CODEWITHSUNDEEP
c#.netclrassemblies
sharptooth
sharptooth

Reputation: 170489

Are .NET assemblies without strong names protected against accidental corruption?

Suppose I build a .NET assembly and don't have it signed with a strong name, then it is copied to some storage, then to another and then it ends up in production. If a bit or two of the assembly contents get accidentally changed (some hardware problem or something like that) is there a chance that .NET runtime doesn't notice it and still considers the assembly image valid?

Upvotes: 7

Views: 148

Answers (3)

xanatos
xanatos

Reputation: 111870

Write this program:

using System;

namespace ConsoleApplication13
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello world!");
        }
    }
}

compile it, run it...

Now open it in Notepad++, go to Find, select Extended research type, search for H\0... Find the H NUL e NUL l... and replace the H with a X... Save and relaunch...

Xello world!

Note that strong named assemblies aren't verified normally... Try to add a strong name... compile... run

sn -v yourprogram.exe

and check that it is correct...

now modify it... rerun the 

sn -v yourprogram.exe

and see that the validation fails...

now try to run it... It runs correctly!

From MSDN

Starting with the .NET Framework version 3.5 Service Pack 1 (SP1), strong-name signatures are not validated when an assembly is loaded into a full-trust AppDomain object, such as the default AppDomain for the MyComputer zone.

Upvotes: 6

Lasse V. Karlsen
Lasse V. Karlsen

Reputation: 391416

Yes, there is a chance.

Let's turn the question on its head.

Can I arbitrarily change any one bit in the assembly and still execute/use it?

No, lots of bits and bytes are read during load and execution and most of them matter.

If text or numbers, basically data, changes, the chance goes way way down though not entirely to zero, depending on the exact data that changed.

So the answer to your question is that:

  • The assembly might be able to load, and execute, though possibly with incorrect/odd results
  • The assembly might not load

There is no guarantee either way, however.

Upvotes: 1

Sandeep
Sandeep

Reputation: 399

Not sure what you mean by .net runtime won't notice it? .net runtime won't run dll verification if it is not strongly signed. It will try to load the dll. If the change corrupts the dll then dll load will fail.

Upvotes: 0

Related Questions