DOCSLIB.ORG

Dark.Netdark.Net

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Dark.NetDark.Net gasgasgasgas 1 簡介簡介 MalwareMalware DotDot NetNet FrameworkFramework .net.net rootkitrootkit AntiAnti techtech QQ && AA 2 MalwareMalware 3 MalwareMalware VirusVirus BackdoorBackdoor TrojanTrojan horsehorse RootkitRootkit ScarewareScareware AdwareAdware WormWorm 4 InfectInfect ExecutableExecutable InterpretedInterpreted filefile KernelKernel ServiceService MBRMBR HypervisorHypervisor 5 HypervisorHypervisor rootkitrootkit AppApp AppApp TargetTarget OSOS HardwareHardware 6 HypervisorHypervisor rootkitrootkit AppApp AppApp RogueRogue appapp TargetTarget OSOS HostHost OSOS VirtualVirtual machinemachine monitormonitor HardwareHardware 7 MalwareMalware designdesign && techtech MetamorphismMetamorphism ObfuscationsObfuscations AntiAnti--emulationemulation AntiAnti--VirtualVirtual MachineMachine AntiAnti--debuggersdebuggers RootkitRootkit TechnologyTechnology 8 MetamorphismMetamorphism push ecx mov ecx, [ebp + 10] push ecx mov ecx, ebp mov ecx, ebp push eax push eax add eax, 2342 push ecx mov eax, 33 mov eax, 33 mov ecx,ebp add ecx, eax add ecx, eax push ecx mov [ebp - 3], eax add ecx,33 pop eax pop eax mov ecx,ebp push esi mov eax, esi add ecx,33 mov esi,ecx push esi push eax mov [ecx-36],eax sub esi,34 mov esi, ecx mov esi, ecx pop ecx mov [esi-2],eax push edx push edx pop esi xor edx, 778f pop ecx mov edx, 34 mov edx, 34 sub esi, edx sub esi, edx pop edx pop edx mov [esi - 2], eax mov [esi-2], eax pop esi pop esi pop ecx pop ecx 9 ObfsucationsObfsucations NORMAL CALL OBFUSCATED CALL L0a: push L1 L0b: push L5 L0: call L5 L0c: ret L1: … L1: … L2: … L2: … L3: … L3: … L4: … L4: … L5: <proc> L5: <proc> L6: … L6: … Call Obfsucations to prevent static analysis 10 AntiAnti--emulationemulation vsvs antianti--debugdebug AntiAnti--debugdebug • Hide the fact that someone with a debugger is stepping/monitoring your program • Focus in differences in system when a debugger is active vs not Memory structures Time usage (ticks) API behaviour Suspicious windows/drivers/services, e.g. debug rights without asking… 11 AntiAnti--emulationemulation vsvs AntiAnti--debugdebug AntiAnti--emulationemulation • There is no debugger to hide • Detect the difference between an emulated system and a real system Access complex resources, use complex calculations Detect limitations which are not possible (or very time consuming) to emulate Use (or setup) exotic APIs so they deliver a specific error condition • Can this be used against it? WhatWhat isis virtualvirtual machinemachine detection?detection? 12 ChallengeChallenge ForFor EmulatorsEmulators Code that “does the bad stuff” is hidden in many ways • Runtime libraries • Compressors UPX, FSG, PEC… • Encryptors Simple or advanced runtime encryption • Protectors SVKP, Themida… • Installers Nullsoft, RARSFX, ZIPSFX etc • Embedded dropped components Libraries/services, kernel drivers, scripts, executables etc. What to do with a single component; DLL or driver? • Download links Download malware components in proprietary formats & protocols • Bad records inside file formats (like XLS, JPG etc) Exploits to run binary code 13 AntiAnti EmulatorEmulator CodeCode CreateFileACreateFileA (e.g.(e.g. "C:"C:\\WINDOWSWINDOWS\\SYSTEM32SYSTEM32\\driversdrivers\\ntfs.sys)ntfs.sys) GetFileSizeGetFileSize (0x0000002A,0x00000000)(0x0000002A,0x00000000) WriteProcessMemoryWriteProcessMemory (0xFFFFFFFF,0x0043661D,STACK_ADDR,0(0xFFFFFFFF,0x0043661D,STACK_ADDR,0 x00000004,0x00000000)x00000004,0x00000000) EnumWindowStationsAEnumWindowStationsA()() -->> callbackcallback EnumServicesStatusAEnumServicesStatusA()() -->> lookinglooking forfor standardstandard servicesservices 14 AntiAnti--VirtualVirtual MachinesMachines Pseudo code: IF detect_vmware THEN do nothing, destroy self, destroy system ELSE Continue with malware payload DASHER Variant Disassembly Example: PS______:00401D51 push offset aNetStartFindst ; "net start | findstr VMware && echo VMwa"... PS______:00401D52 push edi PS______:00401D53 call sub_402148 PS______:00401D58 lea eax, [ebp+var_300] PS______:00401D5E push eax PS______:00401D5F push offset aNetStartFind_0 ; "net start | findstr Virtual &&echo Vir"... PS______:00401D64 push edi PS______:00401D65 call sub_402148 PS______:00401D6A push offset aDel0 ; "del %%0\r\n“ 15 AntiAnti--debuggersdebuggers MakingMaking reversereverse--engineeringengineering andand disassemblydisassembly painfulpainful • Polymorphism • Encryption • Interrupt disabling • Debugger detection Behavior modification Crashing debugger 16 FormsForms ofof RootkitRootkit KERNELKERNEL--LEVELLEVEL SYSTEMSYSTEM ACCESSACCESS APPLICATIONAPPLICATION--LEVELLEVEL 17 SystemSystem ServiceService CallCall CycleCycle User Application call to CreateFile API return CreateFile result Kernel32.DLL call stub NtCreateFile API return NtCreateFile result USER MODE NTDLL.DLL EAX = 0x00000020 Switch Back to USER call INT 2Eh MODE KERNEL MODE NTOSKRNL.EXE 18 NTDLLNTDLL InterfaceInterface Kernel32.DLL imports solely on the library NTDLL.DLL NTDLL.DLL is an interface to Int 2Eh function of Windows NT Int 2Eh signals a need to switch from user mode to kernel mode Int 2Eh is internally known as KiSystemService(). Int 2Eh handler looks up on a table in NTOSKRNL called KeServiceDescriptorTable() 19 NTOSKRNLNTOSKRNL ExportsExports The structure of KeServiceDescriptorTable: typedef struct ServiceDescriptorTable { PVOID ServiceTableBase; PVOIDServiceCounterTable(0); unsigned int NumberOfServices; PVOID ParamTableBase; } 20 GettingGetting IntoInto TheThe RootRoot Application: Call to CreateFile() API Kernel32.DLL: Call to NtCreateFile() -- Native API NTDLL.DLL Invokes KiSystemService() NTOSKRNL.EXE: Call to KeServiceDescriptor Table 21 KeServiceDescriptorKeServiceDescriptor TableTable ServiceTableBase ParamTableBase … … 0x20 @ NtCreateFile 0x2C bytes … … 0x29 @NtCreateProcess 0x20 bytes … 0x6A @ NtOpenProcess 0x10 bytes … … … 22 HookingHooking SystemSystem ServiceService ChooseChoose aa systemsystem serviceservice exportedexported byby NTOSKRNL.EXENTOSKRNL.EXE ObtainObtain thethe addressaddress ofof thisthis functionfunction VerifyVerify ifif thethe functionfunction startsstarts withwith aa MOVMOV EAX,EAX, 0xXXXXXXXX0xXXXXXXXX construct.construct. RetrieveRetrieve thethe indexindex valuevalue associatedassociated withwith thethe function.function. 23 HookingHooking SystemSystem ServiceService Example of NTDLL Exported Functions 24 HookingHooking SystemSystem ServiceService ImportImport thethe undocumentedundocumented structurestructure KeServiceDescriptorTableKeServiceDescriptorTable.. LocateLocate thethe functionfunction indexindex OverwriteOverwrite thethe correspondingcorresponding ServiceTableBaseServiceTableBase valuevalue withwith thethe newnew systemsystem serviceservice handlerhandler 25 APIAPI Hooking:Hooking: IATIAT ModificationModification PE File Before IAT Patching Headers Code Section CALL [CreateFileA] Kernel32.dll Import Section CreateFileA(): CreateFileA: … 0x12345678 26 APIAPI Hooking:Hooking: IATIAT ModificationModification PE File Before IAT Patching Headers Hook: Code Section JMP 0x12345678 CALL [CreateFileA] Kernel32.dll Import Section CreateFileA(): CreateFileA: … Addr of Hook 27 APIAPI Hooking:Hooking: DynamicDynamic CodeCode PatchingPatching Original FindNextFile() API Function FindNextFileA: 195D6: 55 PUSH EBP 195D7: 8BEC MOV EBP, ESP 195D9: 81EC60020000 SUB ESP, 260 Continue_Here: 194DF: 53 PUSH EBX 195E0: 8D85A0FDFFFF LEA EAX, [EBP-260] 195DF: XX <…original code continues…> 28 APIAPI Hooking:Hooking: DynamicDynamic CodeCode PatchingPatching Patched FindNextFile() API Function FindNextFileA: 195D6: E9XXXXXXXX JMP Hook 195DB: 90 NOP 195DC: 90 NOP 195DD: 90 NOP 195DE: 90 NOP Continue_Here: 194DF: 53 PUSH EBX 195E0: 8D85A0FDFFFF LEA EAX, [EBP-260] 195DF: XX <…original code continues…> Hook: <process params> call Saved_Original <alter data> ret 29 DLLDLL InjectionInjection Using Malware Process CreateRemoteThread(), a call to LoadLibrary() Call to CreateRemoteThread() API of can cause a malicious DLL to be loaded on the remote Victim Process process’ address space. Call to LoadLibrary() Malicious DLL 30 DirectDirect MemoryMemory WritingWriting Attacking Process Victim Process HEADERS HEADERS Code Section Code Section VirtualAllocEx() Heap VirtualProtectEx() WriteProcessMemory() Install_Hooks(); CreateRemoteThread() Patching Another Process 31 DotDot NetNet FrameWorkFrameWork 32 What is Microsoft .NET? WhatWhat isis .NET?.NET? •• NewNew MicrosoftMicrosoft FrameworkFramework forfor thethe InternetInternet DevelopmentDevelopment Environment.Environment. •• ItIt isis aa protocolprotocol stackstack andand computingcomputing modelmodel forfor TCPI/IPTCPI/IP--based,based, distributeddistributed computing.computing. •• TheThe .NET.NET EnterpriseEnterprise serversservers areare builtbuilt forfor interoperabilityinteroperability fromfrom thethe groundground up,up, usingusing openopen WebWeb standardsstandards suchsuch asas XMLXML withwith increasedincreased scalabilityscalability andand reliability.reliability. 33 .NET Architecture Overview 34 Common Language Runtime (CLR) .NET applications are compiled to a common language known as Microsoft Intermediate Language, or "IL". The CLR, then, handles compiling the IL to machine language, at which point the program is executed. The CLR architecture provides expansive tool support , simpler deployment (end of "DLL Hell"), superior scalability, support for multiple programming languages and a common data type system 35 ECMAECMA--335335 36 Common Language
Recommended publications
  • Interview Questions ASP.NET

    Interview Questions ASP.NET

    Interview Questions ASP.NET 1. Describe the role of inetinfo.exe, aspnet_isapi.dll andaspnet_wp.exe in the page loading process. inetinfo.exe is theMicrosoft IIS server running, handling ASP.NET requests among other things.When an ASP.NET request is received (usually a file with .aspx extension),the ISAPI filter aspnet_isapi.dll takes care of it by passing the request tothe actual worker process aspnet_wp.exe. 2. What’s the difference between Response.Write() andResponse.Output.Write()? The latter one allows you to write formattedoutput. 3. What methods are fired during the page load? Init() - when the pageis instantiated, Load() - when the page is loaded into server memory,PreRender() - the brief moment before the page is displayed to the user asHTML, Unload() - when page finishes loading. 4. Where does the Web page belong in the .NET Framework class hierarchy? System.Web.UI.Page 5. Where do you store the information about the user’s locale? System.Web.UI.Page.Culture 6. What’s the difference between Codebehind="MyCode.aspx.cs" andSrc="MyCode.aspx.cs"? CodeBehind is relevant to Visual Studio.NET only. 7. What’s a bubbled event? When you have a complex control, like DataGrid, writing an event processing routine for each object (cell, button, row, etc.) is quite tedious. The controls can bubble up their eventhandlers, allowing the main DataGrid event handler to take care of its constituents. 8. Suppose you want a certain ASP.NET function executed on MouseOver overa certain button. Where do you add an event handler? It’s the Attributesproperty, the Add function inside that property.
  • Programming with Windows Forms

    Programming with Windows Forms

    A P P E N D I X A ■ ■ ■ Programming with Windows Forms Since the release of the .NET platform (circa 2001), the base class libraries have included a particular API named Windows Forms, represented primarily by the System.Windows.Forms.dll assembly. The Windows Forms toolkit provides the types necessary to build desktop graphical user interfaces (GUIs), create custom controls, manage resources (e.g., string tables and icons), and perform other desktop- centric programming tasks. In addition, a separate API named GDI+ (represented by the System.Drawing.dll assembly) provides additional types that allow programmers to generate 2D graphics, interact with networked printers, and manipulate image data. The Windows Forms (and GDI+) APIs remain alive and well within the .NET 4.0 platform, and they will exist within the base class library for quite some time (arguably forever). However, Microsoft has shipped a brand new GUI toolkit called Windows Presentation Foundation (WPF) since the release of .NET 3.0. As you saw in Chapters 27-31, WPF provides a massive amount of horsepower that you can use to build bleeding-edge user interfaces, and it has become the preferred desktop API for today’s .NET graphical user interfaces. The point of this appendix, however, is to provide a tour of the traditional Windows Forms API. One reason it is helpful to understand the original programming model: you can find many existing Windows Forms applications out there that will need to be maintained for some time to come. Also, many desktop GUIs simply might not require the horsepower offered by WPF.
  • GOTOHELL.DLL: Software Dependencies and The

    GOTOHELL.DLL: Software Dependencies and The

    GOTOHELL.DLL Software Dependencies and the Maintenance of Microsoft Windows Stephanie Dick Daniel Volmar Harvard University Presented at “The Maintainers: A Conference” Stephens Institute of Technology, Hoboken, NJ April 9, 2016 Abstract Software never stands alone, but exists always in relation to the other soft- ware that enables it, the hardware that runs it, and the communities who make, own, and maintain it. Here we consider a phenomenon called “DLL hell,” a case in which those relationships broke down, endemic the to Mi- crosoft Windows platform in the mid-to-late 1990s. Software applications often failed because they required specific dynamic-link libraries (DLLs), which other applications may have overwritten with their own preferred ver- sions. We will excavate “DLL hell” for insight into the experience of modern computing, which emerged from the complex ecosystem of manufacturers, developers, and users who collectively held the Windows platform together. Furthermore, we propose that in producing Windows, Microsoft had to balance a unique and formidable tension between customer expectations and investor demands. Every day, millions of people rely on software that assumes Windows will behave a certain way, even if that behavior happens to be outdated, inconvenient, or just plain broken, leaving Microsoft “on the hook” for the uses or abuses that others make of its platform. Bound so tightly to its legacy, Windows had to maintain the old in order to pro- mote the new, and DLL hell highlights just how difficult this could be. We proceed in two phases: first, exploring the history of software componenti- zation in order to explain its implementation on the Windows architecture; and second, defining the problem and surveying the official and informal means with which IT professionals managed their unruly Windows systems, with special attention paid to the contested distinction between a flaw on the designer’s part and a lack of discipline within the using community.
  • Appendixes APPENDIX A

    Appendixes APPENDIX A

    PART 8 Appendixes APPENDIX A COM and .NET Interoperability The goal of this book was to provide you with a solid foundation in the C# language and the core services provided by the .NET platform. I suspect that when you contrast the object model provided by .NET to that of Microsoft’s previous component architecture (COM), you’ll no doubt be con- vinced that these are two entirely unique systems. Regardless of the fact that COM is now considered to be a legacy framework, you may have existing COM-based systems that you would like to inte- grate into your new .NET applications. Thankfully, the .NET platform provides various types, tools, and namespaces that make the process of COM and .NET interoperability quite straightforward. This appendix begins by examin- ing the process of .NET to COM interoperability and the related Runtime Callable Wrapper (RCW). The latter part of this appendix examines the opposite situation: a COM type communicating with a .NET type using a COM Callable Wrapper (CCW). ■Note A full examination of the .NET interoperability layer would require a book unto itself. If you require more details than presented in this appendix, check out my book COM and .NET Interoperability (Apress, 2002). The Scope of .NET Interoperability Recall that when you build assemblies using a .NET-aware compiler, you are creating managed code that can be hosted by the common language runtime (CLR). Managed code offers a number of ben- efits such as automatic memory management, a unified type system (the CTS), self-describing assemblies, and so forth. As you have also seen, .NET assemblies have a particular internal compo- sition.
  • A Programmer's Introduction to Visual Basic.NET

    A Programmer's Introduction to Visual Basic.NET

    00 2203-x FM 5/25/01 9:57 AM Page i Dear Reader, I wanted to take this opportunity to explain the rationale behind this book showing up on your shelf for free. Quite some time ago, Sams Publishing determined that the next big thing to hit the programmer/developer community would be Microsoft’s Visual Studio.NET and the .NET Framework. After discussions with many of you, our authors and key Microsoft team members, Sams dedicated itself to a strategy that would support your efforts to learn the .NET Framework as efficiently and as quickly as possible. A Programmer’s Introduction to Visual Basic.NET is the perfect example of how our strong relationship with Microsoft and our dedication to bring- ing you authors who are already respected sources in the community suc- cessfully blend and show that Sams Publishing is the source for .NET learning. Bringing you a Beta2 compliant book by May 2001 was not an easy task. Sams called upon a respected author, Craig Utley, to take on this project. Craig holds a unique place in the VB community where he has been devel- oping in VB since version 1.0. He brings years of experience as a trainer, writer, and speaker to this project and gives you the solid reference you need to make the transition from VB to VB.NET. I hope this book gives you the tools you need to begin to learn VB.NET. I invite your comments and ideas as I work to make Sams the publisher you look to as your .NET learning resource.
  • Installation Guide for the XM Scaled Topology a Guide to Installing the Sitecore XM Scaled Topology

    Installation Guide for the XM Scaled Topology a Guide to Installing the Sitecore XM Scaled Topology

    Installation Guide for the XM Scaled Topology A guide to installing the Sitecore XM scaled topology August 31, 2021 Sitecore Experience Platform 9.3.0 Installation Guide for the XM Scaled Topology Table of Contents 1. Choosing a topology .................................................................................................................. 4 1.1. On-premise topology options .............................................................................................. 5 2. Sitecore Installation Framework ................................................................................................. 7 2.1. Set up Sitecore Installation Framework ............................................................................... 7 2.1.1. Install the SIF Module using MyGet ............................................................................... 7 2.1.2. Validate the installation ................................................................................................ 8 2.1.3. Run multiple versions of SIF ......................................................................................... 8 2.1.4. Run a specific version of SIF .......................................................................................... 8 2.2. Install Sitecore Installation Framework manually ................................................................. 9 2.2.1. Unblock a .zip package ................................................................................................. 9 2.2.2. Extract the Sitecore Installation Framework
  • Managing the Evolution of .NET Programs

    Managing the Evolution of .NET Programs

    Managing the Evolution of .NET Programs Susan Eisenbach, Vladimir Jurisic and Chris Sadler Department of Computing Imperial College London, UK SW7 2BZ [sue, vj98]@doc.ic.ac.uk School of Computing Science Middlesex University London, UK N14 4YZ [email protected] Abstract Programs in the .NET environment consist of collaborating software components, and the Common Language Runtime has been designed in such a way that linking occurs ‘just-in-time’. This offers a good platform for transpar- ent evolution, provided that compatibility can be maintained between service- providing components and their clients. One goal of program evolution is to use the most recent version of each com- ponent that will actually link. We propose a model of a cache of interdepen- dent evolving components with operations defined to update this cache safely. A demonstration tool Dejavue.NET implements these ideas. 1 Introduction The dynamic link library (DLL) was invented to allow applications running on a sin- gle system to share code. Sharing code in this way confers several distinct benefits. In the first place, applications both when running in memory and when stored on disk are likely to be smaller because duplicated code has been eliminated. In the second place, applications accessing common code share a common functionality so they all do cer- tain things in the same way. This is good for the users, who get a reliable and predictable user interface. It is also makes the operating system design more straightforward, with provision of access to certain facilities through narrow and well-defined interfaces. The main benefit however, arises when the DLL needs to be corrected or enhanced – in other words, to evolve.
  • An Overview of Security in the .NET Framework

    An Overview of Security in the .NET Framework

    An Overview of Security in the .NET Framework (also at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/netframesecover.asp, but may be dated) Dr. Demien Watkins, Project 42 Sebastian Lange, Microsoft Corporation January 2002 Summary: The fundamental features in the Microsoft .NET Framework security system are profiled, including the ability to confine code to run in tightly constrained, administrator-defined security contexts for a dynamic download and execution, and remote execution, model. Introduction Security is one of the most important issues to consider when moving from traditional program development, where administrators often install software to a fixed location on a local disk, to an environment that allows for dynamic downloads and execution and even remote execution. To support this model, the Microsoft .NET Framework provides a rich security system, capable of confining code to run in tightly constrained, administrator-defined security contexts. This paper examines some of the fundamental security features in the .NET Framework. Many security models attach security to users and their groups (or roles). This means that users, and all code run on behalf of these users, are either permitted or not permitted to perform operations on critical resources. This is how security is modeled in most operating systems. The .NET Framework provides a developer defined security model called role-based security that functions in a similar vein. Role Based Security’s principal abstractions are Principals and Identity. Additionally, the .NET Framework also provides security on code and this is referred to as code access security (also referred to as evidence-based security).
  • Smart Client Architecture and Design Guide

    Smart Client Architecture and Design Guide

    Smart Client Architecture and Design Guide Foreword by Mark Boulter Smart Client Architecture and Design Guide patterns & practices David Hill, Microsoft Corporation Brenton Webster, Microsoft Corporation Edward A. Jezierski, Microsoft Corporation Srinath Vasireddy, Microsoft Corporation Mo Al-Sabt, Microsoft Corporation Blaine Wastell, Ascentium Corporation Jonathan Rasmusson, ThoughtWorks Paul Gale, ThoughtWorks Paul Slater, Wadeware LLC Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2004 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, BizTalk, InfoPath, MSDN, Outlook, Visual Basic, Visual C++, Visual C#, Visual Studio, and Win32 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
  • NET Framework Overview

    NET Framework Overview

    .NET Framework Overview .NET Framework, CLR, MSIL, Assemblies, CTS, etc. Svetlin Nakov Telerik Corporation www.telerik.com Table of Contents 1. What is .NET? Microsoft .NET platform architecture 2. What is .NET Framework? .NET Framework Architecture 3. Common Language Runtime (CLR) 4. Managed Code 5. Intermediate Language MSIL 6. Assemblies and Metadata 7. .NET Applications Table of Contents (2) 8. Common Language Infrastructure (CLI) and integration of different languages Common Language Specification (CLS) Common Type System (CTS) 9. Framework Class Library 10. Integrated Development Environment Visual Studio .NET Framework Microsoft's Platform for Application Development What is the .NET Platform? The .NET platform Microsoft's platform for software development Unified technology for development of almost any kind of applications GUI / Web / RIA / mobile / server / cloud / etc. .NET platform versions .NET Framework Silverlight / Windows Phone 7 .NET Compact Framework What is .NET Framework? .NET Framework An environment for developing and executing .NET applications Unified programming model, set of languages, class libraries, infrastructure, components and tools for application development Environment for controlled execution of managed code It is commonly assumed that .NET platform == .NET Framework .NET Framework Components Common Language Runtime (CLR) Environment for controlled execution of programmed code – like a virtual machine Executes .NET applications Framework Class Library (FCL) Standard class library
  • Windows XP Technical Overview

    Windows XP Technical Overview

    Operating System Windows XP Technical Overview Microsoft Corporation Published: May 2001 Abstract This paper provides a technical overview of what’s new in the Microsoft® Windows® XP operating system. It shows how new technologies and features make it easier to get work done, share information, manage your desktop, stay productive while traveling with a mobile computer, obtain help and support, and perform many other computing tasks. Because this paper is an overview, it does not address any area in detail but provides a broad look at the many new technologies and features in Windows XP. This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.
  • Method, 365, 376, 383 Activator.Createinstance()

    Method, 365, 376, 383 Activator.Createinstance()

    Index A CreditRisks tables, 854 DBTransaction, 853 Abstract stream members, 765 IDbTransaction interface, 853 Accelerate() method, 365, 376, 383 ProcessCreditRisk(), 855 Activator.CreateInstance() method, 607 Rollback(), 854 Active Data Objects (ADO). see ADO.NET save points, 854 Adaptive rendering, 1396 test, 857 Add() method, 362 data providers AddAsync() method, 1554–1555 application configuration files, 813 AddComplete() method, 705–706 benefit, 802 add_Exploded() method, 377 C# Console Application project, 812 Add() method, 698, 702, 1588 centric namespaces, 806 AddOne() method, 723 core objects, 802 AddPerson(), 401 DBMS, 803 AddWithThreads, 745 factory pattern (see Data provider ADO.NET factory model) AutoLot database creation IDbConnection parameter, 811 adding test records, 818 Microsoft, 804 Customers and Orders tables, 820 Microsoft SQL Server, 813 GetPetName() stored procedure, 819 System.Data.OracleClient.dll, 805 Inventory table creation, 815 third-party, 805 table relationships, in Visual Studio, 822 data readers connected layer of, 801 DbDataReader type, 835 AutoLotDataReader, 830 ExecuteReader(), 835 command objects, 834 multiple result sets, 836 connection objects, 830 Read() method, 835 ConnectionStringBuilder objects, 833 string/int, 835 data reader object, 829 DataSets, 800 Console UI–based front end DataTable, 403 AutoLotCUIClient, 846 disconnected layer, 802 <connectionStrings> element, 847 EF, 802 DeleteCar() method, 850 reusable data access library InsertNewCar() method, 850 AutoLotDAL, 838 ListInventory() method,