Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add parsing of .NET user types from .NET metadata stream #1605

Merged
merged 9 commits into from
Jun 23, 2022

Conversation

HoundThe
Copy link
Contributor

@HoundThe HoundThe commented Dec 6, 2021

This PR introduces parsing of the user-defined types from the .NET metadata tilde stream. It extracts class names, base types, modifiers, methods with their return types. arguments, etc. (more in the docs). I've been testing the modification with IL/DnSpy and RetDec.

For better code readability and maintainability, as it includes many string concatenations, I've created a simple string-like type in the libyara, that allows me to work with variable strings.

I've also noticed that Bazel tests do not include test-dotnet.c. I wasn't sure why, so I've included it.

I've also included some binary with .NET user type metadata to have something to write tests with, I am not sure what the policy is with including another binary to the testing sample.

libyara/modules/dotnet/dotnet.c Outdated Show resolved Hide resolved
libyara/modules/dotnet/dotnet.c Outdated Show resolved Hide resolved
libyara/simple_str.c Show resolved Hide resolved
@plusvic plusvic added this to the v4.3 milestone Jan 10, 2022
@HoundThe
Copy link
Contributor Author

Thanks for the feedback! Sorry for the delay, I was finishing the last few exams past week.

@HoundThe
Copy link
Contributor Author

I've noticed the test failing on misaligned load and changed the reading functions to work byte-by-byte.

@HoundThe HoundThe requested a review from plusvic June 22, 2022 11:00
@plusvic
Copy link
Member

plusvic commented Jun 23, 2022

I sent a PR to your branch with a proposal for fixing the same issues: HoundThe#1

I prefer using the yr_unaligned_uXX functions, which make the intention clearer.

* Fix unaligned memory access.

* Add missing comma in Bazel file.
@HoundThe
Copy link
Contributor Author

Oh thanks, I didn't notice the PR on my fork, didn't get any notifications about it. I've undone my commit and merged your PR, didn't know about unaligned.h

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants