Beispiel #1
0
        public AheadlibCodeGenerator(string codeGenPath, string oldDllName, bool isCodegenFunctionTrace, CodeGenDllMode dllMode, string logPath, DisplayModuleInfo dlltarget, string cfg)
        {
            CodeGenPath            = codeGenPath;
            OldDllName             = oldDllName;
            IsCodegenFunctionTrace = isCodegenFunctionTrace;
            DllMode = dllMode;
            LogPath = logPath;

            DllTarget         = dlltarget;
            Functions         = new List <AheadlibFunction>();
            ReplaceRuleLoader = ReplaceRuleLoader.GetReplaceRules(cfg);
            PhSymbolProvider symbolProvider = new PhSymbolProvider();

            foreach (var expfunction in dlltarget.Exports)
            {
                AheadlibFunction function = new AheadlibFunction();
                function.Ordinal = expfunction.Ordinal;
                function.Name    = expfunction.Name;
                var dx = new DisplayPeExport(expfunction, symbolProvider);
                function.UndecorateName = dx.Name;
                //function.SubstituteSymbol = function.UndecorateName; //ReplaceRuleLoader.Get_NameInSourceCode_From_Name(function.Name);
                function.ExportByOrdinal = expfunction.ExportByOrdinal;
                function.VirtualAddress  = expfunction.VirtualAddress;
                Functions.Add(function);
            }
        }
Beispiel #2
0
        public void InitializeView()
        {
            if (!NativeFile.Exists(this.Filename))
            {
                MessageBox.Show(
                    String.Format("{0:s} is not present on the disk", this.Filename),
                    "Invalid PE",
                    MessageBoxButton.OK
                    );

                return;
            }

            this.Pe = (Application.Current as App).LoadBinary(this.Filename);
            if (this.Pe == null || !this.Pe.LoadSuccessful)
            {
                MessageBox.Show(
                    String.Format("{0:s} is not a valid PE-COFF file", this.Filename),
                    "Invalid PE",
                    MessageBoxButton.OK
                    );

                return;
            }

            this.SymPrv                = new PhSymbolProvider();
            this.RootFolder            = Path.GetDirectoryName(this.Filename);
            this.SxsEntriesCache       = SxsManifest.GetSxsEntries(this.Pe);
            this.ProcessedModulesCache = new ModulesCache();
            this.ApiSetmapCache        = Phlib.GetApiSetSchema();
            this._SelectedModule       = null;
            this._DisplayWarning       = false;

            // TODO : Find a way to properly bind commands instead of using this hack
            this.ModulesList.Items.Clear();
            this.ModulesList.DoFindModuleInTreeCommand   = DoFindModuleInTree;
            this.ModulesList.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand;

            var RootFilename = Path.GetFileName(this.Filename);
            var RootModule   = new DisplayModuleInfo(RootFilename, this.Pe, ModuleSearchStrategy.ROOT);

            this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, this.Filename), RootModule);

            ModuleTreeViewItem    treeNode             = new ModuleTreeViewItem();
            DependencyNodeContext childTreeInfoContext = new DependencyNodeContext()
            {
                ModuleInfo = new WeakReference(RootModule),
                IsDummy    = false
            };

            treeNode.DataContext = childTreeInfoContext;
            treeNode.Header      = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath);
            treeNode.IsExpanded  = true;

            this.DllTreeView.Items.Clear();
            this.DllTreeView.Items.Add(treeNode);

            // Recursively construct tree of dll imports
            ConstructDependencyTree(treeNode, this.Pe);
        }
Beispiel #3
0
        private void OnListViewKeyDown(object sender, System.Windows.Input.KeyEventArgs e)
        {
            System.Windows.Controls.ListView ListView = sender as System.Windows.Controls.ListView;
            bool CtrlKeyDown = Keyboard.IsKeyDown(System.Windows.Input.Key.LeftCtrl) || Keyboard.IsKeyDown(System.Windows.Input.Key.RightCtrl);

            Debug.WriteLine("[DependencyModuleList] Key Pressed : " + e.Key + ". Ctrl Key down : " + CtrlKeyDown);
            if ((e.Key == System.Windows.Input.Key.C) && CtrlKeyDown)
            {
                List <string> StrToCopy = new List <string>();
                foreach (object SelectItem in ListView.SelectedItems)
                {
                    DisplayModuleInfo ModuleInfo = SelectItem as DisplayModuleInfo;
                    StrToCopy.Add(ModuleInfo.ModuleName);
                }

                System.Windows.Clipboard.Clear();
                System.Windows.Clipboard.SetText(String.Join("\n", StrToCopy.ToArray()), System.Windows.TextDataFormat.Text);
                return;
            }

            if ((e.Key == System.Windows.Input.Key.F) && CtrlKeyDown)
            {
                this.ModulesSearchBar.Visibility = System.Windows.Visibility.Visible;
                this.ModuleSearchFilter.Focus();
                return;
            }
        }
Beispiel #4
0
        public void AddModule(DisplayModuleInfo NewModule)
        {
            // TODO : Find a way to properly bind commands instead of using this hack
            NewModule.DoFindModuleInTreeCommand   = DoFindModuleInTreeCommand;
            NewModule.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand;

            this.Items.Add(NewModule);
        }
Beispiel #5
0
        public void AddModule(DisplayModuleInfo NewModule)
        {
            // TODO : Find a way to properly bind commands instead of using this hack
            NewModule.DoFindModuleInTreeCommand = DoFindModuleInTreeCommand;

            this.ModulesList.Items.Add(NewModule);

            // Refresh search view
            ModuleSearchFilter_OnTextChanged(null, null);
        }
Beispiel #6
0
        public ApiSetModuleInfo(string ApiSetModuleName, ref DisplayModuleInfo _UnderlyingModule)
            : base(ApiSetModuleName)
        {
            UnderlyingModule = _UnderlyingModule;

            _Flags |= ModuleFlag.ApiSet;
            if (ApiSetModuleName.StartsWith("ext-"))
            {
                _Flags |= ModuleFlag.ApiSetExt;
            }
        }
Beispiel #7
0
        private void OnModuleViewSelectedItemChanged(object sender, RoutedEventArgs e)
        {
            DisplayModuleInfo SelectedModule = (sender as DependencyModuleList).SelectedItem as DisplayModuleInfo;

            // Selected Pe has not been found on disk
            if (SelectedModule == null)
            {
                return;
            }

            UpdateImportExportLists(SelectedModule);
        }
Beispiel #8
0
 private void UpdateImportExportLists(DisplayModuleInfo SelectedModule)
 {
     if (SelectedModule == null)
     {
         this.ImportList.Items.Clear();
         this.ExportList.Items.Clear();
     }
     else
     {
         this.ImportList.SetImports(SelectedModule.Imports, SymPrv, this);
         this.ExportList.SetExports(SelectedModule.Exports, SymPrv);
     }
 }
Beispiel #9
0
        private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e)
        {
            DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext);
            DisplayModuleInfo     SelectedModule   = childTreeContext.ModuleInfo.Target as DisplayModuleInfo;

            // Selected Pe has not been found on disk
            if (SelectedModule == null)
            {
                return;
            }

            UpdateImportExportLists(SelectedModule);
        }
Beispiel #10
0
        private void OnModuleViewSelectedItemChanged(object sender, RoutedEventArgs e)
        {
            DisplayModuleInfo SelectedModule = (sender as DependencyModuleList).SelectedItem as DisplayModuleInfo;

            // Selected Pe has not been found on disk
            if (SelectedModule == null)
            {
                return;
            }

            // Display module as root (since we can't know which parent it's attached to)
            UpdateImportExportLists(SelectedModule, null);
        }
Beispiel #11
0
        public PE LoadImport(string ModuleName, DisplayModuleInfo CurrentModule = null, bool DelayLoad = false)
        {
            if (CurrentModule == null)
            {
                CurrentModule = this._SelectedModule;
            }

            Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule(
                this.Pe,
                ModuleName,
                this.SxsEntriesCache,
                this.CustomSearchFolders,
                this.WorkingDirectory
                );
            string ModuleFilepath = (ResolvedModule.Item2 != null) ? ResolvedModule.Item2.Filepath : null;

            ModuleCacheKey ModuleKey = new ModuleCacheKey(ModuleName, ModuleFilepath);

            if ((ModuleFilepath != null) && !this.ProcessedModulesCache.ContainsKey(ModuleKey))
            {
                ModuleFlag DelayLoadFlag = (DelayLoad) ? ModuleFlag.DelayLoad : 0;

                if (ResolvedModule.Item1 == ModuleSearchStrategy.ApiSetSchema)
                {
                    var ApiSetContractModule = new DisplayModuleInfo(
                        BinaryCache.LookupApiSetLibrary(ModuleName),
                        ResolvedModule.Item2,
                        ResolvedModule.Item1,
                        DelayLoadFlag & ModuleFlag.ApiSet
                        );
                    var NewModule = new ApiSetModuleInfo(ModuleName, ref ApiSetContractModule);
                    this.ProcessedModulesCache[ModuleKey] = NewModule;
                }
                else
                {
                    var NewModule = new DisplayModuleInfo(
                        ModuleName,
                        ResolvedModule.Item2,
                        ResolvedModule.Item1,
                        DelayLoadFlag
                        );
                    this.ProcessedModulesCache[ModuleKey] = NewModule;
                }

                // add it to the module list
                this.ModulesList.AddModule(this.ProcessedModulesCache[ModuleKey]);
            }

            return(ResolvedModule.Item2);
        }
Beispiel #12
0
        private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e)
        {
            if (this.DllTreeView.SelectedItem == null)
            {
                UpdateImportExportLists(null, null);
                return;
            }

            DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext);
            DisplayModuleInfo     SelectedModule   = childTreeContext.ModuleInfo.Target as DisplayModuleInfo;

            if (SelectedModule == null)
            {
                return;
            }

            // Selected Pe has not been found on disk : unvalidate current module
            SelectedModule.HasErrors = !NativeFile.Exists(SelectedModule.Filepath);
            if (SelectedModule.HasErrors)
            {
                // TODO : do a proper refresh instead of asking the user to do it
                System.Windows.MessageBox.Show(String.Format("We could not find {0:s} file on the disk anymore, please fix this problem and refresh the window via F5", SelectedModule.Filepath));
            }

            // Root Item : no parent
            ModuleTreeViewItem TreeRootItem = this.DllTreeView.Items[0] as ModuleTreeViewItem;
            ModuleTreeViewItem SelectedItem = this.DllTreeView.SelectedItem as ModuleTreeViewItem;

            if (SelectedItem == TreeRootItem)
            {
                // Selected Pe has not been found on disk : unvalidate current module
                if (SelectedModule.HasErrors)
                {
                    UpdateImportExportLists(null, null);
                }
                else
                {
                    SelectedModule.HasErrors = false;
                    UpdateImportExportLists(SelectedModule, null);
                }

                return;
            }

            // Tree Item
            DisplayModuleInfo parentModule = SelectedItem.ParentModule.ModuleInfo;

            UpdateImportExportLists(SelectedModule, parentModule);
        }
Beispiel #13
0
        public DependencyWindow(String FileName)
        {
            InitializeComponent();

            this.Filename = FileName;
            this.Pe       = new PE(FileName);

            if (!this.Pe.LoadSuccessful)
            {
                MessageBox.Show(
                    String.Format("{0:s} is not a valid PE-COFF file", this.Filename),
                    "Invalid PE",
                    MessageBoxButton.OK
                    );
                return;
            }

            this.SymPrv                = new PhSymbolProvider();
            this.RootFolder            = Path.GetDirectoryName(FileName);
            this.SxsEntriesCache       = SxsManifest.GetSxsEntries(this.Pe);
            this.ProcessedModulesCache = new ModulesCache();
            this.ApiSetmapCache        = Phlib.GetApiSetSchema();

            // TODO : Find a way to properly bind commands instead of using this hack
            this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree;

            var RootFilename = Path.GetFileName(FileName);
            var RootModule   = new DisplayModuleInfo(RootFilename, this.Pe);

            this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, FileName), RootModule);

            ModuleTreeViewItem    treeNode             = new ModuleTreeViewItem();
            DependencyNodeContext childTreeInfoContext = new DependencyNodeContext()
            {
                ModuleInfo = new WeakReference(RootModule),
                IsDummy    = false
            };

            treeNode.DataContext = childTreeInfoContext;
            treeNode.Header      = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath);
            treeNode.IsExpanded  = true;

            this.DllTreeView.Items.Add(treeNode);

            // Recursively construct tree of dll imports
            ConstructDependencyTree(treeNode, this.Pe);
        }
Beispiel #14
0
        /// <summary>
        /// Reentrant version of Collapse/Expand Node
        /// </summary>
        /// <param name="Item"></param>
        /// <param name="ExpandNode"></param>
        private ModuleTreeViewItem FindModuleInTree(ModuleTreeViewItem Item, DisplayModuleInfo Module, bool Highlight = false)
        {
            if (Item.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath) == Module.ModuleName)
            {
                if (Highlight)
                {
                    ExpandAllParentNode(Item.Parent as ModuleTreeViewItem);
                    Item.IsSelected = true;
                    Item.BringIntoView();
                    Item.Focus();
                }

                return(Item);
            }

            // BFS style search -> return the first matching node with the lowest "depth"
            foreach (ModuleTreeViewItem ChildItem in Item.Items)
            {
                if (ChildItem.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath) == Module.ModuleName)
                {
                    if (Highlight)
                    {
                        ExpandAllParentNode(Item);
                        ChildItem.IsSelected = true;
                        ChildItem.BringIntoView();
                        ChildItem.Focus();
                    }

                    return(Item);
                }
            }

            foreach (ModuleTreeViewItem ChildItem in Item.Items)
            {
                ModuleTreeViewItem matchingItem = FindModuleInTree(ChildItem, Module, Highlight);

                // early exit as soon as we find a matching node
                if (matchingItem != null)
                {
                    return(matchingItem);
                }
            }

            return(null);
        }
Beispiel #15
0
        private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e)
        {
            if (this.DllTreeView.SelectedItem == null)
            {
                UpdateImportExportLists(null, null);
                return;
            }

            DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext);
            DisplayModuleInfo     SelectedModule   = childTreeContext.ModuleInfo.Target as DisplayModuleInfo;

            // Selected Pe has not been found on disk
            if (SelectedModule == null)
            {
                return;
            }

            // Root Item : no parent
            ModuleTreeViewItem TreeRootItem = this.DllTreeView.Items[0] as ModuleTreeViewItem;
            ModuleTreeViewItem SelectedItem = this.DllTreeView.SelectedItem as ModuleTreeViewItem;

            if (SelectedItem == TreeRootItem)
            {
                UpdateImportExportLists(SelectedModule, null);
                return;
            }

            // find parent. TODO : add parent ref to treeview context
            var parent = VisualTreeHelper.GetParent(SelectedItem as DependencyObject);

            while ((parent as TreeViewItem) == null)
            {
                parent = VisualTreeHelper.GetParent(parent);
            }

            DependencyNodeContext parentTreeContext = ((DependencyNodeContext)(parent as ModuleTreeViewItem).DataContext);
            DisplayModuleInfo     parentModule      = parentTreeContext.ModuleInfo.Target as DisplayModuleInfo;

            UpdateImportExportLists(SelectedModule, parentModule);
        }
Beispiel #16
0
        private void UpdateImportExportLists(DisplayModuleInfo SelectedModule, DisplayModuleInfo Parent)
        {
            if (SelectedModule == null)
            {
                this.ImportList.Items.Clear();
                this.ExportList.Items.Clear();
            }
            else
            {
                if (Parent == null)                 // root module
                {
                    this.ImportList.SetRootImports(SelectedModule.Imports, SymPrv, this);
                }
                else
                {
                    // Imports from the same dll are not necessarly sequential (see: HDDGuru\RawCopy.exe)
                    var machingImports = Parent.Imports.FindAll(imp => imp.Name == SelectedModule._Name);
                    this.ImportList.SetImports(SelectedModule.Filepath, SelectedModule.Exports, machingImports, SymPrv, this);
                }

                this.ExportList.SetExports(SelectedModule.Exports, SymPrv);
            }
        }
Beispiel #17
0
 private void UpdateImportExportLists(DisplayModuleInfo SelectedModule)
 {
     this.ImportList.SetImports(SelectedModule.Imports, SymPrv, this);
     this.ExportList.SetExports(SelectedModule.Exports, SymPrv);
 }
Beispiel #18
0
        private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE, int RecursionLevel = 0)
        {
            // "Closured" variables (it 's a scope hack really).
            Dictionary <string, ImportContext> NewTreeContexts = new Dictionary <string, ImportContext>();

            BackgroundWorker bw = new BackgroundWorker();

            bw.WorkerReportsProgress = true; // useless here for now


            bw.DoWork += (sender, e) => {
                ProcessPe(NewTreeContexts, CurrentPE);
            };


            bw.RunWorkerCompleted += (sender, e) =>
            {
                TreeBuildingBehaviour.DependencyTreeBehaviour SettingTreeBehaviour = Dependencies.TreeBuildingBehaviour.GetGlobalBehaviour();
                List <ModuleTreeViewItem> PeWithDummyEntries  = new List <ModuleTreeViewItem>();
                List <BacklogImport>      PEProcessingBacklog = new List <BacklogImport>();

                // Important !
                //
                // This handler is executed in the STA (Single Thread Application)
                // which is authorized to manipulate UI elements. The BackgroundWorker is not.
                //

                foreach (ImportContext NewTreeContext in NewTreeContexts.Values)
                {
                    ModuleTreeViewItem    childTreeNode        = new ModuleTreeViewItem();
                    DependencyNodeContext childTreeNodeContext = new DependencyNodeContext();
                    childTreeNodeContext.IsDummy = false;

                    string         ModuleName     = NewTreeContext.ModuleName;
                    string         ModuleFilePath = NewTreeContext.PeFilePath;
                    ModuleCacheKey ModuleKey      = new ModuleCacheKey(ModuleName, ModuleFilePath);

                    // Newly seen modules
                    if (!this.ProcessedModulesCache.ContainsKey(ModuleKey))
                    {
                        // Missing module "found"
                        if ((NewTreeContext.PeFilePath == null) || !NativeFile.Exists(NewTreeContext.PeFilePath))
                        {
                            this.ProcessedModulesCache[ModuleKey] = new NotFoundModuleInfo(ModuleName);
                        }
                        else
                        {
                            if (NewTreeContext.IsApiSet)
                            {
                                var ApiSetContractModule = new DisplayModuleInfo(NewTreeContext.ApiSetModuleName, NewTreeContext.PeProperties, NewTreeContext.ModuleLocation, NewTreeContext.Flags);
                                var NewModule            = new ApiSetModuleInfo(NewTreeContext.ModuleName, ref ApiSetContractModule);

                                this.ProcessedModulesCache[ModuleKey] = NewModule;

                                if (SettingTreeBehaviour == TreeBuildingBehaviour.DependencyTreeBehaviour.Recursive)
                                {
                                    PEProcessingBacklog.Add(new BacklogImport(childTreeNode, ApiSetContractModule.ModuleName));
                                }
                            }
                            else
                            {
                                var NewModule = new DisplayModuleInfo(NewTreeContext.ModuleName, NewTreeContext.PeProperties, NewTreeContext.ModuleLocation, NewTreeContext.Flags);
                                this.ProcessedModulesCache[ModuleKey] = NewModule;

                                switch (SettingTreeBehaviour)
                                {
                                case TreeBuildingBehaviour.DependencyTreeBehaviour.RecursiveOnlyOnDirectImports:
                                    if ((NewTreeContext.Flags & ModuleFlag.DelayLoad) == 0)
                                    {
                                        PEProcessingBacklog.Add(new BacklogImport(childTreeNode, NewModule.ModuleName));
                                    }
                                    break;

                                case TreeBuildingBehaviour.DependencyTreeBehaviour.Recursive:
                                    PEProcessingBacklog.Add(new BacklogImport(childTreeNode, NewModule.ModuleName));
                                    break;
                                }
                            }
                        }

                        // add it to the module list
                        this.ModulesList.AddModule(this.ProcessedModulesCache[ModuleKey]);
                    }

                    // Since we uniquely process PE, for thoses who have already been "seen",
                    // we set a dummy entry in order to set the "[+]" icon next to the node.
                    // The dll dependencies are actually resolved on user double-click action
                    // We can't do the resolution in the same time as the tree construction since
                    // it's asynchronous (we would have to wait for all the background to finish and
                    // use another Async worker to resolve).

                    if ((NewTreeContext.PeProperties != null) && (NewTreeContext.PeProperties.GetImports().Count > 0))
                    {
                        ModuleTreeViewItem    DummyEntry   = new ModuleTreeViewItem();
                        DependencyNodeContext DummyContext = new DependencyNodeContext()
                        {
                            ModuleInfo = new WeakReference(new NotFoundModuleInfo("Dummy")),
                            IsDummy    = true
                        };

                        DummyEntry.DataContext = DummyContext;
                        DummyEntry.Header      = "@Dummy : if you see this header, it's a bug.";
                        DummyEntry.IsExpanded  = false;

                        childTreeNode.Items.Add(DummyEntry);
                        childTreeNode.Expanded += ResolveDummyEntries;
                    }

                    // Add to tree view
                    childTreeNodeContext.ModuleInfo = new WeakReference(this.ProcessedModulesCache[ModuleKey]);
                    childTreeNode.DataContext       = childTreeNodeContext;
                    childTreeNode.Header            = childTreeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath);
                    RootNode.Items.Add(childTreeNode);
                }


                // Process next batch of dll imports
                if (SettingTreeBehaviour != TreeBuildingBehaviour.DependencyTreeBehaviour.ChildOnly)
                {
                    foreach (var ImportNode in PEProcessingBacklog)
                    {
                        ConstructDependencyTree(ImportNode.Item1, ImportNode.Item2, RecursionLevel + 1); // warning : recursive call
                    }
                }
            };

            bw.RunWorkerAsync();
        }
Beispiel #19
0
 private void UpdateImportExportLists(DisplayModuleInfo SelectedModule)
 {
     this.ImportList.SetImports(SelectedModule.Imports, this.Pe, this.SxsEntriesCache, SymPrv);
     this.ExportList.SetExports(SelectedModule.Exports, SymPrv);
 }
Beispiel #20
0
 public ApiSetModuleInfo(string ApiSetModuleName, ref DisplayModuleInfo _UnderlyingModule)
     : base(ApiSetModuleName)
 {
     UnderlyingModule = _UnderlyingModule;
 }