Metadata Validity Rules

Previous page
Table of content
Next page

Metadata Validity Rules

In this section, I’ll summarize the validity rules for metadata contained in a manifest. Because some of these rules have a direct bearing on how the loader functions, the respective checks are performed at run time. Other rules describe “well-formed” metadata; violating one of these rules might result in rather peculiar effects during the program execution, but it does not represent a crash or security breach hazard, so the loader does not perform these checks. You can find the complete set of metadata validity rules in Partition II of the ECMA Standard Proposal; the sections that follow here review the most important of them.

warning

ILAsm does allow you to generate invalid metadata. Thus, it’s extremely important to carefully check your modules after compilation.

To find out whether any of the metadata in a module is invalid, you can run the PEVerify utility, included in the .NET Framework SDK, using the option /MD (metadata validation). Alternatively, you can invoke the IL Disassembler by using the option /ADV (advanced). Choose View, MetaInfo, Validate, and then press Ctrl+M. Both utilities use the Metadata Validator (MDValidator), which is built into the common language runtime.

Assembly Table Validity Rules

  • The record count of the table must be no more than 1. This is not checked at run time because the loader ignores all Assembly records except the first one.

  • The Flags entry must have bits set only as defined in the CorAssemblyFlags enumeration in CorHdr.h. For the first release of the common language runtime, the valid mask is 0xC031.

  • The Locale entry must be set to 0 or must refer to a nonempty string in the string heap that matches a known culture name. You can obtain a list of known culture names by using a call to the CultureInfo.GetCultures method, from the .NET Framework class library.

  • [run time] If Locale is not set to 0, the referenced string must be no longer than 1023 characters plus the zero terminator.

  • [run time] The Name entry must refer to a nonempty string in the string heap. The name must be the module filename excluding the extension, the path, and the drive letter.

  • [run time] The PublicKey entry must be set to 0 or must contain a valid offset in the #Blob stream.

AssemblyRef Table Validity Rules

  • The Flags entry can have only the least significant bit set (corresponding to the afPublicKey value; see the CorAssemblyFlags enumeration in CorHdr.h).

  • [run time] The PublicKeyOrToken entry must be set to 0 or must contain a valid offset in the #Blob stream.

  • The Locale entry must comply with the same rules as the Locale entry of the Assembly table (discussed in the preceding section).

  • The table must not have duplicate records with simultaneously matching Name, Locale, PublicKeyOrToken, and all Version entries.

  • [run time] The Name entry must refer to a nonempty string in the string heap. The name must be the prime module filename excluding the extension, the path, and the drive letter.

Module Table Validity Rules

  • [run time] The record count of the table must be at least 1.

  • The record count of the table must be exactly 1. This is not checked at run time because the loader uses the first Module record and ignores the others.

  • [run time] The Name entry must refer to a nonempty string in the string heap, no longer than 511 characters plus the zero terminator. The name must be the module filename including the extension and excluding the path and the drive letter.

  • The Mvid entry must refer to a nonzero GUID in the GUID heap. The value of the Mvid entry is generated automatically and cannot be specified explicitly in ILAsm.

ModuleRef Table Validity Rules

  • [run time] The Name entry must refer to a nonempty string in the string heap, no longer than 511 characters plus the zero terminator. The name must be a filename including the extension and excluding the path and the drive letter.

File Table Validity Rules

  • The Flags entry can have only the least significant bit set (corresponding to the ffContainsNoMetaData value; see the CorFileFlags enumeration in CorHdr.h).

  • [run time] The Name entry must refer to a nonempty string in the string heap, no longer than 511 characters plus the zero terminator. The name must be a filename including the extension and excluding the path and the drive letter.

  • [run time] The string referenced by the Name entry must not match S[N][[C]*], where

    1. S ::= con aux lpt prn nul com

    2. N ::= 0..9

    3. C ::= $ :

  • [run time] The HashValue entry must hold a valid offset in the #Blob stream.

  • The table must not contain duplicate records whose Name entries refer to matching strings.

  • The table must not contain duplicate records whose Name entries refer to strings matching this module’s name.

ManifestResource Table Validity Rules

  • [run time] The Implementation entry must be set to 0 or must hold a valid AssemblyRef or File token.

  • [run time] If the Implementation entry does not hold an AssemblyRef token, the Offset entry must hold a valid offset within limits specified by the Resources data directory of the common language runtime header of the target file.

  • [run time] The Flags entry must hold either 1 or 2—mrPublic or mrPrivate, respectively.

  • [run time] The Name entry must refer to a nonempty string in the string heap.

  • The table must not contain duplicate records whose Name entries refer to matching strings.

ExportedType Table Validity Rules

  • The record count of the table must be 0 if the Assembly table is empty.

  • The record count of the table must be 0 if the File table is empty.

  • There must be no rows with TypeName and TypeNamespace matching Name and Namespace, respectively, of any row of the TypeDef table.

  • The Flags entry must hold one of the visibility flags of the enumeration CorTypeAttr (see CorHdr.h). Valid flags are 0 through 7.

  • [run time] The Implementation entry must hold a valid ExportedType or File token.

  • [run time] The Implementation entry must not hold an ExportedType token pointing to this record.

  • If the Implementation entry holds an ExportedType token, the Flags entry must hold a nested visibility value in the range 2 7.

  • If the Implementation entry holds a File token, the Flags entry must hold the tdNonPublic or tdPublic visibility value (0 or 1).

  • [run time] The TypeName entry must refer to a nonempty string in the string heap.

  • [run time] The TypeNamespace entry must be set to 0 or must refer to a nonempty string in the string heap.

  • [run time] The combined length of the strings referenced by TypeName and TypeNamespace must not exceed 1023 characters.

  • The table must not contain duplicate records whose Implementation entry holds a File token, and whose TypeName and TypeNamespace entries refer to matching strings.

  • The table must not contain duplicate records whose Implementation entries hold the same ExportedType token and whose TypeName entries refer to matching strings.


Previous page
Table of content
Next page
Inside Microsoft. NET IL Assembler
Inside Microsoft .NET IL Assembler
ISBN: 0735615470
EAN: 2147483647
Year: 2005
Pages: 147
Authors: SERGE LIDIN
BUY ON AMAZON
Qshell for iSeries
Building Web Applications with UML (2nd Edition)
Systematic Software Testing (Artech House Computer Library)
Postfix: The Definitive Guide
File System Forensic Analysis
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy