It’s so cool to see stuff like this! I remember many moons ago I created a way of loading other assemblies with WebForms into my main WebForms project. We had some huge forms with many files that all had same structure so I created a project template for it and the main project would load it dynamically using virtual routes. It was kind of a reflection hell and I don’t remember how I even did it, but it felt so good when it worked!

Not sure that this one is for me. I always try to maximize obvious-ness in my code so that the next programmer (or the future me) will have an easy time understanding it. Launching a block of code through an environment variable value is very cool, but way too magical for what I value which is obvious-ness. Comments could help, but I've met many junior programmers who are too proud or lazy to read the comments. I will however start logging the value of that environment variable in my startup code, just in case some other member on my team doesn't share my aversion to magic. Thanks for another great video!

4:20 I see absoloutly no malicious use cases for this feature 👍👍

you know what? I never understand your videos but watch like crazy. I wish to be a developer like you. Love and peace from Afghanistan.

I was waiting for something like this!! Don't shy out to make more content like this!

This feature while cool, it seems to me like a malware paradise. A malware can use it to hide itself from Task Manager, operating from inside random non-malware processes. Also it can read everything including passwords and encryption keys from within the process.

So I've always poked around dotnet (around version 3) and really loved the syntax and especially love powershell. But since I discovered your channel, I've moved from casual programmer, to whatever the next level is. Coinciding with my new obsession with microcontrollers, you've really just made what would have been an insane amount of hours of staring at code a much smoother process. Like, you make advanced stuff digestable. Thank you!!

i've done this before, you can also use c# compiler to generate assembly directly to memory and execute it from there, therefore you could run c# code (not dll) directly from your application

Great content, as usual! And regarding the workshops, I am very happy to see you're coming to Iași, a beautiful city in Romania. Actually it is the former capital of Romania and the 2nd largest in the country, with a big community in IT industry. This is why I believe it deserves to be mentioned in your announcements, next to "dotnetdays", the same as all the other more known cities.

I'm happy to know how hooks works. And also hapy that probably I'll never use it. The fact that you can't use nuget packages installed dirctly into the hook library is a serious disadvantage. For me hooks are relatated to the platform infrastucture. And from architectural point of view if I'm not required to use it I'll just not use it or at least not with hooks.

Never seen this before, thank you for showing this to us.

Did not know about this. Very surprising!

Very cool, this will definitily come in handy. I knew about the assembly resolver, but not so much about the hooking. Also i didn´t knew that you could redirect the console logging like that - i like that. Thanks for sharing.

I wish I knew this existed before. I have been loading libraries using an interface and reflection. And pointing to the dll from appsettings

I love how this is available, and it seems mature enough for most scenarios that involve basic application intermediation like status and health logging. Most other purposes would be better to directly include in the source project that is being hooked. That being said I wonder, is that functionality abstracted anywhere? I believe that there's a lot of boilerplate just to get some key parts of the hook running like the assembly context loader

Great content, as always! Could you do a video about plug-ins? I am interested if it's possible to deploy custom logic to client apps as optional libraries.

So it's a sort of plugin architecture that has only one hook but it's available in any .NET application. Would be cool to see this generalised to simplify adding plugins !

has there ever been a video on PipeReaders/pipelines, Channels, SequenceReader, this kind of stuff? maybe there was one on ArrayPool/MemoryPool

Hi, i love your videos. I have two questions: - If i want to prevent code injection by this way, can i clean environment variable at Program? - What's happen if hook throw a exception? The entire application will shutdown? Thank you!

.net framework was comparatively safe when it comes to vulnerabilities and RCE. This one feature will turn that around for sure. its only time before this feature becomes the Achilles heel for dotnet core.

You can take this one step further and inject services at application startup. Dotnet uses this in their SpaProxy nuget package. You can see it in action by creating a new React web app template.

I ussualy set 1,5x speed codding videos on youtube but i dont need while i watching yours :)

Heck I am going to fetch my metrics and push it to elastic. Even from my legacy projects. Incredible!

Wauw, I did not know this. Great content.

Thank you for the vid. I'll definitely try the feature.

Very cool, never realized it had been around so long.

Back to the old days of AssemblyResolver, I used it for dynamic web-service generation and loading in the ASMX days :)

Can you share the terminl setup?

Great video - I can see some fun and very interesting uses for this. Thanks for the video

You seem to be enjoying good performance. Could you describe your hardware setup?

This does not seem to work for a WinUI 3 desktop app packaged with Msix - the environment variable is null... any thoughts, anyone? (Works if commandName is set to Project in the launchSettings.json file)

Does this also work with an already compiled .NET application?

I have been writing dotnet code for a really really long time and had no idea about this. This is pretty awesome!! Is there any official dotnet docs on this feature?

isn't this security risk? just with env variable you can run any code on any .net app start/finish?

For those doing this with Visual Studio; is there any way to stop VS from publishing to Nuget Package? In .NET Framework, it used to just dump the deployed output to the publish folder, but now it wraps it all as a Nuget Pacakge automatically. I can't find any way to make it stop. I don't want a Nuget Package; I just want a DLL file.

Looks great, thanks

I see one use-case: in CI pipeline run all the tests with different cultures (set it in the hook from an environment variable) [side note: you can do this in .NET Framework as well by using IL weaving tools out there]. IMO there is very little reason to use this technique for code you control.

Hi Nick Could you please publish examples of code

Interesting! Never heard of this feature before

Hi Nick thanks for this great video. A question: is the text writer example at the end thread safe? I see that text writer has a wrapper called Synchronized that is thread safe. And not sure of the performance. thanks.

This feature is very interesting!!! But may it could be a vulnerability? If I understood, this allow us to inject any dotnet DLL justing using a enviroment variable, incliding a DLL capable to access the restrict application data, am i right?

Hello Nick, I got a question! Now I'm calling an api using IHttpClientFactory and the api returned for me 15Million record then I have to save them to the db. The problem is the whole process takes a lot of time! like 10Mins or so! I tried BulkInsert and BulkSaveChangesAsync and all other solutions that are available there! even I used Batching! I want this whole operation takes only 1S or so! Can you help in this or suggest someting? btw I'm using EF Core.

Reminds me a bit of Module Initializers.

Games written in Unity that have no official MOD support, often get their 3rd party mods through things like this.

Huh, what if you combine your dependencies into the hook assembly? Wouldn't that mean that it won't need the weird create instance thing you did?

what is that weather.http file?

Do you know if setting the ProcessExit event handler in the startup hook will overwrite a potential ProcessExit event handler that would have been set in the application? Or will both event handlers run?

Hey Nick, this is great, I will be using this, so thanks so much for the introduction to this approach, I think it is very cool, however.... Hot Reload? Is this one of the limitations that you mentioned/hinted towards the end of the video? Slightly off topic,but also related: I have a Blazor WASM project that I've been working on that uses 'AdditionalAssemblies' and hot reload has never worked for me, so I'm curious that if you have figured out or know that this works with Hot Reload, that perhaps I'll be able to figure out a way to get my Blazor app to work with hot reload too. p.s. I have been asking for help on Microsoft forums/posts/github but nothing helpful as of yet...

Thanks for quality contents Nick. I have a completely unrelated query. As I see your terminal screen gives information about current branch name ...etc. I wonder how can I get same functionality ? ( OS : windows ) Thanks

It runs in the same context? What I'm saying is, can I get real concrete objects instantiated in application from this?

Didt know. But interesting)) thnx

Useful hook. I would use it! Only problem is the magic.. but for debug stuff it's worth it. A little limited in the classical ms way, but still cool. I have made a similar thing with events, where I would have static events, construct a class in the program level, which would bind its member methods to the events. When ever any part of the app needed to use it they would just invoke it. I didn't need to keep it as a member any where, in fact I discarded it when new-ing. But this hook is probably better, since app code didn't have to explicitly call it from what I gathered?

where is source code of this

I thought there would be a new course this december 😔

I think this is most useful for modding 3rd party softwares

Nick, Happy New Year! Thank you for great explanation as always. I want to ask, If I could use IApplicationLifetime service instead of this approach, subscribing to it events ApplicationStart, ApplicationEnd? And what is the difference?

So some infrastructure type of developer can significantly change running systems simply by deploying a new DLL. If it breaks everything is broken? If it performs badly we slowed the whole company down? Interesting but very dangerous. There's no contract with the developer to upgrade based on semantic version as with packages. I see huge nightmares ahead.

For the dotnetdays, looks like the dates are incorrect on your link. It says 20-21 october instead of April. Am I wrong ?

As a developer that got the assignment of making sure our codebase have logging this could come in handy. However I just might use it to spam the Primary dev of a solution to get his/her act together and implement logging. Since I've almost done using Roslyn analyzers to go through the codebase and detect this it's not hard to go one step further and creating DevOps tasks for this as pr project and pr Primary/secondary developer.

Thanks

Cool feature, but isn't this a potential security risk as well? Wasn't aware of this beforehand, so learned something new today 🙂

its so cool!

Approved

it is not working

Crazy 😱

Never heard of this feature

Describe Harmony please.

Just knew it, but it looks like a backdoor to me. Is it documented somewhere, I mean officially.

I'm getting a headache just from thinking about the security implications of this feature

This workaround can be applied directly to the nuget package without a need to create a bridge. This is better in my opinion if you don’t have many packages.

I feel this can be use wrongly as well. Might me a security risk

This feels like a great attack vector for unscrupulous people to target.

Very cool, but I can also see this being used maliciously.

hi

thanks I hate it

Another way of complicating things, and obfuscate what is actually going on... 😐

I could not make out half the stuff that wsd being said.. Just mumble mumble mumble..

Very interesting stuff I had no idea this hook exists

Can you slow down a bit. It's very fast explanation

Thanks