Browse All Articles
> What to do when you want to apply a strong sign to a DLL without a source code.
This article is neither here to teach you how to crack a DLL nor to encourage you to do so. However, this is a situation that can occur often with legacy applications.
It is not uncommon in mature systems that iterate through many generations of versions to end up with DLL's that are either missing some or all source or it might be difficult to easily replicate the build environment. When security wasn't as important is it is now, signing DLL's wasn't an important portion of the workflow.
Therefore, we need this little tip to be able to sign a DLL without a source code.
In order to execute the task you need the following linking tools;
Both are in the .NET SDK. The path will usually be something like this depending on which version of the SDK is installed: C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin or they can be found in the .NET runtime installation path. Here is the path for .NET 2.0: C:\Windows\Microsoft.NET\F
1) You will need to use .NET SDK to create a new key. you can do this by either within the Visual Studio IDE or using the command prompt by typing "sn -k example.snk". Be sure to record the path where you keep this key.
2) Using the command prompt, go to the folder with your DLL. Copy ilasm.exe and ildasm.exe to the same directory and also the previously created key file. (In this case example.snk)
Note: if you have your environment variables set up to .NET SDK then you don't have to copy these programs or you can reference the path explicitly.
3) Type “ildasm example.dll /out=example.il” to decompile the DLL into IL format with the resource file that we will use later to be attached with the key file
4) Type “ilasm example.il /dll/resource=example.res /key=example.snk /optimize”. This command recompiles the DLL with the il file, resource file and the new key file together.
5) Validate the strong name by using "sn -v example.dll" from the command prompt.
You now have a strongly typed DLL that can be safely signed in any application without source code or recreating a build environment.