Dotnet pe support #505
Open
Dotnet pe support #505
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fix: pe parsing
vpasdf
reviewed
Feb 28, 2025
vpasdf
reviewed
Feb 28, 2025
vpasdf
reviewed
Feb 28, 2025
vpasdf
reviewed
Feb 28, 2025
vpasdf
reviewed
Feb 28, 2025
fix: return nil when return error (ivs are be empty anyway)
erikvarga
reviewed
Mar 4, 2025
erikvarga
approved these changes
Mar 10, 2025
|
Looks like there are some merge conflicts - can you do a sync? I think it's also possible to give reviewers push permisisons after which they can resolve the merge conflicts too (like I did here). |
The branch should be synched now. I don't know if I'm able to grant you push permission to the PRs. I'll look into it and get back to you once I have more information. |
erikvarga
approved these changes
Mar 11, 2025
copybara-service bot
pushed a commit
that referenced
this pull request
Mar 14, 2025
PiperOrigin-RevId: 736742277
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds the implementation of the
dotnet/peextractor.Implementation
The plugin uses https://github.com/saferwall/pe to extract .NET PE file data.
It’s possible to implement this without dependencies using the https://pkg.go.dev/debug/pe package, but it would require around 2000 lines of code to manually parse the .NET-specific CLR header, which contains .DLL information.
For reference, check the following parts of the saferwall/pe code:
Test set
The test was created by writing a simple "HelloWorld" app in .NET with mock dependencies. The expected dependencies were verified using https://github.com/dnSpyEx/dnSpy.
Adding a few more test cases would certainly be beneficial. Do you have any ideas or constraints on which PE files I could include in the test set?