> Don't quote me on this since I'm not a PE format guru but I believe > at least on Windows .Net executibles pull a small feature to fake out > the execution environment. When you run or double click on a .Net built > exe file, the system loads the binary where the PE header tells the system > to load a publicly exported "start" function found in mscoree.dll and > from there on out, this is responsible for IL execution. The binary > executible basically does a "redirect" to the IL interpter so the OS > can't tell the difference and handles these binaries like old Win32 > bins.
I don't think that is right. A .NET virus was supposedly written, which modified the header information you speak of, but it was totally ineffective, because it is just stub code. A .NET signature in the PE header just lets the NT kernel know that it is a .NET assembly and the runtime is loaded by the kernel deliberately. This is why the virus didn't work. This is all hearsay, as I am not an expert myself. > So here is the big money question: Can the mono runtime do this? Has > anyone even thought about implementing this? Or does mono already > do this and I've been writing little shell scripts for nothing? :-) There is already a way to do this and use pure Linux convention: See this web page for how to make CLI assemblies run directly from the command line: http://lists.ximian.com/archives/public/mono-list/2002-April/005179.html
smime.p7s
Description: S/MIME cryptographic signature