
时间:2021-04-18 07:32:27

I'm going to give an example of using System.Data.SQLite.DLL which is a mixed assembly with unmanaged code: If I execute this :


  var assembly= Assembly.LoadFrom("System.Data.SQLite.DLL")

No exceptions are thrown, but if I do this :


  var rawAssembly = File.ReadAllBytes("System.Data.SQLite.DLL");
  var assembly = Assembly.Load(rawAssembly);

The CLR throws a FileLoadException with "Unverifiable code failed policy check. (Exception from HRESULT: 0x80131402)". Let's say I'm trying to load this assembly on a child AppDomain, how can I customize the AppDomain's security to allow me pass the policy check?


2 个解决方案



We are the victim of a crummy exception message. Loading assemblies with Assembly.Load(byte[]) that contain unmanaged code is not supported. This is the subject of this feedback item.

我们是一个糟糕的异常消息的受害者。不支持使用包含非托管代码的Assembly.Load(byte [])加载程序集。这是此反馈项的主题。

UPDATE: the linked feedback item is gone, deleted as part of the cleanup at VS2012 release time. The only part of it could still recover is this fragment, copied from another web page:


“[…] we only allow ILOnly images to be loaded […] since anything else is not safe”--

“[...]我们只允许加载ILOnly图像[...],因为其他任何东西都不安全” -

UPDATE: link fixed with archive.org backup copy.




The problem is that the CLR does not perform the normal DLL loading steps - like mapping the dlls separate sections into different pages, adjusting fixups, etc. When an assembly is loaded from raw bytes, those raw bytes are mapped into memory as is, and only managed meta-data is read. No amount of evidence or security settings will change this behavior.

问题是CLR不执行正常的DLL加载步骤 - 比如将dll分隔成不同的页面,调整fixup等。当从原始字节加载程序集时,这些原始字节按原样映射到内存中,并且只读取托管的元数据。没有任何证据或安全设置会改变此行为。



We are the victim of a crummy exception message. Loading assemblies with Assembly.Load(byte[]) that contain unmanaged code is not supported. This is the subject of this feedback item.

我们是一个糟糕的异常消息的受害者。不支持使用包含非托管代码的Assembly.Load(byte [])加载程序集。这是此反馈项的主题。

UPDATE: the linked feedback item is gone, deleted as part of the cleanup at VS2012 release time. The only part of it could still recover is this fragment, copied from another web page:


“[…] we only allow ILOnly images to be loaded […] since anything else is not safe”--

“[...]我们只允许加载ILOnly图像[...],因为其他任何东西都不安全” -

UPDATE: link fixed with archive.org backup copy.




The problem is that the CLR does not perform the normal DLL loading steps - like mapping the dlls separate sections into different pages, adjusting fixups, etc. When an assembly is loaded from raw bytes, those raw bytes are mapped into memory as is, and only managed meta-data is read. No amount of evidence or security settings will change this behavior.

问题是CLR不执行正常的DLL加载步骤 - 比如将dll分隔成不同的页面,调整fixup等。当从原始字节加载程序集时,这些原始字节按原样映射到内存中,并且只读取托管的元数据。没有任何证据或安全设置会改变此行为。