1

I need to modify the preamble of a DICOM file using C++. I know I can do this using MergeCom library. However I am very new to this library and haven't used this before. I opened the user manual but it's too extensive and is taking me time to get what I need.

How can I modify the preamble of a DICOM file using MergeCom?

Amit Joshi
  • 15,448
  • 21
  • 77
  • 141
Sisir
  • 4,584
  • 4
  • 26
  • 37
  • [this SO thread might help](https://stackoverflow.com/questions/35297396/how-to-send-a-dicom-file-to-pacs-using-mergecom-toolkit) – dorKKnight Oct 11 '19 at 07:28
  • @dorKKnight This thread also is pointing to the user manual only – Sisir Oct 11 '19 at 08:30
  • Could you please be a bit more specific on what you want to change about the preamble and why? I am asking because the whole preamble is defined by DICOM part 10 - each single byte of it. So any modification will render the file "non DICOM conformant". Or does your question refer to the Part 10 meta-header? – Markus Sabin Oct 11 '19 at 08:41
  • Check this link: https://www.dicomstandard.org/wp-content/uploads/2019/05/FAQ-DICOM-128-Byte-Preamble-Posted1-1.pdf – Sisir Oct 11 '19 at 08:49
  • As per the above link, the preamble can be corrupted to have an executable which is a new vulnerability. I am trying to demonstrate this – Sisir Oct 11 '19 at 08:50

2 Answers2

2

I would advise against using a DICOM toolkit (like Merge) to do that.

DICOM PS 3.10, Chapter 7.1

The File Meta Information includes identifying information on the encapsulated Data Set. This header consists of a 128 byte File Preamble, followed by a 4 byte DICOM prefix, followed by the File Meta Elements shown in Table 7.1-1. This header shall be present in every DICOM file.

So the preamble is always 132 bytes long and always beginning with the first byte of the file. Using raw file access methods (like fopen, fwrite) to put a binary data block into the file would be much easier than "convincing" a DICOM toolkit to write a wrong preamble to the file.

Anyway, it is possible with the mergecom toolkit:

MC_STATUS MC_Set_File_Preamble(
int FileID,
char* Preamble
)

Where FileId is the merge handle as returned by MC_Open_File.

P.S.: I rarely use the MergeCom user manual. I use the reference manual a search for "Preamble" gave me the result quite quickly.

Markus Sabin
  • 3,916
  • 14
  • 32
  • If it is just adding the preamble to the existing file without loading dataset or other features, I would recommend bypass toolkit as well. +1 but I am afraid, in live environment, things does not just end here. – Amit Joshi Oct 11 '19 at 11:30
  • Agreed. But since the use case is to demonstrate the injection of malware into the preamble, I think that any working solution solves the problem – Markus Sabin Oct 11 '19 at 11:57
  • This is a better idea. 1 more question. The preamble is just of 128 bytes. A minimal executable written in c is at least of 10k. How can I copy this? it will override other sections corrupt the entire dicom file – Sisir Oct 11 '19 at 11:59
  • You will probably have to use assembler to put something really malicious into the preamble. Note that the article about vulnerability of the preamble just outlines the theoretical possiblity for something like this to happen. I strongly doubt that preamble corruption is really a realistic threat. – Markus Sabin Oct 14 '19 at 05:50
2

I agree with first recommendation from @kritzel_sw in other answer. If it is just limited to writing a preamble and does not involve any other features like loading dataset or reading elements etc., using toolkit is overkill.

Following is what specifications say about preamble:

The File Meta Information includes identifying information on the encapsulated Data Set. This header consists of a 128 byte File Preamble, followed by a 4 byte DICOM prefix, followed by the File Meta Elements shown in Table 7.1-1. This header shall be present in every DICOM file.

and

  1. If the File Preamble is not used by an Application Profile or a specific implementation, all 128 bytes shall be set to 00H. This is intended to facilitate the recognition that the Preamble is used when all 128 bytes are not set as specified above.

  2. The File Preamble may for example contain information enabling a multi-media application to randomly access images stored in a DICOM Data Set. The same file can be accessed in two ways: by a multi-media application using the preamble and by a DICOM Application that ignores the preamble.

Also, following is an image that may help understanding the concept better:

The first part, the file header, consists of a 128-byte file preamble followed by a 4-byte prefix. This approach is very common in many other image standards such as TIFF that you may have already seen/used. The 4-byte prefix consists of the uppercase characters 'DICM' (note, it is not “DICOM”, but “DICM”).

DICOM Image Structure

As you can see, Preamble is the starting part of header of DICOM file. You can easily add it using your programming language without using any toolkit.

Have a look at this question which discusses reading the preamble with C#. Hope that will help you.

Community
  • 1
  • 1
Amit Joshi
  • 15,448
  • 21
  • 77
  • 141