[kmd]

hi
is the any generic method to solve subj problem?
i need to know if specified file is .net file

some PE header flags maybe?

thanks in advance

[GamingMasteR]

Hi,

1- Check if COM directory present and points to valid CLR header structure :
Parse NtHeader->OptionalHeader->DataDirectories[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR], if RVA != NULL then parse it's body and check if it's a valid IMAGE_COR20_HEADER.

2- Signature scan, just like what PEiD or any other PE Scanner do to determine if it is a DotNET file.

[kmd]

1 is great :)

i found CLI_HEADER here http://www.codeproject.com/KB/dotnet/do ... play=Print

does it valid for all dot net versions? ie will this work with net 4.0 compiled progs?

thnx

[GamingMasteR]

AFAIK, it will :)
You can check with CFF Explorer by Daniel Pistelli (the one who wrote that description in CP)

[EP_X0FF]

Simple source and article if topic starter still interested.

http://www.rsdn.ru/article/files/Progs/dllinfo.xml