dotscope 0.6.0

A high-performance, cross-platform framework for analyzing and reverse engineering .NET PE executables
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

//! Metadata heap writers for assembly serialization.
//!
//! This module provides streaming heap writers that process entries directly to output
//! without intermediate buffering.
//!
//! # Background
//!
//! .NET assemblies contain four metadata heaps as defined in ECMA-335 §II.24.2:
//!
//! - **#Strings**: Null-terminated UTF-8 strings for identifiers (type names, method names, etc.)
//! - **#Blob**: Binary data with length-prefixed encoding (signatures, custom attribute values)
//! - **#GUID**: Array of 16-byte GUIDs (module identifiers)
//! - **#US (User Strings)**: Length-prefixed UTF-16 strings for string literals in code
//!
//! # Architecture
//!
//! ## Streaming Writers (Preferred)
//!
//! The streaming writers in the [`streaming`] module provide zero-copy heap processing:
//! - [`streaming::stream_strings_heap`] - Stream #Strings heap with deduplication
//! - [`streaming::stream_blob_heap`] - Stream #Blob heap with deduplication
//! - [`streaming::stream_guid_heap`] - Stream #GUID heap with deduplication
//! - [`streaming::stream_userstring_heap`] - Stream #US heap with deduplication
//!
//! These functions:
//! 1. Iterate through source data without copying
//! 2. Apply deletions, modifications, and appends
//! 3. Deduplicate by content hash
//! 4. Write directly to output
//! 5. Return (bytes_written, remapping) for table patching
//!
//! # Module Structure
//!
//! - [`streaming`] - Zero-copy streaming heap writers (primary API)
//! - [`rowpatch`] - Patching heap references in table rows

mod rowpatch;
mod streaming;

// Streaming writers (primary API)
pub use streaming::{
    compute_blob_heap_offsets, compute_guid_heap_offsets, compute_strings_heap_offsets,
    compute_userstring_heap_offsets, stream_blob_heap, stream_guid_heap, stream_strings_heap,
    stream_userstring_heap,
};

// Row patching utilities
pub(crate) use rowpatch::patch_row_heap_refs;

use std::collections::HashMap;

use crate::{
    cilassembly::{changes::AssemblyChanges, writer::context::WriteContext},
    CilAssemblyView, Result,
};

/// Captures the mapping from old heap offsets to new offsets after heap rebuilding.
///
/// When heaps are rebuilt with deduplication, compaction, or modifications, entries
/// may move to different offsets. This struct captures those mappings so that
/// metadata table references and IL instructions can be updated.
#[derive(Debug, Default, Clone)]
pub struct HeapRemapping {
    /// Mapping from old #Strings heap offset to new offset.
    pub strings: HashMap<u32, u32>,

    /// Mapping from old #Blob heap offset to new offset.
    pub blobs: HashMap<u32, u32>,

    /// Mapping from old #GUID heap index to new index.
    pub guids: HashMap<u32, u32>,

    /// Mapping from old #US (User String) heap offset to new offset.
    pub userstrings: HashMap<u32, u32>,
}

impl HeapRemapping {
    /// Creates an empty remapping with no offset mappings.
    ///
    /// # Returns
    ///
    /// A new `HeapRemapping` with empty mappings for all heaps.
    pub fn new() -> Self {
        Self::default()
    }

    /// Returns true if there are any remappings in any heap.
    ///
    /// This is useful for optimization - if no remappings exist, table patching
    /// can be skipped entirely.
    ///
    /// # Returns
    ///
    /// `true` if any heap has at least one offset remapping, `false` otherwise.
    pub fn has_changes(&self) -> bool {
        !self.strings.is_empty()
            || !self.blobs.is_empty()
            || !self.guids.is_empty()
            || !self.userstrings.is_empty()
    }

    /// Remaps a string heap offset to its new location.
    ///
    /// # Arguments
    ///
    /// * `offset` - The original offset in the #Strings heap
    ///
    /// # Returns
    ///
    /// The new offset if a mapping exists, or the original offset unchanged.
    pub fn remap_string(&self, offset: u32) -> u32 {
        self.strings.get(&offset).copied().unwrap_or(offset)
    }

    /// Remaps a blob heap offset to its new location.
    ///
    /// # Arguments
    ///
    /// * `offset` - The original offset in the #Blob heap
    ///
    /// # Returns
    ///
    /// The new offset if a mapping exists, or the original offset unchanged.
    pub fn remap_blob(&self, offset: u32) -> u32 {
        self.blobs.get(&offset).copied().unwrap_or(offset)
    }

    /// Remaps a GUID heap index to its new location.
    ///
    /// Note: GUID heap uses 1-based indices, not byte offsets.
    ///
    /// # Arguments
    ///
    /// * `index` - The original 1-based index in the #GUID heap
    ///
    /// # Returns
    ///
    /// The new index if a mapping exists, or the original index unchanged.
    pub fn remap_guid(&self, index: u32) -> u32 {
        self.guids.get(&index).copied().unwrap_or(index)
    }

    /// Remaps a user string heap offset to its new location.
    ///
    /// # Arguments
    ///
    /// * `offset` - The original offset in the #US heap
    ///
    /// # Returns
    ///
    /// The new offset if a mapping exists, or the original offset unchanged.
    pub fn remap_userstring(&self, offset: u32) -> u32 {
        self.userstrings.get(&offset).copied().unwrap_or(offset)
    }
}

/// Pre-computes heap offsets and resolves ChangeRefs without writing.
///
/// This follows dnlib's approach: calculate all heap offsets first, so that when
/// we write table rows, `resolve_placeholders()` can successfully resolve the
/// placeholder values to actual offsets.
///
/// This function must be called early in the generation process (before method
/// bodies are written) because:
/// 1. Method bodies may contain `ldstr` instructions referencing newly added userstrings
/// 2. Table rows reference heap entries via ChangeRef placeholders
///
/// # Arguments
///
/// * `view` - The assembly view providing source heap data
/// * `ctx` - The write context where remapping will be stored
/// * `changes` - The assembly changes containing heap modifications
///
/// # Returns
///
/// Returns `Ok(())` after populating `ctx.heap_remapping` with all offset mappings.
///
/// # Errors
///
/// Returns an error if heap offset computation fails due to:
/// - Invalid heap data in the source assembly
/// - Corrupted length-prefixed entries in blob or userstring heaps
pub fn precompute_heap_offsets(
    view: &CilAssemblyView,
    ctx: &mut WriteContext,
    changes: &AssemblyChanges,
) -> Result<()> {
    // Get source heap data
    let empty: &[u8] = &[];
    let strings_data = view.strings().map_or(empty, crate::Strings::data);
    let blob_data = view.blobs().map_or(empty, crate::Blob::data);
    let guid_data = view.guids().map_or(empty, crate::Guid::data);
    let us_data = view.userstrings().map_or(empty, crate::UserStrings::data);

    // Pre-compute offsets for each heap (this resolves ChangeRefs)
    let strings_result = compute_strings_heap_offsets(strings_data, &changes.string_heap_changes)?;
    let blob_result = compute_blob_heap_offsets(blob_data, &changes.blob_heap_changes)?;
    let guid_result = compute_guid_heap_offsets(guid_data, &changes.guid_heap_changes)?;
    let us_result = compute_userstring_heap_offsets(us_data, &changes.userstring_heap_changes)?;

    // Store the remapping for later patching of existing table rows
    ctx.heap_remapping.strings = strings_result.remapping;
    ctx.heap_remapping.blobs = blob_result.remapping;
    ctx.heap_remapping.guids = guid_result.remapping;
    ctx.heap_remapping.userstrings = us_result.remapping;

    Ok(())
}