View Single Post
  #3  
Old 03-12-2009, 06:46 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Hi Kurapica,
Test this research if you have time. I myself can not believe that it can be bypassed so easily. I will start to test in some next days.

More info about this bug
Quote:
Sometime later, when an application attempts to load your signed assembly:

1. The .NET assembly loader calculates the cryptographic digest of the current assembly contents. This is known as the run-time digest.
2. The loader extracts the stored compile-time digest and public key from the assembly.
3. The loader uses the public key to decrypt the compile-time digest.
4. The loader then compares the run-time digest with the decrypted compile-time digest to ensure they match. If not, then the assembly has been modified since you compiled it, and the assembly load fails.

This process is different when loading shared assemblies from the GAC. Because assemblies are verified when they are first installed into the GAC–and they cannot be modified while in the GAC–the .NET assembly loader does not verify an assembly when loading it from the GAC. This can improve the startup speed of your application if you load many shared assemblies.
__________________
My site: http://rongchaua.net

Last edited by rongchaua : 03-12-2009 at 08:16 AM.
Reply With Quote