Buy Me a Coffee

Buy Me a Coffee!

Tuesday, May 9, 2017

Reading Structured Binary files in C#: Part 15

Time to dig into the Metadata.  The first part is the GeneralMetadataHeader which is defined in the .NET IL Assembler book as:

Type 
Field 
Description
DWORD  
lSignature
“Magic” signature for physical
metadata, currently 0x424A5342, or,
read as characters, BSJB—the initials
of four “founding fathers” Brian
Harry, Susan Radke-Sproull, Jason
Zander, and Bill Evans (I’d better
make that “founders;” Susan might
object to be called a father), who
started the runtime development in
1998.
WORD
iMajorVer
Major version (1)
WORD
iMinorVer
Minor version (1)
DWORD
iExtraData
Reserved; set to 0
DWORD
iVersionString
Length of the version string
BYTE[]
pVersion
Version string

So, where does it start?  If we look back in the CLRHeader, we see the Metatadata field which is an RVA.  Let's see if we can get some data out.  From the beginning, things are not going to be easy.  The iVersionString gives the length of the pVersion which means that a simple deserialize is out.  I am going to create the top 'fixed' portion of the header as normal and then deal with the pVersion string separately.  That means that I am going to use an intermediate structure and implement the actual GeneralMetatadataHeader as a class.  Here is my implementation:

Note that the constructor for the type actually reads in the variable length string.  I might go back and implement the CodeViewHeader in a similar way as this is actually cleaner than I was expecting.  That is enough for tonight, I will get into the actual Metadata streams in the next post.

Keep your code clean!