summaryrefslogtreecommitdiff
path: root/src/vm/pefingerprint.cpp
blob: b02e8a30bbb60b8f796947d8d49b6fba15be8611 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
// --------------------------------------------------------------------------------
// PEFingerprint.cpp
// 

//
//
// Dev11 note on timing of torn state detection:
//
//   This implementation of PEFingerprint contains a known flaw: The MVID/SNHash/TPBand
//   torn state test only occurs after the file is already opened and made available
//   for the runtime to use. In fact, we don't do it until someone asks for a Commit
//   on the fingerprint.
//
//   This is clearly a perversion of the design: however, it was not feasible
//   to do the check beforehand within the current codebase without incurring
//   severe performance costs or major code surgery.
//
//   For Dev11, however, we accept this because of two things:
//
//     - GAC assemblies are installed through gacutil.exe which always timestamps
//       the assembly based on the time of install. Thus, timestamp collisions
//       inside the GAC should not happen unless someone manually tampers with the GAC.
//       Since we do verify the timestamp and lock the file before opening it,
//       it is not a problem that the actual mvid/snhash check happens later than it should.
// --------------------------------------------------------------------------------



#include "common.h"
#include "pefile.h"
#include "pefingerprint.h"





//==================================================================================
// This holder must be wrapped around any code that opens an IL image.
// It will verify that the actual fingerprint doesn't conflict with the stored
// assumptions in the PEFingerprint. (If it does, the holder constructor throws
// a torn state exception.)
//
// It is a holder because it needs to keep a file handle open to prevent
// anyone from overwriting the IL after the check has been done. Once
// you've opened the "real" handle to the IL (i.e. LoadLibrary/CreateFile),
// you can safely destruct the holder.
//==================================================================================
PEFingerprintVerificationHolder::PEFingerprintVerificationHolder(PEImage *owner)
{
    CONTRACTL
    {
        THROWS; 
        GC_TRIGGERS;
        MODE_ANY;
        SO_INTOLERANT;
        INJECT_FAULT(COMPlusThrowOM();); 
    }
    CONTRACTL_END

    return;
}