Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preserve all metadata streams and their order #394

Closed
Washi1337 opened this issue Dec 22, 2022 · 0 comments · Fixed by #406
Closed

Preserve all metadata streams and their order #394

Washi1337 opened this issue Dec 22, 2022 · 0 comments · Fixed by #406
Labels
dotnet Issues related to AsmResolver.DotNet enhancement
Milestone
5.1.0

Comments

@Washi1337
Copy link
Owner

Problem Description

Currently, the ManagedPEImageBuilder does not preserve any non-conventional metadata streams of the original input binary, nor does it preserve the original order the streams are defined. This can be problematic for processing binaries that are obfuscated and/or depend on these unknown streams / order of streams.

Proposal

Add MetadataBuilderFlags.PreserveUnknownStreams and MetadataBuilderFlags.PreserveStreamOrder.

Alternatives

A workaround for now is to first turn a ModuleDefinition into a PEImage, and then manually add / reorder the streams in the constructed metadata directory. This, however, requires more effort from the end-user and is not always trivial to implement.

Additional Context

Obfuscators like KoiVM like to insert custom metadata streams to the beginning of the list of the metadata directory.
@Washi1337 Washi1337 added enhancement dotnet Issues related to AsmResolver.DotNet labels Dec 22, 2022
@Washi1337 Washi1337 changed the title Preserve metadata streams Preserve all metadata streams and their order Dec 22, 2022
@Washi1337 Washi1337 added this to the 5.1.0 milestone Dec 28, 2022
@Washi1337 Washi1337 mentioned this issue Jan 17, 2023
Merged
@Washi1337 Washi1337 linked a pull request Jan 17, 2023 that will close this issue
Metadata stream preservation #406
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotnet Issues related to AsmResolver.DotNet enhancement
Projects
None yet
Milestone
5.1.0
Development

Successfully merging a pull request may close this issue.

Metadata stream preservation Washi1337/AsmResolver
1 participant
@Washi1337