CodeDeepCopier doesn't seem to support mixed assemblies

Dec 7, 2011 at 5:20 PM
Edited Dec 7, 2011 at 5:23 PM

I tried the PeToPe.exe example on a bunch of different exes and dlls. I had no luck with it on any mixed assemblies, not even on the one produced by compiling the simple pragma_directives_managed_unmanaged.cpp example from http://msdn.microsoft.com/en-us/library/0adb9zxe.aspx So, I guess writing mixed assemblies is not directly supported because CodeDeepCopier.CopyChildren() throws an exception. Are the any workarounds like detecting which methods are native and skipping them? Does that have any change of producing a workable executable in the end, even for the "identity" transformation that PeToPe attempts?

Coordinator
Dec 7, 2011 at 5:27 PM

I'm afraid you are out of luck. The CCI reader, writer and object model has no support for mixed mode assemblies, nor is any such support planned for the future. Unfortunately, the managed C++ compiler produced mixed mode assemblies in all configurations. Sometimes, the x86 code inserted by the C++ compiler is completely gratuitous and can be safely deleted, but in many cases this is not possible.

I don't quite see why CodeDeepCopier should throw an exception when presented with a mixed mode assembly. That seems like something that should get fixed.

Dec 7, 2011 at 5:53 PM

Thanks for the very prompt reply. Do you know if Phoenix can instrument IL in mixed assemblies and save them back to PE?

Coordinator
Dec 7, 2011 at 5:55 PM

I don't know, but that was supposed to a scenario for them. Better ask them directly.