Jump to content
Tuts 4 You

What is safe way to load managed library by unmanaged code?


Recommended Posts

I have a library developed by VC++ I want load and call to export the library by unmanaged code such as C# without detecting by AntiVirus and Firewall and without extract the library to hard disk.

Edited by Perplex
Link to comment
7 hours ago, Mr. eXoDia said:

Loading an unmanaged library in a managed environment is inherently unsafe.

... why? I do this all the time and nothing is "unsafe" about it, it's quite common..

Link to comment

@simple That you do it all the time doesn't mean it's safe. If you go from a managed context to an unmanaged context then it's unsafe because you can change things in the managed context that you couldn't change without going to an unmanaged context. Obviously it can be very useful/common/whatever to call unmanaged methods, but it's not safe.

Link to comment

@Mr. eXoDia and @simple: "safe" or "unsafe" - that was not the question.. :) 



On 1/6/2016 at 9:09 PM, Perplex said:

I want load and call to export the library ..  without extract the library to hard disk.

Attached is @Kurapica's code from 


That should do the trick. But in general, loading DLL from memory is a bad, bad idea. Lots of antiviruses hate that.



  • Like 2
Link to comment

kao, indeed, but evading the AV is something they need to learn on their own!

mr.exodia, i don't believe u, MS have explicitly said it's OK and designed parts of the language to do this. But the people who wrote the language are wrong? There's no such thing as unsafe code, just unsafe coders.



Link to comment

@simple You don't have to believe me you should just look at the arguments I present, not take my word for anything. I believe that it is unsafe to load an unmanaged DLL in managed code. If you load an unmanaged DLL in a managed context you could get all kinds of unexpected behaviour. You can hook the JIT, change IL code and do all kinds of shit that I would not describe as safe. There are also no checks whatsoever for the integrity of the unmanaged DLL so people thinking they can verify their strong name by calling the unmanaged StrongNameSignatureVerificationEx from mscoree.dll should think again.

@kao You're right, the author edited 'safe' out of his post so now the question is not about safe anymore ;) Oh it's still in the title. YAY

Edited by Mr. eXoDia
  • Like 1
Link to comment

99% of coders code to solve real world problems, they have nothing to do w/security/reversing/hooking jit/changing il, the tiny 1% u see here do that & yes it's unstable. A normal coder would never do any of that, and for 99% of people it's safe.

Link to comment

One of the methods you can use and still be a law abiding citizen is COM.

you can make your managed code callable by any COM consumers Delphi or C++ or even VB 6 !


Another way is to use DllExport for .Net, an addin for visual studio : https://www.nuget.org/packages/UnmanagedExports

I had a third way to do this but unfortunately the document is lost.


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...