Monitor method call

[Sharon]

Hi all,
Is there a way to monitor all assembly method calls?
Without placing monitor code at each method start.
Thanks,
Sharon.

 

[Jeroen Mostert]

Is there a way to monitor all assembly method calls?
Without placing monitor code at each method start.

It's called profiling.

 

[Sharon]

Thanks for your reply Jeronen.
I know profilers can monitor method calls at runtime.
But how is it done?
I need it for security features.

 

[Peter Duniho]

Thanks for your reply Jeronen.
I know profilers can monitor method calls at runtime.
But how is it done?

There are two main approaches: instrumented, and sampling.

An instrumented profiler injects code at the entry and exit for each
method that you want profiled. A sampling profiler simply inspects the
instruction pointer of the executing program at regular intervals.

The former gives you much more precise information, at the expense of
overhead. A sampling profile can disturb the execution of the program
much less, but can only provide broad statistics regarding execution.

It's not uncommon to find a single profiler that supports both approaches.

I need it for security features.

That seems unlikely. Usually, when someone posts here saying they need
some unusual introspective feature in their code "for security features"
what they really mean is that they are trying to implement some copy
protection scheme. All copy protection schemes are doomed to failure
from the outset.

If you have some other "security feature" in mind, you should be more
specific so that you can get better advice. If you are in fact thinking
of a copy protection scheme, do yourself a favor and don't waste any
more time on trying to implement this particular approach. Even if it
works, you will spend far more time implementing it than some hacker
will breaking it.

Pete

 

[Arne Vajhøj]

Is there a way to monitor all assembly method calls?
Without placing monitor code at each method start.

You could weave in that code in using an AOP tool
like AspectDNG.

Arne

 

[John Rivers]

http://www.postsharp.org/

 

[Sharon]

Hi Pete,
I wasn't even thinking in the direction of copy protection.
This is a server app. and there is no need for copy protection.
Its not even obfuscated.
What i actually need it for is to check the user method call permissions.
And it seems that AOP is the way to go.

 

[Sharon]

Hi John & Arne.
Do all AOP solutions inject code after compilation?
Is there a way to do this at runtime?
Thanks,
Sharon.

 

[Jeroen Mostert]

Thanks for your reply Jeronen.
I know profilers can monitor method calls at runtime.
But how is it done?
I need it for security features.

Then it might be called Code Access Security, depending on what you're
trying to achieve.

 

[Sharon]

Code Access Security sounds right.
I need to check the user permission to invoke the method.
I'm trying AOP now.

 

[Arne Vajhøj]

Do all AOP solutions inject code after compilation?

No. But most does.

Is there a way to do this at runtime?

Yes. Some frameworks allow this - in specific contexts.

Try look at Spring.NET AOP.

Arne

 

[Sharon]

Thanks Arne,
I'm checking the pros and cons of these 2 methods.
And I will definitely check out Spring.NET.
Sharon.