[Mono-osx] Official Mono 3.2.4 release on OS X is able to run invalid PE images oO
asido4 at gmail.com
Sun Dec 22 18:55:08 UTC 2013
I have a PE image with data like in the image bellow. By looking at it I
recognize patterns of normal PE image - ME is almoast MZ and the bytes at
0x90 could be "This program cannot be run in DOS mode" stuff, which could be
encoded in some way. In the middle of the file I can recognize proper .NET
assembly metatable information - "BSJB" following correct #~, #Strings, #US,
#GUID, #Blob data.
Windows PE loader doesn't run the file. Both official Mono 3.2.4 release and
my attempt to build mono from sources just displays "File does not contain a
valid CIL image" message regardless if DISABLE_VERIFIER preprocessor is set
or not. And this is expected behavior since it just won't pass through this
To my surprise installing official Mono 3.2.4 MRE release on OS X and
executing 'mono ./broken.exe' executes it without any issues. Can anyone
provide me insight on what is going on? Is this some special file format for
OS X? How Mono OS X builds are configured so that I could reproduce this
behavior with my own built Mono from sources?
View this message in context: http://mono.1490590.n4.nabble.com/Official-Mono-3-2-4-release-on-OS-X-is-able-to-run-invalid-PE-images-oO-tp4661606.html
Sent from the Mono - OSX mailing list archive at Nabble.com.
More information about the Mono-osx