问题
Is there a way in code to detected whether a DLL is blocked from being loaded because it was downloaded from the internet? I know the caspol.exe
utility can read permissions settings, but I would like to stay in code, if possible.
回答1:
Blocked content is controlled by NTFS alternative data streams and can be removed using a command line utility by sysinternals called streams. This is a quote from Wikipedia on ADS.
Microsoft introduced the Attachment Execution Service that stores details on the origin of downloaded files in alternate data streams attached to files, in an effort to protect users from downloaded files that may present a risk.
It tracks the origin of the file, and hence if it originated from the internet it applies the untrusted security policy. Removing the stream removes the record that the file came from an untrusted source. This has the same affect as right-clicking on the file, viewing properties, and choosing unblock. It's also the same affect as using caspol
to make the dll full trust.
The following creates a zero byte stream associated with the file test.
echo hello > test:stream
The following project on codeproject has some example code for working with them. I believe you need to delete them from unmanaged code.
Accessing alternative data-streams of files on an NTFS volume
来源:https://stackoverflow.com/questions/7326371/detected-dlls-that-are-from-the-internet-and-blocked-by-caspol