dnfile 0.10.0

Parse .NET executable files.

dnfile

Parse .NET executable files.

• Free software: MIT license

Features

• Parse as much as we can, even if the file is partially malformed.

• Easy to use. Developed with IDE autocompletion in mind.

Quick Start

pip install dnfile

Then create a simple program that loads a .NET binary, parses it, and displays information about the streams and Metadata Tables.

import sys
import dnfile

filepath = sys.argv[1]

pe = dnfile.dnPE(filepath)
pe.print_info()

Everything is an object, and raw structure values are stored in an object’s “struct” attribute. The CLR directory entry object is accessible from the “net” attribute of a dnPE object.

pe = dnfile.dnPE(FILEPATH)

# access the directory entry raw structure values
pe.net.struct

# access the metadata raw structure values
pe.net.metadata.struct

# access the streams
for s in pe.net.metadata.streams_list:
    if isinstance(s, dnfile.stream.MetaDataTables):
        # how many Metadata tables are defined in the binary?
        num_of_tables = len(s.tables_list)

# the last Metadata tables stream can also be accessed by a shortcut
num_of_tables = len(pe.net.mdtables.tables_list)

TODO

• parse .NET resources

• more tests

• Documentation on readthedocs

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

History

DEV

• Working…

0.10.0 (2022)

• BREAKING CHANGE: structure attributes no longer exist by default

• BREAKING CHANGE: objects’ attributes always exist, but may be None

• BUGFIX: use last stream if multiple of same name

• CI: added mypy type checking

• when duplicate stream names, behave like runtime and use last one for shortcuts

• add user_strings shortcut

• able to access MetaDataTables like a 0-based list, with square brackets

• added use of logging module for warnings

• better type hints for IDEs

• more better source comments

• more tests

0.9.0 (2021)

• bugfix: row indices parsed in structures are one-based, not zero-based

• bugfix: TypeDefRow was not parsing Extends coded index

• bugfix: incorrect BLOBS_MASK and add EXTRA_DATA skip if flag set

• added CI using github workflow

• added tests and submodule dnfile-testfiles

• added style consistency using pycodestyle and isort

• added more examples

• parse MetaData tables’ list-type indexes into lists of MDTableRow objects

0.8.0 (2021)

• bugfix: Metadata Table indexes (i.e. indexes into other tables) were off by one

0.7.1 (2021)

• bugfix: coded index always None

0.7.0 (2021)

• bugfix: improper data length check

0.6.0 (2021)

• bugfix: referenced wrong object

• parse utf-16 strings in #US stream

0.5.0 (2021-01-29)

• First release.