Binfmt (was: [Mono-list] RESULT: 0 from mono, not from mint.)

Fri, 29 Mar 2002 15:34:49 +0530

On Thu, Mar 28, 2002 at 04:30:21PM +0100, Peter M. Lemmen wrote:
> The second script,, uses the c program, ismonobin, to find out
> wether the given binary is a mono binary and should be executed with the mono
> JIT. This should be easily extendable for DosEmu and Wine. (But I am totally
> unfamiliar with those projects.)

    AAH !, and I spent all these days wondering how to get Linux to check
the above 128 byte for 'P' & 'E' header . The wrapper idea never even 
entered my mind !. (the PE magic is more than 128 bytes -- and I got 
stuck there).

    I was cursing those "this cannot be run....." message for all my
trouble with binfmt ! (coz it is the filler that pushes PE header out
of binfmt_misc's magic range).

> The c program, ismonobin, checks the full first 64 bytes of the binary against
> the fingerprint I gathered yesterday.

    This does not really check for a Mono binary (this is the standard EXE
headers). The base address of the PE header is stored in an int32 from 
64'th byte. After reading this, you must check for the bytes 'P','E','\0',
'\0' at the base address from the start of file. Then it's a PE image 
(DLL or EXE). Then read isDLL (base address+18) for the isDLL information
(ie 0x2000 for dll). 

    After it gets through this, it's a PE executable by header. I'll fix
this up soon enough.

> (I'm a VB programmer by trade, so this all included a lot of guesswork on my
> part...)
    Guesswork is what hackers do the best !.
*      not yet another Mono contributor      *