Detect if an assembly is a managed assembly

by Koen 29. October 2009 03:17

While using a great IOC/DI container (read for those not familiar with it read this post) I wrote some code to auto detect and auto load the necessary dependencies (I really, really, REALLY hate the XML configuration file so …) Besides a lot of other issues with this method worth a blog post on it’s own, the whole thing crashed as soon as an unmanaged assembly was found in the path.

After some googling I found a few ways to solve my problem:

Use .Net Reflection:

Try to do a AssemblyName.GetAssemblyName(path); If it throws an exception it’s not a managed assembly. As you would suspect this is horribly slow.

Read the binary data from the assembly to detect the assembly type.

Actually the .Net managed assemblies are with specific values in the header. To read these we could use the command and then walk through the headers with pointers as explained on this site. Since this loads the assembly in memory it was a no-go for me.

There are alot of unmanaged solutions out there (read here and here) that are candidates to port to c# but Rupreet’s weblog saved the day. And here are the relevant code fragments of my AssemblyInfo class:

   1:  try
   2:  {
   3:      if (dataDictionaryRVA == null)
   4:      {
   5:          GetHeaders();
   6:      }
   7:      return dataDictionaryRVA[14] != 0;
   8:  }
   9:  catch (Exception)
  10:  {
  11:      // when an error occurs return false.
  12:  }
  13:  return false;

Obviously the interesting code is inside the GetHeaders method including the comments from Rupreet:

   1: dataDictionaryRVA = new uint[16];
   2: dataDictionarySize = new uint[16];
   3:  
   4: using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read))
   5: {
   6:     BinaryReader reader = new BinaryReader(fs);
   7:  
   8:     //PE Header starts @ 0x3C (60). Its a 4 byte header.
   9:     fs.Position = PeHeaderStart;
  10:     peHeader = reader.ReadUInt32();
  11:  
  12:     //Moving to PE Header start location...
  13:     fs.Position = peHeader;
  14:     peHeaderSignature = reader.ReadUInt32();
  15:  
  16:     //We can also show all these value, but we will be       
  17:     //limiting to the CLI header test.
  18:     machine = reader.ReadUInt16();
  19:     sections = reader.ReadUInt16();
  20:     timestamp = reader.ReadUInt32();
  21:     pSymbolTable = reader.ReadUInt32();
  22:     noOfSymbol = reader.ReadUInt32();
  23:     optionalHeaderSize = reader.ReadUInt16();
  24:     characteristics = reader.ReadUInt16();
  25:  
  26:     /*
  27:     Now we are at the end of the PE Header and from here, the
  28:     PE Optional Headers starts...
  29:     To go directly to the datadictionary, we'll increase the      
  30:     stream’s current position to with 96 (0x60). 96 because,
  31:     28 for Standard fields
  32:     68 for NT-specific fields
  33:     From here DataDictionary starts...and its of total 128 bytes. DataDictionay has 16 directories in total,
  34:     doing simple maths 128/16 = 8.
  35:     So each directory is of 8 bytes.
  36:     In this 8 bytes, 4 bytes is of RVA and 4 bytes of Size.
  37: 
  38:     btw, the 15th directory consist of CLR header! if its 0, its not a CLR file :)
  39:     */
  40:  
  41:     dataDictionaryStart = Convert.ToUInt16(Convert.ToUInt16(fs.Position) + 0x60);
  42:     fs.Position = dataDictionaryStart;
  43:  
  44:     for (int i = 0; i < 15; i++)
  45:     {
  46:         dataDictionaryRVA[i] = reader.ReadUInt32();
  47:         dataDictionarySize[i] = reader.ReadUInt32();
  48:     }
  49:  
  50:     fs.Close();
  51: }

My complete class implementation is here:

   1: using System;
   2: using System.IO;
   3: using System.Reflection;
   4:  
   5: namespace Williame.Koen.Blog
   6: {
   7:     /// <summary>
   8:     /// Returns information about an assembly without loading it into the appdomain.
   9:     /// </summary>
  10:     public class AssemblyInfo
  11:     {
  12:         /// <summary>
  13:         /// PE Header starts @ 0x3C (60). Its a 4 byte header.
  14:         /// </summary>
  15:         public const long PeHeaderStart = 0x3C;
  16:  
  17:         protected uint peHeader;
  18:         protected uint peHeaderSignature;
  19:         protected ushort machine;
  20:         protected ushort sections;
  21:         protected uint timestamp;
  22:         protected uint pSymbolTable;
  23:         protected uint noOfSymbol;
  24:         protected ushort optionalHeaderSize;
  25:         protected ushort characteristics;
  26:         protected ushort dataDictionaryStart;
  27:         protected uint[] dataDictionaryRVA;
  28:         protected uint[] dataDictionarySize;
  29:         protected string file;
  30:         protected AssemblyName name; 
  31:  
  32:         public AssemblyInfo(string fileName)
  33:         {
  34:             this.file = Path.GetFullPath(fileName);
  35:         }
  36:  
  37:         protected void GetHeaders()
  38:         {
  39:             dataDictionaryRVA = new uint[16];
  40:             dataDictionarySize = new uint[16];
  41:  
  42:             using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read))
  43:             {
  44:                 BinaryReader reader = new BinaryReader(fs);
  45:  
  46:                 //PE Header starts @ 0x3C (60). Its a 4 byte header.
  47:                 fs.Position = PeHeaderStart;
  48:                 peHeader = reader.ReadUInt32();
  49:  
  50:                 //Moving to PE Header start location...
  51:                 fs.Position = peHeader;
  52:                 peHeaderSignature = reader.ReadUInt32();
  53:  
  54:                 //We can also show all these value, but we will be       
  55:                 //limiting to the CLI header test.
  56:                 machine = reader.ReadUInt16();
  57:                 sections = reader.ReadUInt16();
  58:                 timestamp = reader.ReadUInt32();
  59:                 pSymbolTable = reader.ReadUInt32();
  60:                 noOfSymbol = reader.ReadUInt32();
  61:                 optionalHeaderSize = reader.ReadUInt16();
  62:                 characteristics = reader.ReadUInt16();
  63:  
  64:                 /*
  65:                 Now we are at the end of the PE Header and from here, the
  66:                 PE Optional Headers starts...
  67:                 To go directly to the datadictionary, we'll increase the      
  68:                 stream’s current position to with 96 (0x60). 96 because,
  69:                 28 for Standard fields
  70:                 68 for NT-specific fields
  71:                 From here DataDictionary starts...and its of total 128 bytes. DataDictionay has 16 directories in total,
  72:                 doing simple maths 128/16 = 8.
  73:                 So each directory is of 8 bytes.
  74:                 In this 8 bytes, 4 bytes is of RVA and 4 bytes of Size.
  75: 
  76:                 btw, the 15th directory consist of CLR header! if its 0, its not a CLR file :)
  77:                 */
  78:  
  79:                 dataDictionaryStart = Convert.ToUInt16(Convert.ToUInt16(fs.Position) + 0x60);
  80:                 fs.Position = dataDictionaryStart;
  81:  
  82:                 for (int i = 0; i < 15; i++)
  83:                 {
  84:                     dataDictionaryRVA[i] = reader.ReadUInt32();
  85:                     dataDictionarySize[i] = reader.ReadUInt32();
  86:                 }
  87:  
  88:                 fs.Close();
  89:             }
  90:         }
  91:  
  92:         public bool IsManaged
  93:         {
  94:             get
  95:             {
  96:                 try
  97:                 {
  98:                     if (dataDictionaryRVA == null)
  99:                     {
 100:                         GetHeaders();
 101:                     }
 102:                     return dataDictionaryRVA[14] != 0;
 103:                 }
 104:                 catch (Exception)
 105:                 {
 106:                     // when an error occurs return false.
 107:                 }
 108:                 return false;
 109:             }
 110:         }
 111:  
 112:         public AssemblyName Name
 113:         {
 114:             get
 115:             {
 116:                 if (name == null)
 117:                 {
 118:                     name = AssemblyName.GetAssemblyName(file);
 119:                 }
 120:                 return name;
 121:             }
 122:         }
 123:     }
 124: }

As you can see, I also included the AssemblyName which can give me some more information withtout loading the assembly in memory.

Issues:

  • This is example code so be careful with it in production code.
  • In addition, check the "magic" field of the PE header (the first 2 bytes) to ensure it is a 32-bit image file (0x010B). The data directory table for 64-bit PE headers start at offset 112 - as opposed to 96 for 32-bit headers.
  • This example ignores recommendations in Microsoft's PE specification to check the values of size fields so you don't read the wrong data

Tags: , , , , , ,

Structuremap

Comments

2/17/2010 5:58:20 PM #

Nicolas Daul

This is a excellent post, but I was wondering how do I suscribe to the RSS feed?

Nicolas Daul United States | Reply

2/19/2010 1:20:04 AM #

Arianne Grum

This is a very fascinating post, I was looking for this info. Just so you know I located your webpage when I was browsing for blogs like mine, so please check out my site sometime and leave me a comment to let me know what you think.

Arianne Grum United States | Reply

12/22/2010 10:08:14 AM #

Oc

Wow! its working as i expect, Thank you admin for posting such helpful post. Please keep informing us.

Oc United States | Reply

2/9/2011 10:42:57 AM #

Article

Nice

Article United States | Reply

3/1/2011 7:41:25 AM #

Assembly Machine

Wow! its working as i expect, Thank you admin for posting such helpful post. Please keep informing us.

Assembly Machine United States | Reply

4/8/2011 7:32:35 AM #

pacquiao vs mosley

This blog is really Cool! You can visit my site for the upcoming fight of Pacquiao vs Mosley.   pacquiao-vs-mosley-live-stream-fight.blogspot.com/.../pacquaio-vs-mosley-live-streaming.html

pacquiao vs mosley United States | Reply

5/13/2011 3:03:39 PM #

mobile app development

And what is the difference between an assebly and a managed assebly?

mobile app development United States | Reply

6/12/2011 5:16:36 AM #

Forman

Valuable info. Exactly what I was looking for. i'll check back soon again.

Forman United States | Reply

Add comment


(Will show your Gravatar icon)

  Country flag

biuquote
  • Comment
  • Preview
Loading