Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dotnet pe support #505

Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

Dotnet pe support #505

wants to merge 28 commits into from

Conversation

alessandro-Doyensec
Copy link
Contributor

This pull request adds the implementation of the dotnet/pe extractor.

Implementation

The plugin uses https://github.com/saferwall/pe to extract .NET PE file data.

It’s possible to implement this without dependencies using the https://pkg.go.dev/debug/pe package, but it would require around 2000 lines of code to manually parse the .NET-specific CLR header, which contains .DLL information.

For reference, check the following parts of the saferwall/pe code:

Test set

The test was created by writing a simple "HelloWorld" app in .NET with mock dependencies. The expected dependencies were verified using https://github.com/dnSpyEx/dnSpy.

Adding a few more test cases would certainly be beneficial. Do you have any ideas or constraints on which PE files I could include in the test set?

erikvarga
erikvarga reviewed Mar 4, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikvarga erikvarga erikvarga left review comments

@vpasdf vpasdf vpasdf left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alessandro-Doyensec @erikvarga @vpasdf