简体繁体 English

如何知道原生方法是安全/不安全的？

[英]How to know if native method is safe / unsafe?

原文 2010-12-22 16:41:03 9 3 c#/ interop

I implement this function : GetSystemPowerStatusEx & GetSystemPowerStatusEx2 我实现了这个函数： GetSystemPowerStatusEx和GetSystemPowerStatusEx2

according to this article on MSDN , I should create a class named according to the functions I will use, but my question is : How can I know in which class I should put GetSystemPowerStatusEx & GetSystemPowerStatusEx2 ? 根据MSDN上的这篇文章，我应该创建一个根据我将使用的函数命名的类，但我的问题是：我怎么知道我应该把哪个类放入GetSystemPowerStatusEx和GetSystemPowerStatusEx2？

I'm lost... 我迷路了...

Thanks for help. 感谢帮助。

[EDIT] My question is : which of these three class names are the good one for me (NativeMethods / SafeNativeMethods / UnsafeNativeMethods) ? [编辑]我的问题是：这三个类名中哪一个对我来说是好的（NativeMethods / SafeNativeMethods / UnsafeNativeMethods）？

These methods should be in one of the following classes: 这些方法应该属于以下类之一：

NativeMethods - This class does not suppress stack walks for unmanaged code permission. NativeMethods - 此类不会抑制非托管代码权限的堆栈遍历。 (System.Security.SuppressUnmanagedCodeSecurityAttribute must not be applied to this class.) This class is for methods that can be used anywhere because a stack walk will be performed. （System.Security.SuppressUnmanagedCodeSecurityAttribute不能应用于此类。）此类适用于可在任何地方使用的方法，因为将执行堆栈遍历。

SafeNativeMethods - This class suppresses stack walks for unmanaged code permission. SafeNativeMethods - 此类禁止堆栈遍历非托管代码权限。 (System.Security.SuppressUnmanagedCodeSecurityAttribute is applied to this class.) This class is for methods that are safe for anyone to call. （System.Security.SuppressUnmanagedCodeSecurityAttribute应用于此类。）此类适用于任何人都可以安全调用的方法。 Callers of these methods are not required to perform a full security review to make sure that the usage is secure because the methods are harmless for any caller. 这些方法的调用者不需要执行完整的安全性审查，以确保使用是安全的，因为这些方法对任何调用者都是无害的。

UnsafeNativeMethods - This class suppresses stack walks for unmanaged code permission. UnsafeNativeMethods - 此类禁止堆栈遍历非托管代码权限。 (System.Security.SuppressUnmanagedCodeSecurityAttribute is applied to this class.) This class is for methods that are potentially dangerous. （System.Security.SuppressUnmanagedCodeSecurityAttribute应用于此类。）此类适用于潜在危险的方法。 Any caller of these methods must perform a full security review to make sure that the usage is secure because no stack walk will be performed. 这些方法的任何调用者都必须执行完整的安全性检查，以确保使用是安全的，因为不会执行堆栈遍历。

3 个解决方案

It's a pretty silly warning and ultimately unproductive. 这是一个非常愚蠢的警告，最终没有效果。 But keeping it happy is simple, just add a static class to your project named NativeMethods and put the [DllImport] declarations inside it. 但保持它的快乐很简单，只需在名为NativeMethods的项目中添加一个静态类，并将[DllImport]声明放入其中。 No need for separate classes. 不需要单独的课程。 Declare them internal . 将它们声明为内部。

Beware that you cannot call these functions on an emulator, testing them is going to require running it on the device itself. 请注意，您无法在模拟器上调用这些函数，测试它们需要在设备上运行它。 To keep your program debuggable in the emulator be sure to wrap the code that calls them with #ifdef DEBUG. 要使程序在模拟器中可调试，请确保使用#ifdef DEBUG包装调用它们的代码。

Just declare them as static methods in a static class; 只需将它们声明为静态类中的静态方法; that is the standard approach. 这是标准方法。

Edit: Like the commenter pointed out, they can be placed in a non-static class as well. 编辑：与评论者指出的一样，它们也可以放在非静态类中。 Essentially, as long as your Win32 methods are static extern with a DLLImport attribute, they can go pretty much in any class. 从本质上讲，只要你的Win32方法是带有DLLImport属性的静态extern，它们就可以在任何类中使用。

Put them inside the class you are going to use them as a static methods, then wrap around them with normal methods so you won't bother the rest of the application with the notion that there is something extern involved. 将它们放在类中，您将它们用作静态方法，然后使用常规方法将它们包裹起来，这样您就不会打扰应用程序的其余部分，因为有一些东西涉及到extern。

I use that approach and it never fails. 我使用这种方法，它永远不会失败。

EDIT: 编辑：

Check this out: 看一下这个：

http://pinvoke.net/search.aspx?search=GetSystemPowerStatusEx http://pinvoke.net/search.aspx?search=GetSystemPowerStatusEx