Buy Me a Coffee

Buy Me a Coffee!

Tuesday, March 7, 2017

Reading Structured Binary files in C#: Part 12

Now we pick up in the .text section at the CLR Runtime Header.  It has the following structure:
CLR Header Structure
so we can go back to the Marshall method of reading the data.  Here is the code for the CLR Runtime Header:

We read it in the same way that we have been reading it, and we test it as before.  Check out the code on GitHub if you want to see the implementations.
That was a quick one.  The next one will be quick also, the Strong Name Signature Hash.  It is pointed to by a value in the CLR Runtime Header, so we break the value we have into the RVA and size and read it.  Since the size is variable, we will treat it somewhat like we did the Import Address Table.  Well, I thought that we would.  When I pulled our the RVA and size, they didn't quite make sense.  I am having to dig into it a little deeper and see if there is an error, or simply something that I overlooked.

We are looking good and making good progress!

Last night I found a book that goes through a similar process to the Dissecting article seriese that I am doing called C# Deconstructed.  It goes into more depth about the underlying virtual processor and looks quite interesting.