Skip to content

Instantly share code, notes, and snippets.

@rnelson

rnelson/FileNotFoundException.md

Created January 27, 2022 01:37
Show Gist options
  • Save rnelson/651ee2d9b4f1fb02d78b892b4ba45260 to your computer and use it in GitHub Desktop.
Save rnelson/651ee2d9b4f1fb02d78b892b4ba45260 to your computer and use it in GitHub Desktop.
Download ZIP
Genesyslab.Sip.Endpoint.Provider.Genesys.dll + FileNotFoundException
Raw
FileNotFoundException.md

FileNotFoundException

A few months back, I wrote a simple little Windows desktop application using WPF. It's built for .NET Framework 4.5, which means it should run in 4.5 through 4.8 without any issues. Outside of some core .NET assemblies and the WPF ones, it has a whopping three dependencies:

  1. Genesyslab.Sip.Endpoint.dll
  2. Genesyslab.Sip.Endpoint.Provider.Genesys.dll
  3. Newtonsoft.Json.dll

This application has been used internally on my network, internally on the other half of the company's network (we had a big merger, the networks are linked but only enough to get the important things working on both sides), and internally on some vendor networks. At launch, it connects to a web service of mine to pull down configuration stuff, and user-selected options then dictate what Genesys servers those first two dependencies connect to. Nice and simple.

Yesterday, I was told that a vendor was trying to use the software and it was failing. We met with some of their IT people to troubleshoot.

They open the application on a 64-bit Windows 10 install with .NET Framework 4.8. It launches and connects to my web service without any problems. Then they hit the X button to close the window, and it crashes with a FileNotFoundException. It's unable to find Genesyslab.Sip.Endpoint.Provider.Genesys.dll. Problem is, the file is there. We can clearly see it in Windows Explorer behind my application.

I immediately suspected that they had some sort of antivirus or endpoint security app running that was messing with it. Antivirus seemed unlikely as causing the file to not be found would likely indicate that the AV was quarantining it, but then we wouldn't see it Explorer.

To rule it out, the vendor took a computer and reimaged it. Again, Windows 10 with .NET Framework 4.8, but that's about it. Windows Defender was disabled, no other AV installed, no endpoint protection software, not yet on a domain so it doesn't have any GPO policies causing it.

I triple checked everything. Loaded the two Genesys DLLs and my executable into dotPeek and showed everyone that my app was x86 and .NET 4.0. The first Genesys DLL is x86 and 4.0, the second is MSIL and 4.0. Their setup is, in theory, 100% compatible with all of that. If it wasn't, I would expect my executable to not launch or a BadImageFormatException if it for some reason couldn't run a 32-bit .NET 4.0 file.

Whyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

Answer

This kind of stuff really interests me, and I suspect it interests some other people. So I'm not gonna spoil it for those who want to try to figure it out. The answer is base64 encoded. You can decode it here.

VGhlIGZhY3QgdGhhdCBpdCBkaWRuJ3Qgd29yayBvbiBhIHZlcnkgdmFuaWxsYSBpbnN0YWxsIHNo b3VsZCBoYXZlIGdpdmVuIGl0IGF3YXkuIFRoZSBleHRlbnQgdG8gd2hpY2ggdGhlIHZlbmRvciBr ZXB0IHRlbGxpbmcgdXMgdGhhdCB0aGVpciBuZXR3b3JrIGlzIGxvY2tlZCBkb3duIG9uIHRoZXNl IG1hY2hpbmVzIChub3QgZ3VhcmFudGVlaW5nLCBidXQgb2Z0ZW4gY29pbmNpZGluZyB3aXRoIHdv cmtzdGF0aW9uIHNlY3VyaXR5KSBzaG91bGQgaGF2ZSBiZWVuIGEgaGludCB0b28uCgpUd28gb2Yg dXMgc3BlbnQgYSBidW5jaCBvZiB0aW1lIG9uIHRoZSBjYWxsIHNlYXJjaGluZyB0byBzZWUgaWYg R29vZ2xlIGNvdWxkIHBvaW50IHVzIGluIHRoZSByaWdodCBkaXJlY3Rpb24uIFRoZSBvdGhlciBn dXkgd2FzIHJlYWRpbmcgc29tZXRoaW5nIGFuZCBzYWlkIGEgY291cGxlIG9mIHdvcmRzIChJIGNh bid0IHJlbWVtYmVyIHdoYXQgdGhleSB3ZXJlIGF0IHRoaXMgcG9pbnQpIHRoYXQgbWFpZCBpdCBw YWluZnVsbHkgb2J2aW91cyB0byBtZS4KClRoaW5rIGJhY2sgdG8gdGhlaXIgYXR0ZW1wdCB0byBy dWxlIG91dCBzZWN1cml0eSBzb2Z0d2FyZS4gVGhleSB3ZXJlIHVzaW5nIHdoYXQgd2FzIGFsbW9z dCBhbiBlbnRpcmVseSB2YW5pbGxhIFdpbmRvd3MgMTAgaW5zdGFsbC4gSSBhbSBub3QuIFRoZSBv dGhlciBwZW9wbGUgdXNpbmcgaXQsIHdoZXRoZXIgb3VyIGVuZCB1c2VycyAoaW50ZXJuYWxseSBv ciBvdGhlciB2ZW5kb3JzKSBvciB0ZXN0ZXJzLgoKSSB3ZW50IHRvIHRoZSBHZW5lc3lzIHdlYnNp dGUgYW5kIGZvdW5kIHRoZSBkZXBsb3ltZW50IGluc3RydWN0aW9ucyBmb3IgdGhhdCBTREsgYW5k IHNhdyBleGFjdGx5IHdoYXQgSSB3YXMgbG9va2luZyBmb3I6IFZpc3VhbCBDKysgMjAxMy4gSSd2 ZSBkZWNvbXBpbGVkIHRoYXQgU0RLIG11bHRpcGxlIHRpbWVzIHRvIHRyeSB0byBkZWJ1ZyBwcm9i bGVtcyBJIHdhcyBoYXZpbmcuIEkndmUgc2VlbiBjb2RlIHRoYXQncyBjbGVhcmx5IFtDKysvQ0xJ XShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9DJTJCJTJCL0NMSSkuIFRoZSBkb3RQZWVr IHdpbmRvdyBJIHN0aWxsIGhhZCBvd24gc2hvd2VkIG11bHRpcGxlIHRoaW5ncyB0aGF0IGluY2x1 ZGVkICJjcHAiIGluIHRoZSBuYW1lLiBJdCB3YXNuJ3QgbGlzdGVkIGluIHRoZSBETEwncyBkZXBl bmRlbmNpZXMsIGJ1dCBpdCBuZWVkZWQgaXQuCgpUaGVyZSBpcyBhIHRvbiBvZiBjb2RlIG91dCB0 aGVyZSB0aGF0J3Mgd3JpdHRlbiBpbiBDKysuIEFmdGVyIGluc3RhbGxpbmcgYSBwaWxlIG9mIGNv bW1vbiBkZXNrdG9wIGFwcGxpY2F0aW9ucywgV2luZG93cyB3aWxsIHVzdWFsbHkgaGF2ZSBhdCBs ZWFzdCBhIGZldyBkaWZmZXJlbnQgVmlzdWFsIEMrKyBydW50aW1lcy4gTXkgbWFjaGluZSwgd2hp Y2ggaGFzIGEgdG9uIG9mIHRoaW5ncyBpbnN0YWxsZWQgaW5jbHVkaW5nIFZpc3VhbCBTdHVkaW8g d2l0aCBDKysgc3R1ZmYgaW4gaXQsIGhhcyAyMCBkaWZmZXJlbnQgcnVudGltZXMgZnJvbSBWaXN1 YWwgQysrIDIwMDUgb253YXJkLCBpbiBib3RoIDMyLSBhbmQgNjQtYml0LgoKVGhpcyB2ZW5kb3In cyBtYWNoaW5lcyBhcmUgc28gbG9ja2VkIGRvd24gKGFuZCB1c2VkIG9ubHkgZm9yIG91ciB3b3Jr KSB0aGF0IHRoZXkgaGFkIG1hbmFnZWQgdG8gbm90IG5lZWQgdGhlIDMyLWJpdCBWaXN1YWwgQysr IDIwMTMgcnVudGltZSBmb3IgYW55dGhpbmcuIEluc3RhbGwgdGhhdCwgYW5kIHN1ZGRlbmx5IEdl bmVzeXNsYWIuU2lwLkVuZHBvaW50LlByb3ZpZGVyLkdlbmVzeXMuZGxsIGlzICJmb3VuZC4iCgpB bGwgYWxvbmcsIGl0IHdhc24ndCB0aGF0IGl0IGNvdWxkbid0IGZpbmQgdGhhdCBETEwuIEl0IHdh cyBmYWlsaW5nIHRvIGZpbmQgKiphIGRlcGVuZGVuY3kqKiBvZiB0aGUgRExMLiBTaWdoLg==

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment