• 0

Deploy .NET w/o the Framework


Question

Just thought I would post this, as the app/methods employed are pretty interesting for .NET devs. The samples on the page are interesting, as well.

Salamander .NET Linker and Mini-Deployment Tool

Salamander .NET Linker and mini-deployment tool allows you to link .NET assemblies together into a single file, and to deploy your application without installation of the whole Microsoft .NET Framework. The linker selectively links MSIL code putting together only the required classes and methods, and it is capable of linking into the Microsoft .NET framework class libraries. The mini-deployment tool then builds a minimum set of the Microsoft .NET runtime to ship with your application. This usually results in installation size of a few mega bytes, rather than tens of mega bytes, and the installation takes much less time without rebooting machines. The mini-deployed application can be launched directly from a CD, absolutely without copying files or adding registry entries.
The mini-deployment tool puts together the minimum set of CLR runtime files and dependent assemblies that can be simply copied to a single folder on a target machine, and your application runs as if the whole framework is installed. Since the installation is isolated into a single folder, there will be no conflicts with future .NET installation. When linking is used for the dependent assemblies, it will further reduce the file size.
Link to comment
Share on other sites

Recommended Posts

  • 0

Having read Joel's article, I'd say Joel doesn't much about .NET. The great thing about MS is that you won't have to abandon Win32 or Winforms when Longhorn arrives. They aren't changing their mantra of backward compatibility. You won't have to update any of your .NET apps because you can run them side-by-side. All the old APIs will still be there from everything I've read.

MS isn't stupid. I think Joel's just ****ed off because he's one of the VB-Classic developers that feel left behind. ;)

And regardless of what he says, there will always be a need for rich client apps. The net is not the second coming. And just because he's not embracing .NET doesn't mean others aren't. There are quite a few folks that see the benefit of .NET.

Link to comment
Share on other sites

  • 0

You're all wrong! C and the GTK+ API system 0wnz j00! :rofl: :p j/k

But, .NET isn't bad. I prefer C and the GTK+ API system, so I know they can be ported to other operating systems easily.

But if you use just code for Windows, the .NET framework is fine. I see no need to argue over it. And the .NET program without the framework is just dumb.

:wacko:

Link to comment
Share on other sites

  • 0
None of your points are any more relevant than they were:

Different somehow than when MS releases upgrades and service packs for operating systems?? Much software is only compatible with specific minimum service packs.

...

(full post 6 posts back)

Awesome post...

Thanks for saving me the trouble of having to type a response to him... Hopefully he gets a better understanding og .NET and compter software in general.

Link to comment
Share on other sites

  • 0
Thanks for saving me the trouble of having to type a response to him...

LOL I was going to just respond to one of the more ludicrous points and then say the exact same thing, "someone else respond to this nonsense"

Link to comment
Share on other sites

  • 0

I find a lot of people have a problem about upgrading, for example, my boss hate's ms, so he wont spend money to upgrade from the old systems, so we are still stuck on win98 with office 97, the annoying fact is the problems we are having could be solved by upgrading to newer releases.

With the .net framework, people don't want to upgrade because they say it will break apps, or crash their system, it wont break apps because of SxS, and it wont crash their system, because it doesn't install system level components (i don't know what the person who said it installed device drivers was on about), the reason .net apps load isn't because the system loads the program through some .net stuff the framework installed, it's because when you compile a .net app, it adds a small stub to the beginning that loads the .net framework in-process.

Their is no problem with installing the .net framework, if you have a thing about upgrading, your the one stuck with the security holes and stuff, the people who upgrade their systems wont have problems, don't go complaining about having to upgrade every so often, it's not to cause you misery, it's to fix problems and security flaws you have been having.

Ok, im done.

Link to comment
Share on other sites

  • 0
It's certainly possible that there's a security flaw in the runtime that could allow an elevated privilege attack. But as I said, hackers hardly need .NET to pull something like that off now. I don't really see how putting .NET on your computer makes it any less secure than it already is with the current crop of ActiveX/scripting flaws that are in IE.

It's obvious that having less installed is safer than having more installed. Having ActiveX is bad enough but having .NET installed just creates more weak chains to be exploited. The .NET Runtime is probably written in C for performance and is likely to have vulnerabilities that are yet to be discovered.

Well, by your logic, you shouldn't install a web browser or an email client or an IM client or any other application that connects to the Internet on your computer. Ever. All of those things contain "code that can get exploited." Even "the most secure browser," Mozilla, has security flaws. Since you are visiting this site in a web browser, you're obviously willing to make your computer less secure by installing those kinds of apps, so it seems to me that you're just FUDing here.

It is logical not to install applications that you don't use. If you're going to use a browser or email client then you will have to install it to use it. But if you're not going to use any .NET applications then you shouldn't install the framework. Installing it for no reason just makes unnecessary entry points for hackers to exploit. I don't see how Aldo was trying to spread FUD.

For all those about to scream .NET wont ever be highly welcomed in the Open Source world. MS made .NET a standard prior to releasing .NET 1.0 as well as the fact Novell has invested tons into .NET on Linux and other platforms. They plan on rewriting Gnome to be 100% .NET code in a few years...

We'll see how interoperability goes in the future. Microsoft didn't submit the .NET libraries to the standards' bodies and so there may be a schism if the Open Source supports Open Source libraries and MS supports .NET libraries. We'll also see how MS juggles their patents and whether they'll put pressure on the Open Source community in the future.

Link to comment
Share on other sites

  • 0
It's obvious that having less installed is safer than having more installed. Having ActiveX is bad enough but having .NET installed just creates more weak chains to be exploited. The .NET Runtime is probably written in C for performance and is likely to have vulnerabilities that are yet to be discovered.
Quite possible. But so far it hasn't happened. And so what if it did? My point is that there are plenty of apps that people use ALL THE TIME that have security holes that are far worse than any in the CLR could be (visit an infected web page in an unpatched version of IE... just VISIT A PAGE and your system can be compromised).
I don't see how Aldo was trying to spread FUD.

Because he's crying "the sky is falling" about security holes that are entirely THEORETICAL. The Framework may have security flaws in it. But then it's entirely possible that a vulnerability will NEVER be found in it. It's been almost three years so far an not a single flaw has been made public (that I am aware of). Meanwhile, he's using a browser that has KNOWN security flaws to post his comments about the Framework's shoddy security! I certainly see FUD there; why don't you?

Edited by dannysmurf
Link to comment
Share on other sites

  • 0
The .NET Runtime is probably written in C for performance and is likely to have vulnerabilities that are yet to be discovered.

The entire .NET framework is written in c#, the only unmanaged stuff is the c# compiler (and mabye others) the jit compiler, shfusion.dll (mabye) and the unmanaged stub in every .net app that loads the .net framework.

Link to comment
Share on other sites

  • 0
The entire .NET framework is written in c#, the only unmanaged stuff is the c# compiler (and mabye others) the jit compiler, shfusion.dll (mabye) and the unmanaged stub in every .net app that loads the .net framework.

He's right, and you can prove it yourself. Run ildasm on any of the .NET class libraries (System.Collections.dll, System.Windows.Forms.dll, Microsoft.VisualBasic.dll, etc) - they're .NET binaries.

By it's nature, the JIT must be coded for the platform it's running on, be that x86 or IA64 or whatever.

The C# and VB compilers themselves could even be coded in .NET if Microsoft would do so, there's nothing preventing that.

Link to comment
Share on other sites

  • 0
The C# and VB compilers themselves could even be coded in .NET if Microsoft would do so, there's nothing preventing that.

Yeah, the only reason the c# compiler is managed was because there was no .NET framework to compile against when they were originally writing it, but they can now since it's at a 1.1. stage (or 2.0, they could even have done it with 1.0)

(That comment was a general comment, it wasn't targeted at gameguy, he knows his stuff)

Link to comment
Share on other sites

  • 0

The .NET 1.0 C# compiler was already managed code, and it wasn't hard to do either. Once you've got a C# compiler prototype (which is reasonable considering the really long development and beta time of .NET 1.0), you can rewrite a non-prototype one in the language and compile it with the prototyped one.

Even the Mono C# compiler was compiled by itself once the prototype became stable.

Link to comment
Share on other sites

  • 0

I ran csc.exe through ildasm, it said it didn't have a CLR header and could not be disassembled, so i don't think the c# compiler is actually managed.

Unless the real compiler bit's are in a separate assembly.

Link to comment
Share on other sites

  • 0

The csc.exe is 50k in my .NET 1.0 folder. As soon I start it, it loads the CLR. Then again, after checking it, the cscomp.dll is native. Strange. I have to check the 1.1 and 2.0 frameworks.

--edit: Indeed unmanaged. I wonder how that'll change with the Phoenix framework.

Link to comment
Share on other sites

  • 0

It probably loads the CLR to get metadata from assemblies, i don't know how to do it in unmanaged code (I'm guessing it's hard), but with reflection in .net it's easy.

Also, what is the Phoenix framework?

Edit: Does the 2.0 framework have many bugs?, dont worry, found out you can uninstall it and where to get it from.

Edited by The_Decryptor
Link to comment
Share on other sites

  • 0

em_te...

It's obvious that having less installed is safer than having more installed. Having ActiveX is bad enough but having .NET installed just creates more weak chains to be exploited. The .NET Runtime is probably written in C for performance and is likely to have vulnerabilities that are yet to be discovered.
You should read up on what i have said previously on .NET security in this thread. What you are saying makes very little sense...
It is logical not to install applications that you don't use. If you're going to use a browser or email client then you will have to install it to use it. But if you're not going to use any .NET applications then you shouldn't install the framework. Installing it for no reason just makes unnecessary entry points for hackers to exploit. I don't see how Aldo was trying to spread FUD.

It is agreed that you shouldnt install things you dont need, but with the increase in applications written on the .NET framework having it installed can make it easier on users. Again installing the .NET framework isnt more of a "Security hole" than installing the OS itself (which .NET is far more safe than). Read up on what i have said or on .NET security in general before you run off at the mouth with lies.

We'll see how interoperability goes in the future. Microsoft didn't submit the .NET libraries to the standards' bodies and so there may be a schism if the Open Source supports Open Source libraries and MS supports .NET libraries. We'll also see how MS juggles their patents and whether they'll put pressure on the Open Source community in the future.

Huh? Again you show your extreme lack of knowledge in .NET...

MS released .NET as a standard as i already said (if you are technical enough you can read both standards documents here (C# Spec.) and here (CLI Spec.)). Those standards are what Mono is built upon. That is the reason Mono based apps CAN run on the MS .NET Framework and vice versa (provided Mono supports the librarys being loaded as Mono isnt complete yet). Your argument is very largly unfounded and i recommend you learn what .NET is before you spill lies as i said above.

Maybe one day we will get true techs speaking on tech related topics. I'm getting very very sick of these self proclaimed techies that know nothing of what they choose to speak on. Heres a nice hint of advice...

If you dont know what your talking about, don't talk about it!

Link to comment
Share on other sites

  • 0

Frazzel: sadly you are forgetting that Microsoft doesn't have to submit future versions of the .NET spec to standards bodies. They can cripple the Mono project if they want (and I'm sure they will if it takes off and provides MS with a huge headache).

I think it is obvious that MS is getting pretty desperate to convert programmers over to .NET.

As for your 'true tech' comment (which is plain stupid), how about Joel Sposky? Is he not 'true tech' enough? Read his articles (http://www.joelonsoftware.com/articles/APIWar.html) and tell me if you still agree with yourself.

Link to comment
Share on other sites

  • 0
Frazzel: sadly you are forgetting that Microsoft doesn't have to submit future versions of the .NET spec to standards bodies. They can cripple the Mono project if they want (and I'm sure they will if it takes off and provides MS with a huge headache).

I think it is obvious that MS is getting pretty desperate to convert programmers over to .NET.

As for your 'true tech' comment (which is plain stupid), how about Joel Sposky? Is he not 'true tech' enough? Read his articles (http://www.joelonsoftware.com/articles/APIWar.html) and tell me if you still agree with yourself.

Mono is playing catchup to future versions of .NET true, but they only have to implement features. .NET itself is standard enough for them to only copy MS made features which isnt that hard as they dont have to "Reverse Engineer". MS also wouldnt gain any benifit of killing Mono the more developers on .NET the better, whether they are developing for windows or not. You have to remember .NET was created to beat Sun Java it cant do that being Windows only. MS dosent want to code for alternative OS's themselves which is why they made .NET a standard its up to the community to take it to other platforms.

MS is desperate to convert developers to .NET because they want to get the Win32 API as far behind them as they can its ages old and becoming a mess to maintain. In the Win32 API for them to keep applications running they have to support features they did in 2000 for instance in the XP version. WIth .NET they can easily just have the .NET flavor from 2000 installed and then flavor for XP and apps only using the relavant one that makes maintaining the API easier and less buggy (the references to 2000 and XP were comparisons of 1.0 to 1.1 though they both run on both OS's, it was more of a hypothetical comparison)

I read that article and Joe dosent have a very solid understanding of what .NET is and how it works...

My comment on "true techs" was simple, a "true tech" is someone who knows about the subject hes speaking on. If you dont know about .NET dont talk about it like you are an expert in it. That dosent mean they arent a awesom tech in administering Windows for instance. I'm just saying im tired of people talking about what it is they dont know about and then passing it off as if they know everything.

Link to comment
Share on other sites

  • 0
If you dont know what your talking about, don't talk about it!

For some reason using that always provokes offense.

See here for another example of why you should never take anything here at face value. And after reading that, guess what card I'm using in my system

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.