如何使用 VS 2010 或 VS 2013 分析签名程序集

发布于 2024-08-30 09:36:34 字数 272 浏览 4 评论 0原文

我有一个使用 AjaxControlToolkit.dll 和 Log4Net.dll 的网站。

当我尝试在 VS 2010 中运行性能分析工具时,它会给出以下警告:

AjaxControlToolkit.dll 已签名,对其进行检测将使其签名无效。如果您在没有仪器后事件的情况下继续对二进制文件进行重新签名,则可能无法正确加载。

现在,如果我选择继续而不重新签名,分析将开始,但程序集不会加载并给出 ASP.NET 异常。

I have a website that uses AjaxControlToolkit.dll and Log4Net.dll.

When I try to run the performance profiling tool in VS 2010 on it it gives me the following warning:

AjaxControlToolkit.dll is signed and instrumenting it will invalidate its signature. If you proceed without a post-instrument event to re-sign the binary it may not load correctly.

Now, if I choose the option to continue without re-signing, the profiling starts but the assembly doesn't load and gives an ASP.NET exception.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

妄司 2024-09-06 09:36:34

如果您在开发计算机上执行此操作,则可以使用 sn -Vr * 完全禁用强名称验证。如果你这样做了,你就不必辞职。这种方法可能存在安全风险,但如果您对此感到满意,它比辞职更容易。

具体来说,来自MSDN,它说:

注册程序集以跳过验证。或者,您可以指定以逗号分隔的用户名列表。如果指定 infile,则验证保持启用状态,但在验证操作中使用 infile 中的公钥。可以以*,强名称的形式指定程序集,以注册具有指定强名称的所有程序集。强名称应指定为表示公钥标记形式的十六进制数字字符串。请参阅 -t 和 -T 选项来显示公钥令牌。

以及安全风险:

警告:仅在开发期间使用此选项。将程序集添加到跳过验证列表会产生安全漏洞。恶意程序集可以使用添加到跳过验证列表的程序集的完全指定的程序集名称(程序集名称、版本、区域性和公钥令牌)来伪造其身份。这将允许恶意程序集也跳过验证。

If you're doing this on a development machine, you can disable strong name verification altogether with sn -Vr *. If you do this, you don't have to resign anything. This approach can be a security risk, but if you are comfortable with it, it's easier than resigning.

Specifically, from MSDN, it says:

Registers assembly for verification skipping. Optionally, you can specify a comma-separated list of user names. If you specify infile, verification remains enabled, but the public key in infile is used in verification operations. Assembly can be specified in the form *, strongname to register all assemblies with the specified strong name. Strongname should be specified as the string of hexadecimal digits representing the tokenized form of the public key. See the -t and -T options to display the public key token.

And the security risk:

Caution: Use this option only during development. Adding an assembly to the skip verification list creates a security vulnerability. A malicious assembly could use the fully specified assembly name (assembly name, version, culture, and public key token) of the assembly added to the skip verification list to fake its identity. This would allow the malicious assembly to also skip verification.

思念绕指尖 2024-09-06 09:36:34

ghusse 链接到 博客文章给出了答案。答案在那里描述。正如他指出的,您必须在每个签名的程序集上使用仪器后事件。

最简单的方法是直接调用 sn.exe

"C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\sn.exe" -R [pathOfDll] [pathOfSNK]

请注意,[pathOfDll] 位于与项目关联的目录 obj\Debug 中。

ghusse linked to a blog post giving the answer. The answer is described there. As he points out, you have to use a post-instrument event on each signed assembly.

It's easiest to call sn.exe directly:

"C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\sn.exe" -R [pathOfDll] [pathOfSNK]

Note that [pathOfDll] is located in the directory obj\Debug associated to the project.

-残月青衣踏尘吟 2024-09-06 09:36:34

答案描述

我无法设法使其在安装 VS 2010 时“按原样”工作。我必须在每个 dll 上调用此命令行作为构建后事件:

"C:\Program Files\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"   & sn -Ra [pathOfDll] [pathOfSNK]

请注意,[pathOfDll] 位于在与项目关联的目录 obj\Debug 中。

The answer is described here. You have to use a post-instrument event on each signed assembly.

I could not manage to make it work "as is" with my installation of VS 2010. I had to call this command line as a post-build event on each dll :

"C:\Program Files\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"   & sn -Ra [pathOfDll] [pathOfSNK]

Note that [pathOfDll] is located in the directory obj\Debug associated to the project.

能否归途做我良人 2024-09-06 09:36:34

对已签名的二进制文件(尚未重新签名)进行检测工作的最简单方法是完全禁用签名检查。这是一个机器范围的设置,您可以通过注册 * 模式的例外来激活它:

sn.exe -Vr *

此命令必须从提升的命令提示符执行。您将在 SDK 中找到 sn.exe(在我的例子中,我在 C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin 中找到它) >)。

完成测试后,您应该取消注册异常:

sn.exe -Vu *

否则您的计算机可能容易受到恶意代码的攻击,因为即使程序集已被篡改,它们也将受到信任。

另请参阅在 Windows 7 上运行 sn.exe 时访问被拒绝

The easiest way to get instrumentation work on signed binaries, which have not been re-signed, is to disable signature checks altogether. This is a machine wide setting that you can activate by registering an exception for the * pattern:

sn.exe -Vr *

This command must be executed from an elevated command prompt. You will find sn.exe in the SDK (in my case, I found it in C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin).

When you are finished with testing, you should unregister the exception:

sn.exe -Vu *

or else your machine could be vulnerable to malicious code, since assemblies will be trusted even if they have been tampered with.

See also Access denied running sn.exe on Windows 7.

写下不归期 2024-09-06 09:36:34

探查器可能会更改程序集,因为它之前已签名。
显然,您需要添加一个重新签署程序集的仪器后操作。

这可能是一个问题,因为您没有用于签署第 3 方程序集的 sn 文件。

The profiler probably changes the assembly and because it was previously signed.
Apparently you need to add a post-instrument action that re-signs the assembly.

This could be a problem because you do not have the sn file that was used to sign the 3rd party assemblies.

放赐 2024-09-06 09:36:34

可能在这里采取了懒惰的学习新事物的方式,但我最终通过编写一个 powershell 脚本来取消签署我的解决方案中的所有项目来解决这个问题 - 工作得很好。作为脚本的一部分,我保存了原始的 csproj 文件,以便之后可以恢复它们。 (您也可以撤消源代码管理中的更改)。

http://pastebin.com/UbABvz7d

应该能够通过传递 -revert 开关调用它来恢复。

Might have taken the lazy learning-new-things-free way out here, but I ended up solving this by writing a powershell script to unsign all the projects in my solution -- worked just fine. As part of the script, I save the original csproj files so I can revert them after. (you could also just undo changes in source control).

http://pastebin.com/UbABvz7d

should be able to revert by calling it passing the -revert switch.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文