From d8929fd3b886a01edc8e795d90eb6756c18cc0ba Mon Sep 17 00:00:00 2001 From: c3rb3r3u5d3d53c Date: Sat, 14 Dec 2024 07:52:23 -0400 Subject: [PATCH] DotNet MetadataToken Wildcarding - Better DotNet MetadataToken wildcarding - Does not wildcard the last byte as it is representing the table entry in the stream --- src/disassemblers/custom/cil/instruction.rs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/disassemblers/custom/cil/instruction.rs b/src/disassemblers/custom/cil/instruction.rs index aee6abe6..b947a245 100644 --- a/src/disassemblers/custom/cil/instruction.rs +++ b/src/disassemblers/custom/cil/instruction.rs @@ -183,6 +183,12 @@ impl <'instruction> Instruction <'instruction> { pub fn pattern(&self) -> String { if self.is_wildcard() { return "??".repeat(self.size()); } + if self.is_metadata_token_wildcard_instruction() { + let mut pattern = Binary::to_hex(&self.mnemonic_bytes()); + pattern.push_str(&"??".repeat(self.operand_size() - 1)); + pattern.push_str(&Binary::to_hex(&vec![*self.operand_bytes().last().unwrap()])); + return pattern; + } let mut pattern = Binary::to_hex(&self.mnemonic_bytes()); pattern.push_str(&"??".repeat(self.operand_size())); pattern @@ -330,6 +336,17 @@ impl <'instruction> Instruction <'instruction> { } } + pub fn is_metadata_token_wildcard_instruction(&self) -> bool { + match self.mnemonic { + Mnemonic::Call => true, + Mnemonic::CallVirt => true, + Mnemonic::LdSFld => true, + Mnemonic::LdFld => true, + Mnemonic::NewObj => true, + _ => false, + } + } + pub fn get_call_metadata_token(&self) -> Option { if matches!(self.mnemonic, Mnemonic::Call | Mnemonic::CallVirt) { let operand_bytes = self.operand_bytes();