goblin icon indicating copy to clipboard operation
goblin copied to clipboard
verified publisher icon m4b

PE: Add parser for .NET CLR

Open kkent030315 opened this issue 1 year ago • 1 comments

  • Addresses issue #315

Added CLR parser implementations as proposed in the issue.

  • [x] Added .NET signature and COR20 header, storage header and metadata header parser.
    • [x] Added MVID (GUID) ~~and PK token (Public Key Token)~~ parser.
  • [x] Added CLR sections parser.
  • ~~Added CLR tables parser.~~
    • Requires full re-implementation of IMetaDataTables where originally written in hard C++
  • ~~Added CLR imports parser.~~
    • Requires full re-implementation of IMetaDataImport where originally written in hard C++

kkent030315 avatar Nov 03 '24 11:11 kkent030315

Turns out that CLR imports and tables parser requires very complex implemenetations and I think it should not be implemented in goblin, it's up to consuemrs handle it in upper implementations, it at least should be enough to expose fundamental datas for that. So I am marking this as ready-for-review.

kkent030315 avatar Nov 05 '24 09:11 kkent030315

I don't have the time right now to review this, but I assume this is something we want in? if yes, needs rebasing, and i'll try to get to it next week

m4b avatar Jun 16 '25 04:06 m4b

@m4b Yes, please. Thank you so much for your time :)

kkent030315 avatar Jun 16 '25 07:06 kkent030315

@m4b Done :)

kkent030315 avatar Jul 18 '25 10:07 kkent030315

ok this has some minor conflicts, once rebased we can merge!

@kkent030315 you've done so much incredible work on the PE end I'd like to add you as a crate author, and also ask if you'd like to be the default PE backend maintainer? We/I don't really have a formal structure in this repo/crate, so what that generally means I guess is that I'd default to your expertise on the PE format in structure and how it's used "in the wild", and otherwise I'd just do basic code review (as I do today), primarily style, sometimes perf, and these days mostly whether something is breaking/some new public interface we may want/not want to support. After a while I might not even do that, and we could talk about merge rights, etc.

If you have any other questions, feel free to email me directly as well, and we can correspond in that manner if you like.

Anyway, hope you're having a good weekend, and again, thanks for all your hard work!

m4b avatar Jul 27 '25 06:07 m4b

@m4b Hey, thanks for the proposal about being a maintainer of this great crate. It's better to discuss that matter further on an email and I am definitely interested in. Thank you for spending your time on reviewing my code (uh sometimes I do some idiot things). Much appreciated!

(Also done a rebase)

kkent030315 avatar Jul 27 '25 07:07 kkent030315

NB: backwards compatible

m4b avatar Aug 15 '25 01:08 m4b