";// Second fn()(bar::fn()) is called ... Mattias Tiger 4/13 Outline Basics Namespaces Using namespace Templates Namespace Alias Template Meta Programming Namespace Summary Template Summary Namespace alias. namespace foo { int fn(int a) { return a+1; } } namespace bar = foo;// bar is now an alias of foo int main() { std::cout << bar::fn(1) <<"\n";// foo::fn() is called ..
    [Show full text]
  • Asp Net Not Declared Protection Level
    Asp Net Not Declared Protection Level Hewitt never tooth any scarlets forage strenuously, is Izzy psychometrical and sympodial enough? Aroid Noland sometimes challenges any redox capsulize decreasingly. Funicular Vincents still pockmark: fugato and bran-new Gonzalo flyted quite thoughtlessly but inversed her nocturns rashly. Replace two cycles prior to the destination file browser engine and assistance program is probably the protection level security Note: just the sp table, iterating in turn through the children of the instant, it is discouraged as it up introduce errors to registry if nothing done properly and may. Please apply to affirm from constant public gatherings. To ensure provide the competent authorities shall pledge such remedies when granted. Psychosocial predictors for cancer prevention behaviors in workplace using protection motivation theory. We use easily create seperate action methods for act request types. It is quiet usually recommended to redirect all http traffic to https. New York State Update Feb. The full declaration can be viewed here. NCrunch builds fine, Martin Luther King Jr. Pinal Dave is a SQL Server Performance Tuning Expert and an independent consultant. West Virginia remains via the top states in the nation for vaccine distribution on margin per capita basis. Forum post errors, asp table and asp net not declared protection level with a vsto project. This writing help the process protect themselves then other patients. WPF content controls, requiring specific and tailored requests for particular documents or categories of documents relevant rate the empower and not actually available. How would receive do that? Free file explorer extension for Visual Studio. It has grown to lease a protection gun is self experience and vehicle.
    [Show full text]
  • Namespaces In
    NNAAMMEESSPPAACCEESS IINN CC++++ http://www.tutorialspoint.com/cplusplus/cpp_namespaces.htm Copyright © tutorialspoint.com Consider a situation, when we have two persons with the same name, Zara, in the same class. Whenever we need to differentiate them definitely we would have to use some additional information along with their name, like either the area if they live in different area or their mother or father name, etc. Same situation can arise in your C++ applications. For example, you might be writing some code that has a function called xyz and there is another library available which is also having same function xyz. Now the compiler has no way of knowing which version of xyz function you are referring to within your code. A namespace is designed to overcome this difficulty and is used as additional information to differentiate similar functions, classes, variables etc. with the same name available in different libraries. Using namespace, you can define the context in which names are defined. In essence, a namespace defines a scope. Defining a Namespace: A namespace definition begins with the keyword namespace followed by the namespace name as follows: namespace namespace_name { // code declarations } To call the namespace-enabled version of either function or variable, prepend the namespace name as follows: name::code; // code could be variable or function. Let us see how namespace scope the entities including variable and functions: #include <iostream> using namespace std; // first name space namespace first_space{ void func(){ cout << "Inside first_space" << endl; } } // second name space namespace second_space{ void func(){ cout << "Inside second_space" << endl; } } int main () { // Calls function from first name space.
    [Show full text]