Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Way to determine true calling assembly

Tags:

c#

security

I have some security built into a client side program that downloads a DLL from the web, and called a function inside that DLL. The DLL is strong-named, and the function in the DLL uses Assembly.GetCallingAssembly() to determine the calling assembly so that I can accurately get a path to the program who called it. From there we do a hash check of the assembly and verify that it is the correct one.

We have people that have gotten themselves attached in full trust mode, and are able to spoof the GetCallingAssembly call to point to the real executable, while they run a modified version of it. Is there something else other then GetCallingAssembly that I can use to get the true caller? Some callstack or something that may provide the real executable since GetCallingAssembly seems to be easily spoofed.

like image 216
willthiswork89 Avatar asked Oct 26 '11 13:10

willthiswork89


1 Answers

You can't do this while running in full trust mode. Full trust means people can do things like spoofing. Here is a similar discusison: reflection is possible on obfuscation

like image 111
jlew Avatar answered Oct 19 '22 15:10

jlew