public static string GetShortName(string sLongFileName)
{
var buffer = new StringBuilder(259);
int len = DllHandler.GetShortPathName(sLongFileName, buffer, buffer.Capacity);
if (len == 0)
{
throw new System.ComponentModel.Win32Exception();
}
return(buffer.ToString());
}
public void MonitorProcess()
{
mExeOutput.Text = string.Empty;
ProcessStartInfo startInfo = new ProcessStartInfo(mTextBoxPath.Text)
{
WindowStyle = ProcessWindowStyle.Normal,
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true
};
Func <string> mGetTime = () =>
{
return(DateTime.Now.ToString("[ yyyy-MM-dd HH::mm::ss::fff ] "));
};
Process process = null;
try
{
process = Process.Start(startInfo);
}
catch (Exception)
{
DllHandler.RunAsAdmin(mTextBoxPath.Text);
Hide();
Close();
return;
}
process.OutputDataReceived += (o, e1) =>
{
mExeOutput.Dispatcher.BeginInvoke(new Action(() =>
{
mExeOutput.Text += mGetTime() + e1.Data + Environment.NewLine;
mExeOutput.SelectionStart = mExeOutput.Text.Length;
mExeOutput.ScrollToEnd();
}), null);
};
process.BeginOutputReadLine();
}
public void GetOutput(TextBox textbox, string dllpath, string arg)
{
textbox.Clear();
bool IsDecrptySymbol = (bool)checkbox.IsChecked;
Task.Run(() =>
{
ProcessStartInfo startInfo = new ProcessStartInfo("cmd.exe", "/c " + "dumpbin.exe " + DllHandler.GetShortName(dllpath) + arg + "&exit")
{
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true
};
Process process = Process.Start(startInfo);
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
process.Close();
if (textbox == mImports && IsDecrptySymbol)
{
{
Regex regex = new Regex(@"\?(.*)[Zz]");
var newSource = regex.Replace(output, new MatchEvaluator((Match m) =>
{
var t = DllHandler.GetDecryptSymbolName(m.Value.Trim());
return((t == m.Value.Trim()) ? (" " + m.Value) : (" 解码函数: " + t));
}));
output = newSource;
}
{
Regex regex = new Regex(@"\?(.*)[A]");
var newSource = regex.Replace(output, new MatchEvaluator((Match m) =>
{
var t = DllHandler.GetDecryptSymbolName(m.Value);
return((t == m.Value.Trim()) ? (" " + m.Value) : (" 解码变量: " + t));
}));
output = newSource;
}
}
else if (textbox == mExports && IsDecrptySymbol)
{
{
Regex regex = new Regex(@"\?(.*)[Zz]");
var newSource = regex.Replace(output, new MatchEvaluator((Match m) =>
{
string t = m.Value.Trim();
t = DllHandler.GetDecryptSymbolName(m.Value.Trim());
return((t == m.Value.Trim()) ? (" " + m.Value) : (" 解码函数: " + t));
}));
output = newSource;
}
{
Regex regex = new Regex(@"\(\?(.*)[Zz]\)");
var newSource = regex.Replace(output, new MatchEvaluator((Match m) =>
{
var t = m.Value.Substring(1, m.Value.Length - 2);
return((t == m.Value.Trim()) ? (" " + m.Value) : (" 解码函数: " + t));
}));
output = newSource;
}
{
Regex regex = new Regex(@"\?(.*)[A]");
var newSource = regex.Replace(output, new MatchEvaluator((Match m) =>
{
var t = DllHandler.GetDecryptSymbolName(m.Value);
return((t == m.Value.Trim()) ? (" " + m.Value) : (" 解码变量: " + t));
}));
output = newSource;
}
}
else if (textbox == mHeaderBox)
{
Dispatcher.BeginInvoke(new Action(() =>
{
if (output.Contains("machine (x86)"))
{
mBitVersion.Text = "32 位";
}
else if (output.Contains("machine (x64)"))
{
mBitVersion.Text = "64 位";
}
else
{
mBitVersion.Text = "未知";
}
}));
}
else if (textbox == mDependents)
{
var re = Regex.Match(output, "File Type:(.+)");
Dispatcher.BeginInvoke(new Action(() =>
{
if (re.Success)
{
mFileType.Text = re.Groups[0].Value.Replace("File Type:", "").Trim();
if (output.Contains("KERNEL32.dll"))
{
mFileType.Text += " Native";
}
else if (output.Contains("mscoree.dll"))
{
mFileType.Text += " CLR";
}
}
else
{
mFileType.Text = "未知";
}
}));
}
int cnt = output.Length;
if (cnt > 1024 * 1024)
{
output = output.Substring(0, 1024 * 1024);
GC.Collect();
}
textbox.Dispatcher.BeginInvoke(new Action(() => textbox.AppendText(output)), null);
});
}
