[Mono-list] mscoree.dll

t3rmin4t0r funwithpnet@yahoo.com
Thu, 28 Mar 2002 23:20:35 +0530


On Thu, Mar 28, 2002 at 12:10:58PM -0500, Miguel de Icaza wrote:
> > Is there anyone working on building a mscoree.dll wrapper for the windows
> > version of mono?
> 
> What does mscoree do?  Does this contain the hosting interfaces?

    From what I could understand (from the W32.Donut scare), is that
mscoree.dll is the Microsoft Core Execution dll. The Redmond name for
this new entry to DLL hell is "Common Language Runtime Execution Engine
1.0 ".

It contains this COM+ exported function _CorExeMain(). This loads up the 
runtime and runs the .NET EXE . That's how the doubleclicking the EXE works 
in all windows versions. Also contains _CorDllMain() & _CorExeMain2() which
are mentioned without any further information.

    It was this loophole (ie the PE header invoking the COM+ export),
that allowed W32.Donut to execute any DLL export while remaining undetected
by Antiviruses due to the extra header. Also the Code Access Security 
comes into play *after* mscoree.dll loads -- so not secure in that way
either.

    I think W32.Donut source code is still running fast on FreeNet --
be warned of variants that may contain destructive payloads (or Kernel32
calls). 

t3rmin4t0r

PS: that just comes the the ubquitous "Don't run any untrusted Exe files".
-- 
******************DISCLAIMER******************
*      not yet another Mono contributor      *
**********************************************