22

I'm going to give an example of using System.Data.SQLite.DLL which is a mixed assembly with unmanaged code: If I execute this :

  var assembly= Assembly.LoadFrom("System.Data.SQLite.DLL")

No exceptions are thrown, but if I do this :

  var rawAssembly = File.ReadAllBytes("System.Data.SQLite.DLL");
  var assembly = Assembly.Load(rawAssembly);

The CLR throws a FileLoadException with "Unverifiable code failed policy check. (Exception from HRESULT: 0x80131402)". Let's say I'm trying to load this assembly on a child AppDomain, how can I customize the AppDomain's security to allow me pass the policy check?

Hans Passant
  • 922,412
  • 146
  • 1,693
  • 2,536
Thiago Padilha
  • 4,590
  • 5
  • 44
  • 69

2 Answers2

21

We are the victim of a crummy exception message. Loading assemblies with Assembly.Load(byte[]) that contain unmanaged code is not supported. This is the subject of this feedback item.

UPDATE: the linked feedback item is gone, deleted as part of the cleanup at VS2012 release time. The only part of it could still recover is this fragment, copied from another web page:

“[…] we only allow ILOnly images to be loaded […] since anything else is not safe”--

UPDATE: link fixed with archive.org backup copy.

CJBS
  • 15,147
  • 6
  • 86
  • 135
Hans Passant
  • 922,412
  • 146
  • 1,693
  • 2,536
  • Could you give an example on how to create an appropriate evidence object? – Thiago Padilha May 31 '10 at 17:51
  • I haven't, but isn't that just a copy of the current domain's security settings(the one that threw the exception in the first place) ? – Thiago Padilha May 31 '10 at 18:08
  • I meant the primary AppDomain's evidence. How did you initialize the AppDomain? Note the CreateDomain(string, Evidence) overload. – Hans Passant May 31 '10 at 19:11
  • I created the secondary domain with 'AppDomain.CreateDomain("ChildDomain,null,setup)"' (the only option I change in the setup is the application base dir) As I said, it doesnt matter if I load the raw assembly from the primary or child domain, it will always throw that exception, thats why I'm asking how to change the security settings to allow me to load mixed assemblies from byte arrays(if you showed a code snippet that made my code work that would be great); – Thiago Padilha May 31 '10 at 20:22
  • @Thiado: started looking deeper when I got the same exception in full trust. Found the answer, post updated. – Hans Passant May 31 '10 at 21:00
  • Feedback item link was not working for me, working url: http://connect.microsoft.com/VisualStudio/feedback/details/97801/loading-mixed-assembly-with-assembly-load-byte-throw-exception-changed-behaviour – Faisal Mansoor Apr 05 '11 at 17:55
  • “[…] we only allow ILOnly images to be loaded […] since anything else is not safe” -- How is loading from disk safer than loading from a byte array? – Sergey Slepov Sep 22 '15 at 21:32
12

The problem is that the CLR does not perform the normal DLL loading steps - like mapping the dlls separate sections into different pages, adjusting fixups, etc. When an assembly is loaded from raw bytes, those raw bytes are mapped into memory as is, and only managed meta-data is read. No amount of evidence or security settings will change this behavior.

Paul Alexander
  • 31,970
  • 14
  • 96
  • 151