Windows 10: Is the Name field of each metadata table in Dotnet file structure is important?

I'm trying to deobfuscate a Dotnet file that obfuscated by Eazfuscator.NET in manual. Just for fun and study.

As far as I know, Dotnet files could be decompiled by decompilers. So, I thought that I could open the file and export it to project file and compile it. But it wasn't. Because names of variable, function, namespace are out of displayable scope(ex. over 0x80).

At that time, I thought the export to project function would work fine if I fix undisplayable names. So I fix every names in metadata table. But still it doesn't work.

Is the Name field of each metadata table in Dotnet file structure is important?

If it is, is there an important rule of naming?

Pleas help me.

Here's my partial code and idea. My code written in python3 and inherit pefile.

1. Travel the metadata table and find displayable strings

def arrange_cor20_Strings_index(self):
metadataRootOffset = self.get_offset_from_rva(self.COR20_HEADER.METADATA.VirtualAddress)
# { Original offset ( Index 0 contains an index for a new string ) :
# Arranged offset ( -1 means undisplayable)
# }
strings = {}
for streamHeader in self.COR20_HEADER.STREAM_HEADERS:
streamName = streamHeader.Name.decode()
if streamName == "#Strings":
streamOffset = metadataRootOffset + streamHeader.Offset
rawStream = self.__data__[streamOffset:streamOffset + streamHeader.Size]

if len(rawStream) > 0:
string = []
stringIndex = 0
arrangedIndex = 0
for index in range(len(rawStream)):
if rawStream[index] == 0:
# strings[stringIndex] = "".join([chr(c) for c in string])
if self.isDisplayable(string) == True:
strings[stringIndex] = arrangedIndex
arrangedIndex = arrangedIndex + len(string) + 1
else:
strings[stringIndex] = -1
string = []
stringIndex = index + 1
continue
string.append(rawStream[index])
strings[0] = arrangedIndex
break
return strings

1. Save displayable strings and remove undisplayables

def arrange_cor20_Strings_strings(self):
for originIndex in self.dictArrangedIndex.keys():
if originIndex == 0:
self.dictArrangedStrings[originIndex] = []
continue
if self.dictArrangedIndex[originIndex] != -1:
self.dictArrangedStrings[self.dictArrangedIndex[originIndex]] =\
self.COR20_HEADER.STREAMS["#Strings"][originIndex]

1. Fix undisplayable strings in metadata table

...

def fix_cor20_Strings_metadata_Module(self, metadata):
strForm = "M%d"
index = self.rearrange_cor20_Strings_heap(metadata.Name, strForm)
metadata.Name = index
return metadata

def fix_cor20_Strings_metadata_TypeRef(self, metadata):
strForm = "TRN%d"
index = self.rearrange_cor20_Strings_heap(metadata.TypeName, strForm)
metadata.TypeName = index
strForm = "TRNS%d"
index = self.rearrange_cor20_Strings_heap(metadata.TypeNamespace, strForm)
metadata.TypeNamespace = index
return metadata

...

def fix_cor20_Strings_metadata(self, metadata):
fixedMetadata = {}
#print(metadata)
if metadata.name == self.__IMAGE_COR20_METADATA_MODULE_format__[0]: # 0
fixedMetadata = self.fix_cor20_Strings_metadata_Module(metadata)
elif metadata.name == self.__IMAGE_COR20_METADATA_TYPEREF_format__[0]: # 1
fixedMetadata = self.fix_cor20_Strings_metadata_TypeRef(metadata)
elif metadata.name == self.__IMAGE_COR20_METADATA_TYPEDEF_format__[0]: # 2
fixedMetadata = self.fix_cor20_Strings_metadata_TypeDef(metadata)
...

...

# { metadata.name :
# fixed count
# }
dictFixedCnt = {}
# { Original offset ( Index 0 contains an index for a new string ) :
# Arranged offset ( -1 means undisplayable)
# }
dictArrangedIndex = {}
# { String offset :
# String
# }
dictArrangedStrings = {}

def fix_cor20_Strings(self):
self.dictArrangedIndex = self.arrange_cor20_Strings_index()
self.arrange_cor20_Strings_strings()

streamName = "#~"
#print(self.COR20_HEADER.STREAMS[streamName])
for tagIndex in range(len(self.COR20_HEADER.STREAMS[streamName].Tags)):
metadataTag = self.COR20_HEADER.STREAMS[streamName].Tags[tagIndex]
for metadataRow in range(self.COR20_HEADER.STREAMS[streamName].Rows[tagIndex]):
metadata = self.COR20_HEADER.STREAMS[streamName].Metadatas[metadataTag][metadataRow]
fixedMetadata = self.fix_cor20_Strings_metadata(metadata)

self.COR20_HEADER.STREAMS["#Strings"] = self.dictArrangedStrings

:)

 

Music Metadata grabber

Been working on sorting movies/tv shows/music and looking for something thats free and grabs metadata for my music files. I could do it all manually, but having something that helps would be nice. Anyone got a suggestion?

 

Cannot import contacts via CSV or VCF file

The import utility is extremely (!) picky and unforgiving. I think the easiest way to go about this is to export the contacts that are already in the phone and edit the exported file, then reimport it.



The main "gotcha" for importing from a csv file is that all fields (including NULL fields) must be enclosed in "" (quotes). If you are exporting a list from Excel or Access, you cannot force the export to add all the quotes that you need. Edit the csv
file in Notepad and you'll see what I mean. You will have to find another way to get all the quotes in there.



I made an import file that will work by creating a table in Access that had ONLY the fields I needed and I made sure none of them had NULL values. I exported that table into a text file with comma separators and quotation marks around the fields and it
worked when I imported it into the Nokia Communicator (make sure the first line of the csv file has the Nokia field names in it also surrounded by quotes and separated by commas).



There was a lot of trial and error to get this right. The Nokia import utility is far too rigid to not have any good documentation.



Good Luck...

 

IE favourites names too long to import - need to edit html

Hi Ford,

I appreciate you for providing the details of the issue.

I suggest you to perform below steps, if you are comfortable in editing html file.

Follow the steps below.

• Right Click on Favorites file and Click on Open with Notepad.
• Edit and shorten Favorite name after the Url link.
• Click on Save.

To import file try the below step.

• 
  Open Internet Explorer.
  
• 
  Click on the Star > "Add to Favorites" drop-down > "Import and Export"
  
• 
  Mark a box "Import from a file".
  
• 
  Click the Next button.
  
• 
  Mark a box "Favorites".
  
• 
  On the next screen, using a Browse button find a file "bookmarks.html", highlight it, and click OPEN.
  
• 
  Click on "Next" button.
  
• 
  Click on "Import" button.
  
• 
  Click on "Finish" button.
  

Disclaimer: Make sure to backup Favorites file.

Hope the above information was helpful. If you need further assistance, we will be glad to assist you.