<< My first blog post :) | Fully Trust a share in .Net 2.0, 3.0 and 3.5 >>

Detect if an assembly is a managed assembly

by Koen 29. October 2009 03:17

While using a great IOC/DI container (read Structuremapfor those not familiar with it read this post) I wrote some code to auto detect and auto load the necessary dependencies (I really, really, REALLY hate the XML configuration file so …) Besides a lot of other issues with this method worth a blog post on it’s own, the whole thing crashed as soon as an unmanaged assembly was found in the path.

After some googling I found a few ways to solve my problem:

Use .Net Reflection:

Try to do a AssemblyName.GetAssemblyName(path); If it throws an exception it’s not a managed assembly. As you would suspect this is horribly slow.

Read the binary data from the assembly to detect the assembly type.

Actually the .Net managed assemblies are PE-files with specific values in the header. To read these we could use the LoadLibraryEx command and then walk through the headers with pointers as explained on this site. Since this loads the assembly in memory it was a no-go for me.

There are alot of unmanaged solutions out there (read here and here) that are candidates to port to c# but Rupreet’s weblog saved the day. And here are the relevant code fragments of my AssemblyInfo class:

   1:  try

   2:  {

   3:      if (dataDictionaryRVA == null)

   4:      {

   5:          GetHeaders();

   6:      }

   7:      return dataDictionaryRVA[14] != 0;

   8:  }

   9:  catch (Exception)

  10:  {

  11:      // when an error occurs return false.

  12:  }

  13:  return false;

Obviously the interesting code is inside the GetHeaders method including the comments from Rupreet:

       1: dataDictionaryRVA = new uint[16];

       2: dataDictionarySize = new uint[16];

       3:  

       4: using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read))

       5: {

       6:     BinaryReader reader = new BinaryReader(fs);

       7:  

       8:     //PE Header starts @ 0x3C (60). Its a 4 byte header.

       9:     fs.Position = PeHeaderStart;

    peHeader = reader.ReadUInt32();

  

    //Moving to PE Header start location...

    fs.Position = peHeader;

    peHeaderSignature = reader.ReadUInt32();

  

    //We can also show all these value, but we will be       

    //limiting to the CLI header test.

    machine = reader.ReadUInt16();

    sections = reader.ReadUInt16();

    timestamp = reader.ReadUInt32();

    pSymbolTable = reader.ReadUInt32();

    noOfSymbol = reader.ReadUInt32();

    optionalHeaderSize = reader.ReadUInt16();

    characteristics = reader.ReadUInt16();

  

    /*

    Now we are at the end of the PE Header and from here, the

    PE Optional Headers starts...

    To go directly to the datadictionary, we'll increase the      

    stream’s current position to with 96 (0x60). 96 because,

    28 for Standard fields

    68 for NT-specific fields

    From here DataDictionary starts...and its of total 128 bytes. DataDictionay has 16 directories in total,

    doing simple maths 128/16 = 8.

    So each directory is of 8 bytes.

    In this 8 bytes, 4 bytes is of RVA and 4 bytes of Size.



    btw, the 15th directory consist of CLR header! if its 0, its not a CLR file :)

    */

  

    dataDictionaryStart = Convert.ToUInt16(Convert.ToUInt16(fs.Position) + 0x60);

    fs.Position = dataDictionaryStart;

  

    for (int i = 0; i < 15; i++)

    {

        dataDictionaryRVA[i] = reader.ReadUInt32();

        dataDictionarySize[i] = reader.ReadUInt32();

    }

  

    fs.Close();

}

My complete class implementation is here:

       1: using System;

       2: using System.IO;

       3: using System.Reflection;

       4:  

       5: namespace Williame.Koen.Blog

       6: {

       7:     /// <summary>

       8:     /// Returns information about an assembly without loading it into the appdomain.

       9:     /// </summary>

    public class AssemblyInfo

    {

        /// <summary>

        /// PE Header starts @ 0x3C (60). Its a 4 byte header.

        /// </summary>

        public const long PeHeaderStart = 0x3C;

  

        protected uint peHeader;

        protected uint peHeaderSignature;

        protected ushort machine;

        protected ushort sections;

        protected uint timestamp;

        protected uint pSymbolTable;

        protected uint noOfSymbol;

        protected ushort optionalHeaderSize;

        protected ushort characteristics;

        protected ushort dataDictionaryStart;

        protected uint[] dataDictionaryRVA;

        protected uint[] dataDictionarySize;

        protected string file;

        protected AssemblyName name; 

  

        public AssemblyInfo(string fileName)

        {

            this.file = Path.GetFullPath(fileName);

        }

  

        protected void GetHeaders()

        {

            dataDictionaryRVA = new uint[16];

            dataDictionarySize = new uint[16];

  

            using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read))

            {

                BinaryReader reader = new BinaryReader(fs);

  

                //PE Header starts @ 0x3C (60). Its a 4 byte header.

                fs.Position = PeHeaderStart;

                peHeader = reader.ReadUInt32();

  

                //Moving to PE Header start location...

                fs.Position = peHeader;

                peHeaderSignature = reader.ReadUInt32();

  

                //We can also show all these value, but we will be       

                //limiting to the CLI header test.

                machine = reader.ReadUInt16();

                sections = reader.ReadUInt16();

                timestamp = reader.ReadUInt32();

                pSymbolTable = reader.ReadUInt32();

                noOfSymbol = reader.ReadUInt32();

                optionalHeaderSize = reader.ReadUInt16();

                characteristics = reader.ReadUInt16();

  

                /*

                Now we are at the end of the PE Header and from here, the

                PE Optional Headers starts...

                To go directly to the datadictionary, we'll increase the      

                stream’s current position to with 96 (0x60). 96 because,

                28 for Standard fields

                68 for NT-specific fields

                From here DataDictionary starts...and its of total 128 bytes. DataDictionay has 16 directories in total,

                doing simple maths 128/16 = 8.

                So each directory is of 8 bytes.

                In this 8 bytes, 4 bytes is of RVA and 4 bytes of Size.



                btw, the 15th directory consist of CLR header! if its 0, its not a CLR file :)

                */

  

                dataDictionaryStart = Convert.ToUInt16(Convert.ToUInt16(fs.Position) + 0x60);

                fs.Position = dataDictionaryStart;

  

                for (int i = 0; i < 15; i++)

                {

                    dataDictionaryRVA[i] = reader.ReadUInt32();

                    dataDictionarySize[i] = reader.ReadUInt32();

                }

  

                fs.Close();

            }

        }

  

        public bool IsManaged

        {

            get

            {

                try

                {

                    if (dataDictionaryRVA == null)

                    {

                        GetHeaders();

                    }

                    return dataDictionaryRVA[14] != 0;

                }

                catch (Exception)

                {

                    // when an error occurs return false.

                }

                return false;

            }

        }

  

        public AssemblyName Name

        {

            get

            {

                if (name == null)

                {

                    name = AssemblyName.GetAssemblyName(file);

                }

                return name;

            }

        }

    }

}

As you can see, I also included the AssemblyName which can give me some more information withtout loading the assembly in memory.

Issues:

This is example code so be careful with it in production code.
In addition, check the "magic" field of the PE header (the first 2 bytes) to ensure it is a 32-bit image file (0x010B). The data directory table for 64-bit PE headers start at offset 112 - as opposed to 96 for 32-bit headers.
This example ignores recommendations in Microsoft's PE specification to check the values of size fields so you don't read the wrong data

bb46a0a0-098d-4c32-85fb-406e4828ddef|0|.0

Tags: structuremap, .net, c#, unmanaged, detect, pe, assembly

Structuremap

BDD with nbehave tipsWhile using nBehave on projects especially those where we collaborated with external partners I crea...

Comments

2/17/2010 5:58:20 PM #

This is a excellent post, but I was wondering how do I suscribe to the RSS feed?

Nicolas Daul | Reply

2/19/2010 1:20:04 AM #

This is a very fascinating post, I was looking for this info. Just so you know I located your webpage when I was browsing for blogs like mine, so please check out my site sometime and leave me a comment to let me know what you think.

Arianne Grum | Reply

12/22/2010 10:08:14 AM #