为什么没有不安全的关键字此代码的工作？ [英] Why does this code work without the unsafe keyword?

问题描述

在回答自己的< A HREF =htt​​p://stackoverflow.com/questions/791498/how-to-steal-private-data-in-net/>争议问题，的 已经说明，你不需要醪不安全的关键字直接读取和写入任何.NET对象实例的字节。你可以声明以下类型：

In an answer to his own controversial question, Mash has illustrated that you don't need the "unsafe" keyword to read and write directly to the bytes of any .NET object instance. You can declare the following types:

   [StructLayout(LayoutKind.Explicit)]
   struct MemoryAccess
   {

      [FieldOffset(0)]
      public object Object;

      [FieldOffset(0)]
      public TopBytes Bytes;
   }

   class TopBytes
   {
      public byte b0;
      public byte b1;
      public byte b2;
      public byte b3;
      public byte b4;
      public byte b5;
      public byte b6;
      public byte b7;
      public byte b8;
      public byte b9;
      public byte b10;
      public byte b11;
      public byte b12;
      public byte b13;
      public byte b14;
      public byte b15;
   }

然后你就可以做这样的事情的变化是不可改变的字符串。我的机器下面的代码打印栏

And then you can do things like change an "immutable" string. The following code prints "bar" on my machine:

 string foo = "foo";
 MemoryAccess mem = new MemoryAccess();
 mem.Object = foo;
 mem.Bytes.b8 = (byte)'b';
 mem.Bytes.b10 = (byte)'a';
 mem.Bytes.b12 = (byte)'r';
 Console.WriteLine(foo);

您也可以触发的用相同的技术破坏的对象引用AccessViolationException

问：我认为（在纯管理C＃代码）的不安全关键字必要做这样的事情。为什么这里没有必要？ 这是否意味着纯管理安全的代码是不是真的安全呢？

Question: I thought that (in pure managed C# code) the unsafe keyword was necessary to do things like this. Why is it not necessary here? Does this mean that pure managed "safe" code is not really safe at all?

推荐答案

确定，就是讨厌...利用共用的危险。这可能工作，但不是一个很好的主意 - 我想我把它比作反射（在那里你可以办最多的事）。我很想看看这部作品在一个受限接入环境 - 如果是这样，它可能是一个更大的问题...

OK, that is nasty... the dangers of using a union. That may work, but isn't a very good idea - I guess I'd compare it to reflection (where you can do most things). I'd be interested to see if this works in a constrained access environment - if so, it may represent a bigger problem...

---

我刚刚测试过没有完全信任标志，并且运行时拒绝它：

I've just tested it without the "Full Trust" flag, and the runtime rejects it:

未能从程序集加载类型MemoryAccess'
'ConsoleApplication4，
版= 1.0.0.0，文化=中立，
公钥=空'，因为对象
在重叠，偏移量为0和
集必须是可核查

Could not load type 'MemoryAccess' from assembly 'ConsoleApplication4, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' because objects overlapped at offset 0 and the assembly must be verifiable.

和有这个标志，你已经需要高度信任 - 让你已经可以做更多的讨厌的东西。字符串是一个稍微不同的情况下，因为他们是不正常的.NET对象 - 但也有办法变异他们其他的例子 - 在联盟的方式是一个有趣的，虽然。另一个哈克的方式（有足够的信任）：

And to have this flag, you already need high trust - so you can already do more nasty things. Strings are a slightly different case, because they aren't normal .NET objects - but there are other examples of ways to mutate them - the "union" approach is an interesting one, though. For another hacky way (with enough trust):

string orig = "abc   ", copy = orig;
typeof(string).GetMethod("AppendInPlace",
    BindingFlags.NonPublic | BindingFlags.Instance,
    null, new Type[] { typeof(string), typeof(int) }, null)
    .Invoke(orig, new object[] { "def", 3 });
Console.WriteLine(copy); // note we didn't touch "copy", so we have
                         // mutated the same reference

这篇关于为什么没有不安全的关键字此代码的工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！