What is safe way to load managed library by unmanaged code?

[Perplex]

I have a library developed by VC++ I want load and call to export the library by unmanaged code such as C# without detecting by AntiVirus and Firewall and without extract the library to hard disk.

Edited January 6, 2016 by Perplex

[mrexodia]

Loading an unmanaged library in a managed environment is inherently unsafe.

[simple]

7 hours ago, Mr. eXoDia said:

Loading an unmanaged library in a managed environment is inherently unsafe.

... why? I do this all the time and nothing is "unsafe" about it, it's quite common..

[mrexodia]

@simple That you do it all the time doesn't mean it's safe. If you go from a managed context to an unmanaged context then it's unsafe because you can change things in the managed context that you couldn't change without going to an unmanaged context. Obviously it can be very useful/common/whatever to call unmanaged methods, but it's not safe.

[kao]

@Mr. eXoDia and @simple: "safe" or "unsafe" - that was not the question..  

 

 

On 1/6/2016 at 9:09 PM, Perplex said:

I want load and call to export the library ..  without extract the library to hard disk.

Attached is @Kurapica's code from 

 

That should do the trick. But in general, loading DLL from memory is a bad, bad idea. Lots of antiviruses hate that.

 

Final.rar

[simple]

kao, indeed, but evading the AV is something they need to learn on their own!

mr.exodia, i don't believe u, MS have explicitly said it's OK and designed parts of the language to do this. But the people who wrote the language are wrong? There's no such thing as unsafe code, just unsafe coders.

 

 

[mrexodia]

@simple You don't have to believe me you should just look at the arguments I present, not take my word for anything. I believe that it is unsafe to load an unmanaged DLL in managed code. If you load an unmanaged DLL in a managed context you could get all kinds of unexpected behaviour. You can hook the JIT, change IL code and do all kinds of shit that I would not describe as safe. There are also no checks whatsoever for the integrity of the unmanaged DLL so people thinking they can verify their strong name by calling the unmanaged StrongNameSignatureVerificationEx from mscoree.dll should think again.

@kao You're right, the author edited 'safe' out of his post so now the question is not about safe anymore  Oh it's still in the title. YAY

Edited January 9, 2016 by Mr. eXoDia

[simple]

99% of coders code to solve real world problems, they have nothing to do w/security/reversing/hooking jit/changing il, the tiny 1% u see here do that & yes it's unstable. A normal coder would never do any of that, and for 99% of people it's safe.

[Kurapica]

One of the methods you can use and still be a law abiding citizen is COM.

you can make your managed code callable by any COM consumers Delphi or C++ or even VB 6 !

http://www.codeproject.com/Articles/12673/Calling-Managed-NET-C-COM-Objects-from-Unmanaged-C

Another way is to use DllExport for .Net, an addin for visual studio : https://www.nuget.org/packages/UnmanagedExports

I had a third way to do this but unfortunately the document is lost.