if page 2 - Dave's Blog

Search
My timeline on Mastodon

Tweet from Jen Gentleman 🌺

2016 Nov 4, 8:39
If you ever see a dialog box in this style & need to record what it said, instead of typing it out, just CTRL+C ➡📋
PermalinkComments

Parsing WinMD with .NET reflection APIs

2016 Nov 2, 6:13

Parsing WinMD files, the containers of WinRT API metadata, is relatively simple using the appropriate .NET reflection APIs. However, figuring out which reflection APIs to use is not obvious. I've got a completed C sharp class parsing WinMD files that you can check out for reference.

Use System.Reflection.Assembly.ReflectionOnlyLoad to load the WinMD file. Don't use the normal load methods because the WinMD files contain only metadata. This will load up info about APIs defined in that WinMD, but any references to types outside of that WinMD including types found in the normal OS system WinMD files must be resolved by the app code via the System.Reflection.InteropServices.WindowsRuntimeMetadata.ReflectionOnlyNamespaceResolve event.

In this event handler you must resolve the unknown namespace reference by adding an assembly to the NamespaceResolveEventArgs's ResolvedAssemblies property. If you're only interested in OS system WinMD files you can use System.Reflection.InteropServices.WindowsRuntimeMetadata.ResolveNamespace to turn a namespace into the expected OS system WinMD path and turn that path into an assembly with ReflectionOnlyLoad.

PermalinkComments.net code programming winmd winrt

Tweet from Ingvar Stepanyan

2016 Oct 13, 10:02
OH "Careful though, if your pointer is too negative it might end up adressing the machine next to your current one."
PermalinkComments

Tweet from SwiftOnSecurity

2016 Oct 13, 11:02
Give flair to users with 2FA turned on. Make it a status symbol, then public shaming takes over. "U don't have 2FA what if you get hacked?"
PermalinkComments

Tweet from Liz Kreutz

2016 Oct 13, 6:46
For those interested: Clinton said gifs with a hard "G"
PermalinkComments

Tweet from David Risney

2016 Oct 13, 6:34
It is difficult for me to not retweet everything this twitter account says. https://twitter.com/CRASH__N__BURN/status/786653239768940546 â€¦
PermalinkComments

Tweet from Alice Maz

2016 Oct 12, 7:00
here's what the electoral map would look like if we had four political parties none of which won two adjacent states
PermalinkComments

Tweet from Hillary Clinton

2016 Oct 9, 1:44
RT this if you're proud to have Hillary's back tonight. http://hrc.io/2dopSBk 
PermalinkComments

Tweet from Keeper of Lore

2016 Oct 5, 12:08
There's just no hope for infosec pressures if literal exploding products don't kill a company. https://twitter.com/mattblaze/status/783851371858657280 â€¦
PermalinkComments

Tweet from David Risney

2016 Sep 8, 11:22
@thejohnjansen @k_seks right, diff goals like with Pluto. Casual communication vs technical communication
PermalinkComments

Tweet from David Risney

2016 Sep 8, 3:07
If I ask Bing to 'define sandwich' it says 'a town in southeastern Massachusetts, on Cape Cod...' https://www.bing.com/search?q=define%20sandwich â€¦
PermalinkComments

Tweet from David Risney

2016 Sep 2, 8:53
Follow up question: If I'm mistakenly put on an email chain, should I hit "reply all" and link this NYT article? https://twitter.com/belong_io/status/771823316302606337 â€¦
PermalinkComments

Tweet from David Risney

2016 Aug 31, 6:06
Would be nice if CSP could help. CSP can block frame navigating parent but not window navigating opener https://twitter.com/bendhalpern/status/771021574426267648 â€¦
PermalinkComments

Tweet from Shen Ye

2016 Aug 24, 8:50
"an oddly specific number"
PermalinkComments

Tweet from Pwn All The Things

2016 Aug 21, 11:23
If insurance companies said "your premiums will go from $10m to $2m if you parameterize your SQL" SQL-injection would all be dead tomorrow.
PermalinkComments

Tweet from Theater of SciFi

2016 Aug 8, 8:59PermalinkComments

Data breakpoints in JavaScript

2016 Jun 17, 5:44

The other day I had to debug a JavaScript UWA that was failing when trying to use an undefined property. In a previous OS build this code would run and the property was defined. I wanted something similar to windbg/cdb's ba command that lets me set a breakpoint on read or writes to a memory location so I could see what was creating the object in the previous OS build and what that code was doing now in the current OS build. I couldn't find such a breakpoint mechanism in Visual Studio or F12 so I wrote a little script to approximate JavaScript data breakpoints.

The script creates a stub object with a getter and setter. It actually performs the get or set but also calls debugger; to break in the debugger. In order to handle my case of needing to break when window.object1.object2 was created or accessed, I further had it recursively set up such stub objects for the matching property names.

Its not perfect because it is an enumerable property and shows up in hasOwnProperty and likely other places. But for your average code that checks for the existence of a property via if (object.property) it works well.

PermalinkCommentsdebug debugging javascript

WinRT Toast from PowerShell

2016 Jun 15, 3:54

I've made a PowerShell script to show system toast notifications with WinRT and PowerShell. Along the way I learned several interesting things.

First off calling WinRT from PowerShell involves a strange syntax. If you want to use a class you write [-Class-,-Namespace-,ContentType=WindowsRuntime] first to tell PowerShell about the type. For example here I create a ToastNotification object:

[void][Windows.UI.Notifications.ToastNotification,Windows.UI.Notifications,ContentType=WindowsRuntime];
$toast = New-Object Windows.UI.Notifications.ToastNotification -ArgumentList $xml;
And here I call the static method CreateToastNotifier on the ToastNotificationManager class:
[void][Windows.UI.Notifications.ToastNotificationManager,Windows.UI.Notifications,ContentType=WindowsRuntime];
$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppUserModelId);
With this I can call WinRT methods and this is enough to show a toast but to handle the click requires a little more work.

To handle the user clicking on the toast I need to listen to the Activated event on the Toast object. However Register-ObjectEvent doesn't handle WinRT events. To work around this I created a .NET event wrapper class to turn the WinRT event into a .NET event that Register-ObjectEvent can handle. This is based on Keith Hill's blog post on calling WinRT async methods in PowerShell. With the event wrapper class I can run the following to subscribe to the event:

function WrapToastEvent {
param($target, $eventName);

Add-Type -Path (Join-Path $myPath "PoshWinRT.dll")
$wrapper = new-object "PoshWinRT.EventWrapper[Windows.UI.Notifications.ToastNotification,System.Object]";
$wrapper.Register($target, $eventName);
}

[void](Register-ObjectEvent -InputObject (WrapToastEvent $toast "Activated") -EventName FireEvent -Action {
...
});

To handle the Activated event I want to put focus back on the PowerShell window that created the toast. To do this I need to call the Win32 function SetForegroundWindow. Doing so from PowerShell is surprisingly easy. First you must tell PowerShell about the function:

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hwnd);
}
"@
Then to call:
[PInvoke]::SetForegroundWindow((Get-Process -id $myWindowPid).MainWindowHandle);

But figuring out the HWND to give to SetForegroundWindow isn't totally straight forward. Get-Process exposes a MainWindowHandle property but if you start a cmd.exe prompt and then run PowerShell inside of that, the PowerShell process has 0 for its MainWindowHandle property. We must follow up process parents until we find one with a MainWindowHandle:

$myWindowPid = $pid;
while ($myWindowPid -gt 0 -and (Get-Process -id $myWindowPid).MainWindowHandle -eq 0) {
$myWindowPid = (gwmi Win32_Process -filter "processid = $($myWindowPid)" | select ParentProcessId).ParentProcessId;
}
PermalinkComments.net c# powershell toast winrt

Tweet from wilkie

2016 Jun 4, 11:27
they've really doubled down on the "world-ending ritual chamber" look and feel for wifi routers these days
PermalinkComments

Windows Store App WebView Cross Origin XMLHttpRequest Behavior

2016 Jun 2, 6:45

TL;DR: Web content in a JavaScript Windows Store app or WebView in a Windows Store app that has full access to WinRT also gets to use XHR unrestricted by cross origin checks.

By default web content in a WebView control in a Windows Store App has the same sort of limitations as that web content in a web browser. However, if you give the URI of that web content full access to WinRT, then the web content also gains the ability to use XMLHttpRequest unrestricted by cross origin checks. This means no CORS checks and no OPTIONS requests. This only works if the web content's URI matches a Rule in the ApplicationContentUriRules of your app's manifest and that Rule declares WindowsRuntimeAccess="all". If it declares WinRT access as 'None' or 'AllowForWebOnly' then XHR acts as it normally does.

In terms of security, if you've already given a page access to all of WinRT which includes the HttpRequest class and other networking classes that don't perform cross origin checks, then allowing XHR to skip CORS doesn't make things worse.

PermalinkCommentsjavascript uwa uwp web webview windows winrt xhr
Older EntriesNewer Entries Creative Commons License Some rights reserved.