Introduction
There are some very nice areas in the CLR, for example the whole area of reflection. Nowadays, developers use reflection, its functionalities for their projects. But it's nearly impossible to know all about these functions.
So I made some test just on the Assembly.LoadFrom and played around with it...
Basics
Private Sub Test()
Dim extAssembly As System.Reflection.Assembly = _
System.Reflection.Assembly.LoadFrom("c:\WindowsApplication2.exe")
Dim extForm as Form = _
extAssembly.CreateInstance("WindowsApplication2.Form1", True)
Me.AddOwnedForm(extForm)
extForm.Show()
End Sub
For those who use system reflection, there is a common piece of code. We load an external assembly from the file system, create an instance of the form within that assembly, and add it to our Forms collection to display it later on.
Naming of the assemblies
Now, if we use references in our projects, we can only reference DLL files. But with System.Reflection, we can refer to any file name. We can give our files any name and it works. This makes hacker's life a bit more complicated.
Dim extAssembly As System.Reflection.Assembly = _
System.Reflection.Assembly.LoadFrom("c:\x.yz")
Use a web reference to the assembly
We are able to just use a URL instead of locating the assembly in our own network.
Dim extAssembly As System.Reflection.Assembly = _
System.Reflection.Assembly.LoadFrom("http://www.myweb.ch/" & _
"myTest/WindowsApplication2.exe")
And it works - yes, it works very fast. Now think about using a password protected feature within your app before you download the assembly from the web. And think about the way it works - there is no local assembly. It is just loaded within your app domain, and after you close your application, nothing will be found on the users hard drive. This way, one is not able to de assemble your code or use it on his own with System.Reflection- as long as he does not know where it is....
Use a webpage
This is the most coolest part of it. Instead of directly referencing the assembly, we are calling a webpage on our Web Server (for test purpose just do with classic ASP) and suddenly, we see a wide range of potential in it.
Dim extAssembly As System.Reflection.Assembly = _
System.Reflection.Assembly.LoadFrom _
("http://www.myweb.ch/myTest/CallMyExe.asp")
The content of our callmyexe.asp is that easy:
<%@ Language=VBScript %>
<%response.redirect
"http://www.myweb.ch/mytest/windowsapplication2.exe">
But you'll see the following potential within it:
- Generate a URL that also provides some security information. (i.e. any keys.)
- Our website can check some security as well. (i.e. check the calling IP.)
- We use some parameters in our URL so that the webpage decides what kind of assembly we receive.
- We can store our assemblies within a database and give them back - and our directories do not contain any of the assemblies.
- At least, with CodeDom, we are able to generate an assembly ad hoc and give it back to the caller.
So, have fun making your own tests.
On software development since 1992, going through the different steps from mainframe computing with VMS/Vax over VB4-6, Access and SQL server, Cold Fusions and ASP programming to my currently status as Chief Solution Developer for Smartclient and Client/Server development with vb.net and SQL Server. MCSD and some other stuff.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
. "Ofusqued" is a one word mixed from "Ofuscator" & action verb(in Spanish= spanglish 
). My question is: when I'm used the "ofuscator" with my exe compiled filed, i can read this file with assembly library (loadfrom, invoke etc...) from another project??