Way to determine true calling assembly

2018-06-02 18:22:20

I have some security built into a client side program that downloads a DLL from the web, and called a function inside that DLL. The DLL is strong-named, and the function in the DLL uses Assembly.GetCallingAssembly() to determine the calling assembly so that I can accurately get a path to the program who called it. From there we do a hash check of the assembly and verify that it is the correct one.

We have people that have gotten themselves attached in full trust mode, and are able to spoof the GetCallingAssembly call to point to the real executable, while they run a modified version of it. Is there something else other then GetCallingAssembly that I can use to get the true caller? Some callstack or something that may provide the real executable since GetCallingAssembly seems to be easily spoofed.

You can't do this while running in full trust mode. Full trust means people can do things like spoofing. Here is a similar discusison: reflection is possible on obfuscation

我不确定它有多安全，但我过去曾用它来获取启动路径：

string startup_path =
   Path.GetDirectoryName(typeof(SomeClassInDll).Assembly.Location);

链接地址: http://www.djcxy.com/p/9872.html

上一篇: 在ASMX Web服务之间共享一个枚举

下一篇: 确定真正的调用程序集的方法