public PEManifest(PE _Application)
{
Application = _Application;
Manifest = Application.GetManifest();
XmlManifest = null;
Exception = "";
if (Manifest.Length != 0)
{
try
{
// Use a memory stream to correctly handle BOM encoding for manifest resource
using (var stream = new System.IO.MemoryStream(System.Text.Encoding.UTF8.GetBytes(Manifest)))
{
XmlManifest = SxsManifest.ParseSxsManifest(stream);
}
}
catch (System.Xml.XmlException e)
{
//Console.Error.WriteLine("[x] \"Malformed\" pe manifest for file {0:s} : {1:s}", Application.Filepath, PeManifest);
//Console.Error.WriteLine("[x] Exception : {0:s}", e.ToString());
XmlManifest = null;
Exception = e.ToString();
}
}
}
public void InitializeView()
{
if (!NativeFile.Exists(this.Filename))
{
MessageBox.Show(
String.Format("{0:s} is not present on the disk", this.Filename),
"Invalid PE",
MessageBoxButton.OK
);
return;
}
this.Pe = (Application.Current as App).LoadBinary(this.Filename);
if (this.Pe == null || !this.Pe.LoadSuccessful)
{
MessageBox.Show(
String.Format("{0:s} is not a valid PE-COFF file", this.Filename),
"Invalid PE",
MessageBoxButton.OK
);
return;
}
this.SymPrv = new PhSymbolProvider();
this.RootFolder = Path.GetDirectoryName(this.Filename);
this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe);
this.ProcessedModulesCache = new ModulesCache();
this.ApiSetmapCache = Phlib.GetApiSetSchema();
this._SelectedModule = null;
this._DisplayWarning = false;
// TODO : Find a way to properly bind commands instead of using this hack
this.ModulesList.Items.Clear();
this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree;
this.ModulesList.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand;
var RootFilename = Path.GetFileName(this.Filename);
var RootModule = new DisplayModuleInfo(RootFilename, this.Pe, ModuleSearchStrategy.ROOT);
this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, this.Filename), RootModule);
ModuleTreeViewItem treeNode = new ModuleTreeViewItem();
DependencyNodeContext childTreeInfoContext = new DependencyNodeContext()
{
ModuleInfo = new WeakReference(RootModule),
IsDummy = false
};
treeNode.DataContext = childTreeInfoContext;
treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath);
treeNode.IsExpanded = true;
this.DllTreeView.Items.Clear();
this.DllTreeView.Items.Add(treeNode);
// Recursively construct tree of dll imports
ConstructDependencyTree(treeNode, this.Pe);
}
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(PE RootPe, string ModuleName)
{
string WorkingDirectory = Path.GetDirectoryName(RootPe.Filepath);
List <string> CustomSearchFolders = new List <string>();
SxsEntries SxsCache = SxsManifest.GetSxsEntries(RootPe);
return(ResolveModule(RootPe, ModuleName, SxsCache, CustomSearchFolders, WorkingDirectory));
}
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(string ModuleName)
{
PE RootPe = LoadPe(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "ntdll.dll"));
string WorkingDirectory = Path.GetDirectoryName(RootPe.Filepath);
List <string> CustomSearchFolders = new List <string>();
SxsEntries SxsCache = SxsManifest.GetSxsEntries(RootPe);
return(ResolveModule(RootPe, ModuleName, SxsCache, CustomSearchFolders, WorkingDirectory));
}
public PeDependencies(PE Application)
{
string RootFilename = Path.GetFileName(Application.Filepath);
RootPe = Application;
SxsEntriesCache = SxsManifest.GetSxsEntries(RootPe);
ModulesCache = new ModuleEntries();
Root = GetModuleItem(RootFilename, Application.Filepath, ModuleSearchStrategy.ROOT, 0);
Root.ResolveDependencies();
}
public PeDependencies(PE Application, int recursion_depth)
{
string RootFilename = Path.GetFileName(Application.Filepath);
RootPe = Application;
SxsEntriesCache = SxsManifest.GetSxsEntries(RootPe);
ModulesCache = new ModuleEntries();
MaxRecursion = recursion_depth;
ModulesVisited = new Dictionary <ModuleCacheKey, bool>();
Root = GetModuleItem(RootFilename, Application.Filepath, ModuleSearchStrategy.ROOT, 0);
Root.LoadPe();
Root.ResolveDependencies();
}
public DependencyWindow(String FileName)
{
InitializeComponent();
this.Filename = FileName;
this.Pe = new PE(FileName);
if (!this.Pe.LoadSuccessful)
{
MessageBox.Show(
String.Format("{0:s} is not a valid PE-COFF file", this.Filename),
"Invalid PE",
MessageBoxButton.OK
);
return;
}
this.SymPrv = new PhSymbolProvider();
this.RootFolder = Path.GetDirectoryName(FileName);
this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe);
this.ProcessedModulesCache = new ModulesCache();
this.ApiSetmapCache = Phlib.GetApiSetSchema();
// TODO : Find a way to properly bind commands instead of using this hack
this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree;
var RootFilename = Path.GetFileName(FileName);
var RootModule = new DisplayModuleInfo(RootFilename, this.Pe);
this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, FileName), RootModule);
ModuleTreeViewItem treeNode = new ModuleTreeViewItem();
DependencyNodeContext childTreeInfoContext = new DependencyNodeContext()
{
ModuleInfo = new WeakReference(RootModule),
IsDummy = false
};
treeNode.DataContext = childTreeInfoContext;
treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath);
treeNode.IsExpanded = true;
this.DllTreeView.Items.Add(treeNode);
// Recursively construct tree of dll imports
ConstructDependencyTree(treeNode, this.Pe);
}
public SxsDependencies(PE _Application)
{
Application = _Application;
SxS = SxsManifest.GetSxsEntries(Application);
}
