According to the Partition II metadata, it says that the valid field is a bitmask that notes which CLR metadata tables are present in a .NET executable--but what I can't figure out is what the "sorted" field is for--what is its significance, and what should I emit into this field when creating my own .NET portable executable images?
views:
57answers:
2What is the purpose of the sorted bit vector field in the "~" Metadata header in a .NET assembly?
EDIT: This isn't an answer, I misread the question as being about the Valid field rather than the Sorted field, but I am leaving it here in case it is related to the answer
The "Valid" field you are talking about is described in Partition II, §24.2.6, with the relevant part as follows:
The Valid field is a 64-bit bitvector that has a specific bit set for each table that is stored in the stream; the mapping of tables to indexes is given at the start of §22. For example when the DeclSecurity table is present in the logical metadata, bit 0x0e should be set in the Valid vector. It is invalid to include non-existent tables in Valid, so all bits above 0x2c shall be zero.
Each subsection of section 22 starting with §22.2 describes one table, and gives its bit index. For example, §22.2 is titled "Assembly: 0x20". This means that, if and only if the Assembly table described in §22.2 is present in your PE, then bit 0x20 must be set in the Valid
field. Note that this does NOT mean that Valid & 0x20 == 0x20
, it means that the 0x20th (ie, the 32nd) bit of Valid
must be set, which is to say Valid & (1 << 0x20) == (1 << 0x20)
.
For a while I wasn't sure if it was 0-indexed or 1-indexed, so I assumed 0-indexed. But I now know for sure that it is 0-indexed, because the Module table is table 0x00.
I think the sorted field is just hinting if the specific metadata table is sorted or not (it's a bitfield just like valid).
This would allow an implemenation of a runtime to do a binary search on the table directly from the memmapped data.