Is there a way to run code when an assembly loads?

Question

I'm building an application that will load untrusted assemblies for inspection (i.e. retrieval of the assembly full name). For security reasons, I'm trying to think of a way that these assemblies could be written that would allow them to execute code when loaded. I haven't code up with a method yet, but wanted to throw it out here to see if anyone could.

I'm aware that I could load these assemblies into an untrusted app domain, effectively stopping them from doing almost anything, but I wanted to avoid the complexity if it's un-needed.

Specifically, I will be calling Assembly.Load and <LoadedAssebmly>.FullName. Maybe there's a better way to load the assembly name without using the Assembly class?

Thanks, Matt

score 1 · Accepted Answer · answered Mar 28 '11 at 11:51

1

First of all, there's the AssemblyName class. It allows you to find the assembly's name without loading it. Second, you can load assemblies using Assembly.ReflectionOnlyLoad, which uses the reflection-only context -- no code can be executed from such an assembly.

answered Mar 28 '11 at 11:51

Sasha Goldshtein

3,499
22
35

Perfect! This is what I need to do. I assume that this is not prone to the module initializers mentioned in Daniel's post? – Matt Ruwe Mar 28 '11 at 13:18
1

It shouldn't be, but I suggest that you make sure if this is important to you from a security perspective. – Sasha Goldshtein Mar 29 '11 at 05:55

score 1 · Answer 2 · edited May 23 '17 at 11:55

1

Yes, it is possible: .Net: Running code when assembly is loaded

I suggest, you use a method to inspect the assembly, that doesn't load it, i.e. Mono.Cecil

edited May 23 '17 at 11:55

Community

1
1

answered Mar 28 '11 at 11:54

Daniel Hilgarth

171,043
40
335
443

Is there a way to run code when an assembly loads?

2 Answers2