public List <PortableExecutable> Process(String FilePath, PortableExecutable target)
{
this.LoadLocal(FilePath);
this.SearchLocal(target);
return(this.reverseDependecyList);
}
private void SearchLocal(PortableExecutable target)
{
foreach (PortableExecutable portableExecutable in localPortableExecutables)
{
if (SearchIndividualPE(portableExecutable, target))
{
reverseDependecyList.Add(portableExecutable);
}
}
}
public void Load(PortableExecutable portableExecutable)
{
//references to properties of the portableExecutable we are going to load
String FilePath = portableExecutable.FilePath;
String currentDirectory = portableExecutable.directoryPath;
List <string> listOfBranch = portableExecutable.listOfBranch;
List <PortableExecutable> Dependencies = portableExecutable.Dependencies;
List <DependeciesObject> DependencyNames = portableExecutable.DependencyNames;
List <FunctionObject> ExportedFunctions = portableExecutable.ExportedFunctions;
List <ImportFunctionObject> ImportFunctions = portableExecutable.ImportFunctions;
List <HeaderObject> Headers = portableExecutable.Headers;
List <SectionObject> Sections = portableExecutable.Sections;
List <DirectoryObject> Directories = portableExecutable.Directories;
List <string> ImportNames = portableExecutable.ImportNames;
List <string> importMismatchedFiles = portableExecutable.importMismatchedFiles;
List <string> circularDependencyFiles = portableExecutable.circularDependencyFiles;
List <ErrorObject> issues = portableExecutable.issues;
//the PE Header reader to be used
PeHeaderReader reader = new PeHeaderReader(FilePath);
if (Is32bitFile(reader))
{
LoadImports(FilePath, true, ImportFunctions, ImportNames);
LoadExports(FilePath, true, ExportedFunctions);
}
else
{
Service64Proxy.Service64 proxy = new Service64Proxy.Service64();
MyObject obj2 = new MyObject();
MyObject myobject = proxy.Load64Imports(obj2, FilePath, true);
List <ImportFunctionObject> listOfobj = myobject.FunctionObjectList;
foreach (ImportFunctionObject importFunctions in listOfobj)
{
ImportFunctions.Add(importFunctions);
ImportNames.Add(importFunctions.Dependency);
}
ExportObject exportObject = new ExportObject();
ExportObject exports = proxy.Load64Exports(exportObject, FilePath, true);
List <FunctionObject> exportList = exports.ExportFunctionObjectList;
ExportedFunctions.AddRange(exportList);
}
GetHeader(Headers, reader);
GetAssemblyDependencies(FilePath, ImportFunctions, ImportNames);
GetAssemblyExports(FilePath, ExportedFunctions);
GetDirectories(Directories, reader);
GetSections(Sections, reader);
LoadDependencies(ImportNames, Dependencies, currentDirectory, FilePath, reader, listOfBranch, this, ImportFunctions, importMismatchedFiles, circularDependencyFiles, issues);
}
//Define EQ of PE on baseClass
private bool SearchIndividualPE(PortableExecutable portableExecutable, PortableExecutable target)
{
bool containsTargetAsaDependecy = false;
foreach (PortableExecutable dependency in portableExecutable.Dependencies)
{
if (dependency.Name == target.Name)
{
containsTargetAsaDependecy = true;
break;
}
}
return(containsTargetAsaDependecy);
}
public void LoadLocal(String FilePath)
{
List <String> fileList = LoadDirectory(FilePath);
foreach (String Path in fileList)
{
PortableExecutable portableExecutable = new PortableExecutable(ExtractFileNameFromPath(Path), Path);
PortableExecutableLoader loader = new PortableExecutableLoader();
loader.Load(portableExecutable);
localPortableExecutables.Add(portableExecutable);
}
foreach (string d in Directory.GetDirectories(FilePath))
{
LoadLocal(d);
}
}
private bool SearchIndividualPE(PortableExecutable candidate, PortableExecutable target)
{
bool containsTargetAsaDependecy = false;
if (candidate != null && target != null && candidate.Dependencies.Count > 0)
{
foreach (PortableExecutable dependency in candidate.Dependencies)
{
if (target.Equals(dependency))
{
containsTargetAsaDependecy = true;
break;
}
}
}
return(containsTargetAsaDependecy);
}
/// <summary>
/// Load each of the dependencies as a Portable Executable Object
/// </summary>
/// <returns> The Dependencies in a Portable Executable File Format </returns>
private void LoadDependencies(List <string> ImportNames, List <PortableExecutable> Dependencies, String currentDirectory, String FilePath, PeHeaderReader reader, List <string> listOfBranch, PortableExecutableLoader portableExecutableLoader, List <ImportFunctionObject> importFunctions, List <string> importMismatchedFiles, List <string> circularDependencyFiles, List <ErrorObject> issues)
{
PortableExecutable PE;
string filePath;
unsafe
{
try
{
ImportNames = ImportNames.Distinct().ToList();
foreach (string name in ImportNames)
{
filePath = null;
if (!filePathsTable.ContainsKey(name))
{
var importedFunction = from import in importFunctions
where import.Dependency == name
select import.Function;
List <String> importedFunctionNames = new List <string>();
importedFunctionNames.AddRange(importedFunction);
foreach (String path in GetModulePath(name, currentDirectory, FilePath, reader))
{
List <FunctionObject> exportsOfFile = new List <FunctionObject>();
List <string> exportsFunctionNames = new List <string>();
if (path != null)
{
LoadExports(path, true, exportsOfFile);
foreach (FunctionObject exports in exportsOfFile)
{
exportsFunctionNames.Add(exports.Function);
}
var firstNotSecond = importedFunctionNames.Except(exportsFunctionNames).ToList();
// filePath = path;
if (string.Equals(name, "kernel32.dll", StringComparison.OrdinalIgnoreCase) || string.Equals(name, "msvcrt.dll", StringComparison.OrdinalIgnoreCase))
{
filePath = GetModulePath(name, currentDirectory, FilePath, reader).First();
break;
}
else if (!importedFunctionNames.Except(exportsFunctionNames).Any())
{
filePath = path;
break;
}
}
}
}
else
{
filePath = filePathsTable[name].ToString();
}
if (filePath == null)
{
if (GetModulePath(name, currentDirectory, FilePath, reader).Count > 0)
{
// importMismatchedFiles.Add(name);
issues.Add(new ErrorObject(name, "Imports and Export mismatch found"));
//Suggestion for import export mismatch error
smartSuggestionEngine.readErrorCode(name, 4);
}
else
{
issues.Add(new ErrorObject(name, "File path not found"));
//Suggestion for null file path
smartSuggestionEngine.readErrorCode(name, 5);
}
}
var hLib2 = LoadLibraryEx(filePath, 0,
DONT_RESOLVE_DLL_REFERENCES | LOAD_IGNORE_CODE_AUTHZ_LEVEL);
if (listOfBranch.Contains(name))
{
// circularDependencyFiles.Add(name);
issues.Add(new ErrorObject(name, "Circular dependency is detected"));
//Suggestion for circular dependency
smartSuggestionEngine.readErrorCode(name, 6);
continue;
}
else
{
List <string> newBranchList = listOfBranch.ToList();
newBranchList.Add(name);
if (!CheckLibrary(name))
{
PE = new PortableExecutable(name, filePath, true, newBranchList);
}
else
{
PE = new PortableExecutable(name, filePath, false, newBranchList);
}
// Dependencies.Add(PE);
portableExecutableLoader.Load(PE);
Dependencies.Add(PE);
}
}
}
//To catch error in dependencies
catch (Exception) {
}
return;
}
}