... not owning IL, ...
Do you consider using a decompiler (Reflector, dotPeek) or, better yet, the source code for the .NET platform?
Anyway.
In random viewing, he does the following:
In all of the cases below, the current instance terminates with Application.ExitInternal() . This is the essence of the public Application.Exit() method, which returns some security checks / confirmations.
See if it can determine Assembly.GetEntryAssembly() . If it is null , the call to Application.Restart() was most likely made from unmanaged code, and the operation throws a NotSupportedException caller.
See if there is a current ieexec.exe process if it uses it to restart the application (for more information on ieexec.exe see here ). Actually this is also a call to Process.Start() for ieexec.exe , but the command line arguments are not collected by Environment.GetCommandLineArgs() (see below), but by reading the application domain data APP_LAUNCH_URL .
See if the application is a one-time application ( ApplicationDeployment.IsNetworkDeployed ) if it calls the internal CLR internal code to run (re), which is: CorLauncApplication . The only publicly available source code that somewhat resembles the native parts of the CLR is the common-access CLI (sscli), which is based on the .NET 2.0 platform and is also partially incomplete. It contains a definition for this function ( clr\src\vm\hosting.cpp ), but this is just a stub. In the end, he will use some means to restart the process (for example, the Win32 CreateProcess API).
Else: The application is a "normal" .NET application. Environment.GetCommandLineArgs() used to recreate the original command line, and Process.Start(Application.ExecutablePath) used to restart the application.
Using the Application.Exit mechanism to try to end the current instance is probably the reason you consider it untrustworthy. Forms that cancel a submit close event may abort it. Also see this SO question.