Know your .NET

1. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2. http://www.codeproject.com/Articles/12585/The-NET-File-Format
3.  
4. http://books.google.com/books?id=qi4Tonh8_b0C&pg=PA15&lpg=PA15&dq=Module+%23string+heaps&source=bl&ots=Z5IC9WDeYF&sig=RMNuZYAB62OIJbz7F34TTY21RfQ&hl=en&sa=X&ei=D801VIeGBYy3yASTx4HoCA&ved=0CCMQ6AEwAA#v=onepage&q=Module%20%23string%20heaps&f=false
5.  
6. http://edc.tversu.ru/elib/inf/0028/ch05lev1sec3.html
7.  
8. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
9.  
10. Index
11. Introduction
12. Getting Started
13. .NET PE Files
14. The .NET Directory
15. The MetaData Section
16. The MetaData Tables
17. Methods
18. The #Blob Stream
19. Conclusions
20. Introduction
21. The standards of the .NET format are public, you can find them on Microsoft and in your .NET SDK (look after "Partition II Metadata.doc"), but they are intended to be more like a reference, not really a guide. So, the truth is that a description of the format can be useful. I mean, there's a huge difference between having the WinNT.h and having the full explanation of its structures and stuff. The documentation given by Microsoft has some explanations, but a lot of passages aren't very clear at all. Of course, it's required that you know quite well the PE File Format. If that's not the case, you should start with that first, otherwise you won't be able to make heads or tails of this article. A little warning: I'm not going to explain how to use the libraries given by Microsoft to access the .NET format, I'm going to explain the format itself. This article is based on the Framework 2.0.
22.  
23. Getting Started
24. The only existing tool (at the moment) for viewing and editing the .NET format is my CFF Explorer. I'm sorry for the spam, but you need this tool to dig into the internal structures of the .NET format. I programmed it for this reason in the first place. The reference you could eventually need is the one I mentioned above, and you can find the includes in your Framework SDK "Include" directory (i.e., "C:\...\Microsoft.NET\SDK\v2.0\include").
25.  
26. .NET PE Files
27. Before we start with MetaData and other stuff, some small observations about .NET PEs are necessary. They all have, for default, three sections: .text, .reloc, .rsrc. The .text section contains the Import Table, the Import Address Table, and the .NET Section. The .reloc is just there to relocate the address which the EntryPoint instruction jumps to (it's the only address contained in the IAT). The IT counts just one imported module (mscoree.dll) and one imported function (_CorExeMain for executables and _CorDllMain for dynamic load libraries). The .rsrc section contains just the main icon for an executable, since all other resources are in the .NET Section. The sections flags are checked at runtime, if you change them the assembly won't start.