检测到来自互联网并“被阻止”的 DLL通过卡斯波尔
有没有办法在代码中检测 DLL 是否因为从互联网下载而被阻止加载?我知道 caspol.exe 实用程序可以读取权限设置,但如果可能的话,我想保留在代码中。
Is there a way in code to detected whether a DLL is blocked from being loaded because it was downloaded from the internet? I know the caspol.exe utility can read permissions settings, but I would like to stay in code, if possible.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
被阻止的内容由 NTFS 替代数据流控制,并且可以使用 sysinternals 名为 的命令行实用程序来删除流。这是 ADS 上维基百科的引用。
它跟踪文件的来源,因此如果它源自互联网,它将应用不受信任的安全策略。删除流会删除文件来自不受信任来源的记录。这与右键单击文件、查看属性并选择取消阻止具有相同的效果。这与使用 caspol 使 dll 完全信任的效果相同。
以下创建与文件 test 关联的零字节流。
codeproject 上的以下项目有一些使用它们的示例代码。我相信您需要从非托管代码中删除它们。
访问 NTFS 卷上文件的替代数据流
Blocked content is controlled by NTFS alternative data streams and can be removed using a command line utility by sysinternals called streams. This is a quote from Wikipedia on ADS.
It tracks the origin of the file, and hence if it originated from the internet it applies the untrusted security policy. Removing the stream removes the record that the file came from an untrusted source. This has the same affect as right-clicking on the file, viewing properties, and choosing unblock. It's also the same affect as using
caspolto make the dll full trust.The following creates a zero byte stream associated with the file test.
The following project on codeproject has some example code for working with them. I believe you need to delete them from unmanaged code.
Accessing alternative data-streams of files on an NTFS volume