The other day I read the latest blog post on the Coding The Wheel blog. It was entitled “How to Inject a Managed .Net Assembly (DLL) into another process”. The author is James Devlin, who wrote a series of articles on how to write a poker bot that makes money. I will not go into the details of how you perform this injection. See James’ post for the full details. However I though his outlook on what managed code really means is interesting.
James comes out and says there is really no difference between managed and unmanaged processes. All applications are always unmanaged. Managed just means you have access to .NET, and there is a Just In Time compiler. James’ idea is that an unmanaged application can load the .NET runtime. So the call stack is that an unmanaged DLL loads the .NET runtime, and the runtime invokes your managed assembly.
James did state that loading the .NET runtime was not a trivial task. And somebody who commented on the blog post added that you could have problems if you tried to inject a .NET version 3.5 DLL into a .NET version 2.0 host.
I spent some time trying to get a mental image of what is exactly happening here. The main application James is talking about is truly unmanaged. However it invokes the .NET runtime. So the part in the middle that is injected is actually managed. Perhaps this is a way of an application running both managed and unmanaged code at the same time.
While it is true the application that starts the injection is indeed unmanaged, the code that gets injected is managed. Also I think it is obvious that in the end all code gets executed by the CPU. However this does not necessarily mean that all code is managed. Maybe this is just a semantics issue. However the code that James injects is an assembly that must conform to the .NET framework. In the end it executes as native code. But it is still managed.
This may all be much ado about nothing. However James is one of the first guys that comes out and says that there is no managed code, only native code. Maybe this was the shock value needed to attract readers to the blog entry. That worked in my case.
To Be A Hacker - I read an article on TurboFuture about the 10 most powerful hacking groups. The usual suspects were there. The site gave a blurb about each of the most fa...