0

Is there a way in code to detected whether a DLL is blocked from being loaded because it was downloaded from the internet? I know the caspol.exe utility can read permissions settings, but I would like to stay in code, if possible.

Hank
  • 8,289
  • 12
  • 47
  • 57
  • Well, sure, the Assembly.LoadFrom() call throws an exception. What are you really talking about? – Hans Passant Sep 06 '11 at 21:43
  • @Hans: this is for a utility that copies files from a local network, and I want to be able to detect blocked DLLs to send a notification that there's a problem. I don't want to load every single one just to see if I can. But you're right, that's one solution... – Hank Sep 07 '11 at 13:27

1 Answers1

2

Blocked content is controlled by NTFS alternative data streams and can be removed using a command line utility by sysinternals called streams. This is a quote from Wikipedia on ADS.

Microsoft introduced the Attachment Execution Service that stores details on the origin of downloaded files in alternate data streams attached to files, in an effort to protect users from downloaded files that may present a risk.

It tracks the origin of the file, and hence if it originated from the internet it applies the untrusted security policy. Removing the stream removes the record that the file came from an untrusted source. This has the same affect as right-clicking on the file, viewing properties, and choosing unblock. It's also the same affect as using caspol to make the dll full trust.

The following creates a zero byte stream associated with the file test.

echo hello > test:stream

The following project on codeproject has some example code for working with them. I believe you need to delete them from unmanaged code.

Accessing alternative data-streams of files on an NTFS volume

TheCodeKing
  • 19,064
  • 3
  • 47
  • 70
  • I'm not clear on how this is related to the CASPOL DLL-blocking. Can you give a more specific example? – Hank Sep 07 '11 at 13:29
  • 1
    I'm referring to the mechanism that tracks the downloaded file as originating from as untrusted source (and therefore blocked). Updated to help clarify. – TheCodeKing Sep 07 '11 at 13:59