Geek Answers Handbook

How can I sign an external DLL while maintaining assembly metadata?

I have several libraries that I use in my unsigned project. Since my application is strictly signed, libraries should also be.

I sign these libraries using:

"%PROGRAMFILES%\Microsoft SDKs\Windows\v7.1\Bin\ildasm.exe" /nobar /all /out=library.il library.dll "%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" /dll /key=MyKey.snk library.il

The problem is that any metadata, such as version numbers, is lost in an already signed DLL. This is a problem because now some dependencies between the libraries are broken. How to save version numbers without resorting to actually compiling the source code of these libraries?

UPDATE

This is actually a specific DLL that shows this problem, and I found out that it is built using ILMerge. Perhaps this is causing the problem. To be clear: the DLL created by ILMerge has the correct metadata, only after disassembling and reassembling the metadata disappears.

UPDATE 2

I opened the DLL in Reflector, and it turned out that at least the version number still exists. I constantly checked the properties / file properties tab of the file in Windows Explorer. Therefore, I believe that this is a manifesto that is missing.

+6
ilasm
source share
2 answers

I wonder why this is happening. I have good experience compiling round-trip using ilasm and ildasm on unsigned and signed assemblies. Can you check the metadata output with ILasm, still contains version information (at the bottom of the build area):

 .assembly ConsoleApplication1 { //... .hash algorithm 0x00008004 .ver 1:0:0:0 }

Just checked, it "works on my machine" (using the same command line switches as you).

What will really be lost is the FileVersion attribute (the one you see in Windows Explorer when you hover over an assembly). AssemblyVersion is still present and correct . Maybe you confuse these two? For information binding, only AssemblyVersion is important. See SO post for more details.

Hope I can help, otherwise you will need to provide more context.

+4
source share

If you have the source code, just recompile the libraries with strong names - disassembling and reassembling usually works very well, but it's still a hack.

In order to maintain dependency between working libraries, you need to update the links in the .il code to use the public key of the assembly they are referencing, otherwise they will try to reference the unsigned version of the assembly and thus load it at run time.

You can do it manually, but it gets very tedious after 2 or 3 builds. A quick fix for this is the signer , which addresses the many difficulties you are facing and does an excellent job - usually pretty quick and clean.

(Note that it is currently built against the old version of .NET. If you are using C # 4 / .NET 4 assemblies, you need to download the source, change it to the target .NET 4 and rebuild it to get signer.exe. which will correctly handle .NET assemblies 4).

+1
source share

More articles:


All Articles