none
How to Save Instrumented Module as PeFile RRS feed

  • Question

  • Hi,

    I want to achieve the following:

    1. Load a Assembly (PeFile) (e.g. using IMetaDataTables.OpenScope())
    2. Modify MetaData and IL Code (using IMetaDataEmit)
    3. Save the modified Assembly to disk

    Step 3 puzzles me, because:

    • I tried, IMetaDataTables.Save(), but it only writes the metadata tables and not the whole file (including Headers, Secions, ...).
    • I looked at ICeeFileGen and ICeeGen, but they are both marked as deprecated: "This interface has been deprecated and will be removed in a future release.".

    Is there any API support to store such files? Can I use ICeeFileGen without worrying about future releases? Do I need to implement such a writer myself?

    Thanks,
    -Christoph

    Thursday, March 14, 2013 8:50 AM

Answers

  • Hi, Christoph.

    To my knowledge, the metadata API does not provide a way to save an entire PE image.  You will have to do a lot of heavy lifting yourself if you attempt to write it out own your own.  Instead, I'd recommend looking at CCI (https://ccimetadata.codeplex.com/).

    Thanks,
    Dave

    Monday, April 8, 2013 3:48 PM

All replies

  • Hi Christoph,

    Welcome to the MSDN Forum.

    Which IMetaDataTable do you use? I have check the MSDN document: http://msdn.microsoft.com/en-us/library/ms230529(v=vs.110).aspx 

    There is no OpenScope method or Save, so I cannot check how it works and how to correct it.

    Or Have I checked the wrong place?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, March 15, 2013 3:50 AM
    Moderator
  • Hi Mike,

    ups, I'm sorry. I meant IMetaDataDispenserEx.OpenScope() and IMetaDataEmit2.Save(). It goes something like this:

    IMetaDataDispenserEx *pDisp;
    IMetaDataEmit2   *pEmit;
    
    CoCreateInstance(CLSID_CorMetaDataDispenser, NULL, CLSCTX_INPROC_SERVER, IID_IMetaDataDispenserEx, (void**)&pDisp);
    pDisp->OpenScope(wfilename.c_str(), 0, IID_IMetaDataEmit, (LPUNKNOWN*)&pEmit);
    
    // modify metadata, il code...
    
    pEmit->Save(...); // this only safes the metadata part, not the whole assembly

    I already checked the SSCLI, and it seems that ILAsm uses ICeeFileGen, so the question remains if ICeeFileGen can safely be used and if not, what is the alternative?

    Thanks,
    -Christoph

    Friday, March 15, 2013 8:15 AM
  • Hi Christoph,

    There is also no OpenScope method: http://msdn.microsoft.com/en-us/library/ms231433(v=vs.110).aspx but OpenScopeOnITypeInfo method.

    And no save method: http://msdn.microsoft.com/en-us/library/ms231615.aspx  But SaveXXXXXX method.

    So do you use the .net framework interface?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, March 18, 2013 6:23 AM
    Moderator
  • Hi Mike,

    IMetaDataDispenser::OpenScope:
    http://msdn.microsoft.com/en-us/library/ms231248.aspx

    IMetaDataDispenserEx extends IMetaDataDispenser.

    IMetaDataEmit::Save:
    http://msdn.microsoft.com/en-us/library/ms232575.aspx

    IMetaDataEmit2 extends IMetaDataEmit.

    Best regards,
    -Christoph


    Monday, March 18, 2013 7:53 AM
  • Hi Christoph,

    Thank you for providing the detailed information.

    I have checked those links, it is clear that, it just handle the MetaData, no IL code.

    I suggest you try another APIs and here is a blog for this topic: http://msdn.microsoft.com/en-us/magazine/cc188743.aspx  

    I hope this will be helpful.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, March 19, 2013 6:42 AM
    Moderator
  • Hi Mike,

    thanks for that article. It shows how to manipulate IL code and metadata at runtime. However, I have not found any hints on how to store a manipulated assembly to disk - which is the core of my question here.

    I know how to use IMetaDataTables, IMetaDataEmit, and JitCompilationStarted ect. to read and modify Modules dynamically. I just want to find a way to store the Module/Assembly including all these modifications. My question is, if it is safe to use ICeeFileGen for this task, which looks appropriate but is officially deprecated, or if I need to implement writing a correct managed PEFile including all headers, sections, metadata streams, metadata tables, ect. myself.

    Thanks,
    -Christoph


    Tuesday, March 19, 2013 2:57 PM
  • Hi Christoph,

    Sorry my responses doesn't help you a lot.

    Now, I am trying to involve some other one into this case, it will take a while, if this issue is very urgent, you can 

    contact Microsoft Customer Spport Services(CSS) via telephone so that a dedicated Support Professional can assist you in a more efficient manner. Please be advised that contacting phone support will be a charged call. 

    to obtain the phone numbers for specific technology request please take a look at the web site listed below.

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS  

    If you are outside the US please see http://support.microsoft.com for regional support phone numbers.

    Thank you for your understanding and support.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, March 20, 2013 4:51 AM
    Moderator
  • Hi,

    Maybe you can use this tool http://reflexil.net/


    Regards,
    Christian HL
    Microsoft Online Community Support


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 21, 2013 8:13 AM
  • Hi Christian!

    Thanks a lot for that link. It sure looks like an interesting tool.

    However, I would really like to learn how to implement this myself in native code. Maybe someone could answer why ICeeFileGen has been deprecated and what the "official" alternative to that API is?

    Thanks,
    -Christoph

    Thursday, March 21, 2013 9:45 AM
  • Hi, Christoph.

    To my knowledge, the metadata API does not provide a way to save an entire PE image.  You will have to do a lot of heavy lifting yourself if you attempt to write it out own your own.  Instead, I'd recommend looking at CCI (https://ccimetadata.codeplex.com/).

    Thanks,
    Dave

    Monday, April 8, 2013 3:48 PM
  • Hi David,

    Thanks for your answer, that was the information I was looking for. Although it was not the information I was hoping for.

    CCI is an interesting project, but it's all managed code and I need it to be a native API. So, if ICeeFileGen cannot be used, I'll have to go with the heavy lifting.

    Thanks,
    -Christoph

    Wednesday, April 10, 2013 7:11 AM