What is the alternative in .NetCore/.Net6 to Serialize/Deserialize "IntPtr" because BinaryFormatter is obsolete and is vulnerable and not secure at all

Bikramjeeth Garevaul 1 Reputation point
2022-08-14T10:17:37.943+00:00

Hi,

I have this previous ".NetFramework 4.8" code to Serialize/Deserialize an "IntPtr". But it uses BinaryFormatter which is Obsolete and is supposed to be Highly Insecure and Vulnerable. So what is the Alternative way to achieve this in ‘.Net 6’?

Regards
Bikramjeeth Garevaul

My current code is::

Usage>>>

  string packedString = Pack(someReferenceObject1);  
  IntPtr intPtr1 = (IntPtr)Unpack(packedString);  

Actual Usage Scenario>>>

This is what it is being used eventually for

        // $$ For Example we take this object.  
        SqlConnection con = new SqlConnection();  

        // $$ Converting the IntPtr of the Handle of the Object to String.  
        GCHandle handle = GCHandle.Alloc(con, GCHandleType.Normal);  
        IntPtr ip = GCHandle.ToIntPtr(handle);  
        string ipString = Pack(ip);  

        // $$ Converting the Object back from the IntPtr String.  
        GCHandle handle2 = GCHandle.FromIntPtr(Unpack(ipString));  
        SqlConnection con2 = (handle2.Target as SqlConnection);  

Methods>>>

    public static string Pack(object obj)  
    {  
        try  
        {  
            if (obj == null) throw new ArgumentNullException(nameof(obj));  

            using (MemoryStream input = new MemoryStream())  
            {  
                BinaryFormatter binaryFormatter = new BinaryFormatter();  
                binaryFormatter.Serialize(input, obj);  
                input.Seek(0, SeekOrigin.Begin);  

                using (MemoryStream output = new MemoryStream())  
                using (DeflateStream deflateStream = new DeflateStream(output, CompressionMode.Compress))  
                {  
                    input.CopyTo(deflateStream);  
                    deflateStream.Close();  

                    return Convert.ToBase64String(output.ToArray());  
                }  
            }  
        }  
        catch (Exception ex)  
        {  
            throw (new Exception(ex.Message, ex));  
        }  
        finally  
        {  
            //  
        }  
    }  

    public static IntPtr Unpack(string packedString)  
    {  
        try  
        {  
            if (packedString == null) throw new ArgumentNullException(nameof(packedString));  

            using (MemoryStream input = new MemoryStream(Convert.FromBase64String(packedString)))  
            using (DeflateStream deflateStream = new DeflateStream(input, CompressionMode.Decompress))  
            using (MemoryStream output = new MemoryStream())  
            {  
                deflateStream.CopyTo(output);  
                deflateStream.Close();  
                output.Seek(0, SeekOrigin.Begin);  

                BinaryFormatter binaryFormatter = new BinaryFormatter();  
                IntPtr message = (IntPtr)binaryFormatter.Deserialize(output);  
                return message;  
            }  
        }  
        catch (Exception ex)  
        {  
            throw (new Exception(ex.Message, ex));  
        }  
        finally  
        {  
            //  
        }  
    }  

===== Extra=====

Also.............. If I try the XmlSerializer instead of the BinaryFormatter.Serialize() and BinaryFormatter.Deserialize() lines, like,

In Pack.....

               XmlSerializer xmlSerializer = new XmlSerializer(typeof(IntPtr));  
               xmlSerializer.Serialize(input, obj);  

In Unpack.....

                XmlSerializer xmlSerializer = new XmlSerializer(typeof(IntPtr));  
                IntPtr message = (IntPtr)xmlSerializer.Deserialize(output);  

then it gives me an Error

"System.IntPtr is an unsupported type. Please use [XmlIgnore] attribute to exclude members of this type from serialization graph."

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,166 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Viorel 111.5K Reputation points
    2022-08-17T08:23:53.257+00:00

    Try this alternative:

    IntPtr intptr = . . .  
      
    // serialization  
    string s = intptr.ToString( CultureInfo.InvariantCulture );  
      
    // deserialization  
    IntPtr intpte2 = IntPtr.Parse( s, CultureInfo.InvariantCulture );  
    
    0 comments No comments