public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ModuleImport, string ModuleFilePath)
{
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
if (ModuleFilePath == null)
{
return(Result);
}
string ApiSetName = LookupApiSetLibrary(ModuleFilePath);
if (ApiSetName != null)
{
ModuleFilePath = ApiSetName;
}
PE Module = LoadPe(ModuleFilePath);
if (Module == null)
{
return(Result);
}
return(LookupImports(ModuleImport, Module.GetExports()));
}
public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ModuleImport, string ModuleFilePath)
{
PE Module = null;
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
// if there is a module name, try to resolve apiset for attempting to load it
if (ModuleFilePath != null)
{
string ApiSetName = LookupApiSetLibrary(ModuleFilePath);
if (!string.IsNullOrEmpty(ApiSetName))
{
Module = ResolveModule(ApiSetName).Item2;
}
else
{
Module = LoadPe(ModuleFilePath);
}
}
// If the module has not been found, mark all imports as not found
if (Module == null)
{
foreach (PeImport Import in ModuleImport.ImportList)
{
Result.Add(new Tuple <PeImport, bool>(Import, false));
}
return(Result);
}
return(LookupImports(ModuleImport, Module.GetExports()));
}
private ImportContext ResolveImport(PeImportDll DllImport)
{
ImportContext ImportModule = new ImportContext();
ImportModule.PeFilePath = null;
ImportModule.PeProperties = null;
ImportModule.ModuleName = DllImport.Name;
ImportModule.ApiSetModuleName = null;
ImportModule.Flags = 0;
if (DllImport.IsDelayLoad())
{
ImportModule.Flags |= ModuleFlag.DelayLoad;
}
Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule(
this.Pe,
DllImport.Name,
this.SxsEntriesCache,
this.CustomSearchFolders,
this.WorkingDirectory
);
ImportModule.ModuleLocation = ResolvedModule.Item1;
if (ImportModule.ModuleLocation != ModuleSearchStrategy.NOT_FOUND)
{
ImportModule.PeProperties = ResolvedModule.Item2;
if (ResolvedModule.Item2 != null)
{
ImportModule.PeFilePath = ResolvedModule.Item2.Filepath;
foreach (var Import in BinaryCache.LookupImports(DllImport, ImportModule.PeFilePath))
{
if (!Import.Item2)
{
ImportModule.Flags |= ModuleFlag.MissingImports;
break;
}
}
}
}
else
{
ImportModule.Flags |= ModuleFlag.NotFound;
}
// special case for apiset schema
ImportModule.IsApiSet = (ImportModule.ModuleLocation == ModuleSearchStrategy.ApiSetSchema);
if (ImportModule.IsApiSet)
{
ImportModule.Flags |= ModuleFlag.ApiSet;
ImportModule.ApiSetModuleName = BinaryCache.LookupApiSetLibrary(DllImport.Name);
if (DllImport.Name.StartsWith("ext-"))
{
ImportModule.Flags |= ModuleFlag.ApiSetExt;
}
}
return(ImportModule);
}
public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ModuleImport, string ModuleFilePath)
{
PE Module = null;
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
if (ModuleFilePath == null)
{
return(Result);
}
string ApiSetName = LookupApiSetLibrary(ModuleFilePath);
if (!string.IsNullOrEmpty(ApiSetName))
{
Module = ResolveModule(ApiSetName).Item2;
}
else
{
Module = LoadPe(ModuleFilePath);
}
if (Module == null)
{
return(Result);
}
return(LookupImports(ModuleImport, Module.GetExports()));
}
public static ImportDll From(PeImportDll i)
{
return(new ImportDll
{
Name = i.Name
});
}
public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ModuleImport, string ModuleFilePath)
{
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
if (ModuleFilePath == null)
{
return(Result);
}
string ApiSetName = LookupApiSetLibrary(ModuleFilePath);
if (ApiSetName != null)
{
ModuleFilePath = ApiSetName;
}
PE Module = LoadPe(ModuleFilePath);
if (Module == null)
{
return(Result);
}
foreach (PeImport Import in ModuleImport.ImportList)
{
bool bFoundImport = false;
foreach (var export in Module.GetExports())
{
if (Import.ImportByOrdinal)
{
if ((export.Ordinal == Import.Ordinal) && export.ExportByOrdinal)
{
bFoundImport = true;
break;
}
}
else
{
if (export.ForwardedName == Import.Name)
{
bFoundImport = true;
break;
}
if (export.Name == Import.Name)
{
bFoundImport = true;
break;
}
}
}
Result.Add(new Tuple <PeImport, bool>(Import, bFoundImport));
}
return(Result);
}
public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ParentImports, List <PeExport> ModuleExports)
{
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
foreach (PeImport Import in ParentImports.ImportList)
{
bool bFoundImport = false;
foreach (var export in ModuleExports)
{
if (Import.ImportByOrdinal)
{
// Even if the export has a Name (therefore not a pure export by ordinal)
// we can still possibly import it by its ordinal, although it's not recommended.
if ((export.Ordinal == Import.Ordinal) /*&& export.ExportByOrdinal*/)
{
bFoundImport = true;
break;
}
}
else
{
if (export.ForwardedName == Import.Name)
{
bFoundImport = true;
break;
}
if (export.Name == Import.Name)
{
bFoundImport = true;
break;
}
}
}
Result.Add(new Tuple <PeImport, bool>(Import, bFoundImport));
}
return(Result);
}
public static List <Tuple <PeImport, bool> > LookupImports(PeImportDll ParentImports, List <PeExport> ModuleExports)
{
List <Tuple <PeImport, bool> > Result = new List <Tuple <PeImport, bool> >();
foreach (PeImport Import in ParentImports.ImportList)
{
bool bFoundImport = false;
foreach (var export in ModuleExports)
{
if (Import.ImportByOrdinal)
{
if ((export.Ordinal == Import.Ordinal) && export.ExportByOrdinal)
{
bFoundImport = true;
break;
}
}
else
{
if (export.ForwardedName == Import.Name)
{
bFoundImport = true;
break;
}
if (export.Name == Import.Name)
{
bFoundImport = true;
break;
}
}
}
Result.Add(new Tuple <PeImport, bool>(Import, bFoundImport));
}
return(Result);
}
