Ejemplo n.º 1
0
        public List <PortableExecutable> Process(String FilePath, PortableExecutable target)
        {
            this.LoadLocal(FilePath);
            this.SearchLocal(target);

            return(this.reverseDependecyList);
        }
Ejemplo n.º 2
0
 private void SearchLocal(PortableExecutable target)
 {
     foreach (PortableExecutable portableExecutable in localPortableExecutables)
     {
         if (SearchIndividualPE(portableExecutable, target))
         {
             reverseDependecyList.Add(portableExecutable);
         }
     }
 }
Ejemplo n.º 3
0
        public void Load(PortableExecutable portableExecutable)
        {
            //references to properties of the portableExecutable we are going to load
            String                      FilePath                = portableExecutable.FilePath;
            String                      currentDirectory        = portableExecutable.directoryPath;
            List <string>               listOfBranch            = portableExecutable.listOfBranch;
            List <PortableExecutable>   Dependencies            = portableExecutable.Dependencies;
            List <DependeciesObject>    DependencyNames         = portableExecutable.DependencyNames;
            List <FunctionObject>       ExportedFunctions       = portableExecutable.ExportedFunctions;
            List <ImportFunctionObject> ImportFunctions         = portableExecutable.ImportFunctions;
            List <HeaderObject>         Headers                 = portableExecutable.Headers;
            List <SectionObject>        Sections                = portableExecutable.Sections;
            List <DirectoryObject>      Directories             = portableExecutable.Directories;
            List <string>               ImportNames             = portableExecutable.ImportNames;
            List <string>               importMismatchedFiles   = portableExecutable.importMismatchedFiles;
            List <string>               circularDependencyFiles = portableExecutable.circularDependencyFiles;
            List <ErrorObject>          issues = portableExecutable.issues;
            //the PE Header reader to be used
            PeHeaderReader reader = new PeHeaderReader(FilePath);

            if (Is32bitFile(reader))
            {
                LoadImports(FilePath, true, ImportFunctions, ImportNames);
                LoadExports(FilePath, true, ExportedFunctions);
            }
            else
            {
                Service64Proxy.Service64 proxy = new Service64Proxy.Service64();
                MyObject obj2     = new MyObject();
                MyObject myobject = proxy.Load64Imports(obj2, FilePath, true);
                List <ImportFunctionObject> listOfobj = myobject.FunctionObjectList;
                foreach (ImportFunctionObject importFunctions in listOfobj)
                {
                    ImportFunctions.Add(importFunctions);
                    ImportNames.Add(importFunctions.Dependency);
                }
                ExportObject          exportObject = new ExportObject();
                ExportObject          exports      = proxy.Load64Exports(exportObject, FilePath, true);
                List <FunctionObject> exportList   = exports.ExportFunctionObjectList;
                ExportedFunctions.AddRange(exportList);
            }

            GetHeader(Headers, reader);
            GetAssemblyDependencies(FilePath, ImportFunctions, ImportNames);
            GetAssemblyExports(FilePath, ExportedFunctions);
            GetDirectories(Directories, reader);
            GetSections(Sections, reader);
            LoadDependencies(ImportNames, Dependencies, currentDirectory, FilePath, reader, listOfBranch, this, ImportFunctions, importMismatchedFiles, circularDependencyFiles, issues);
        }
Ejemplo n.º 4
0
        //Define EQ of PE on baseClass
        private bool SearchIndividualPE(PortableExecutable portableExecutable, PortableExecutable target)
        {
            bool containsTargetAsaDependecy = false;

            foreach (PortableExecutable dependency in portableExecutable.Dependencies)
            {
                if (dependency.Name == target.Name)
                {
                    containsTargetAsaDependecy = true;
                    break;
                }
            }

            return(containsTargetAsaDependecy);
        }
Ejemplo n.º 5
0
        public void LoadLocal(String FilePath)
        {
            List <String> fileList = LoadDirectory(FilePath);

            foreach (String Path in fileList)
            {
                PortableExecutable       portableExecutable = new PortableExecutable(ExtractFileNameFromPath(Path), Path);
                PortableExecutableLoader loader             = new PortableExecutableLoader();
                loader.Load(portableExecutable);
                localPortableExecutables.Add(portableExecutable);
            }
            foreach (string d in Directory.GetDirectories(FilePath))
            {
                LoadLocal(d);
            }
        }
Ejemplo n.º 6
0
        private bool SearchIndividualPE(PortableExecutable candidate, PortableExecutable target)
        {
            bool containsTargetAsaDependecy = false;

            if (candidate != null && target != null && candidate.Dependencies.Count > 0)
            {
                foreach (PortableExecutable dependency in candidate.Dependencies)
                {
                    if (target.Equals(dependency))
                    {
                        containsTargetAsaDependecy = true;
                        break;
                    }
                }
            }

            return(containsTargetAsaDependecy);
        }
Ejemplo n.º 7
0
        /// <summary>
        /// Load each of the dependencies as a Portable Executable Object
        /// </summary>
        /// <returns> The Dependencies in a Portable Executable File Format </returns>
        private void LoadDependencies(List <string> ImportNames, List <PortableExecutable> Dependencies, String currentDirectory, String FilePath, PeHeaderReader reader, List <string> listOfBranch, PortableExecutableLoader portableExecutableLoader, List <ImportFunctionObject> importFunctions, List <string> importMismatchedFiles, List <string> circularDependencyFiles, List <ErrorObject> issues)
        {
            PortableExecutable PE;
            string             filePath;

            unsafe
            {
                try
                {
                    ImportNames = ImportNames.Distinct().ToList();
                    foreach (string name in ImportNames)
                    {
                        filePath = null;

                        if (!filePathsTable.ContainsKey(name))
                        {
                            var importedFunction = from import in importFunctions
                                                   where import.Dependency == name
                                                   select import.Function;
                            List <String> importedFunctionNames = new List <string>();
                            importedFunctionNames.AddRange(importedFunction);



                            foreach (String path in GetModulePath(name, currentDirectory, FilePath, reader))
                            {
                                List <FunctionObject> exportsOfFile = new List <FunctionObject>();

                                List <string> exportsFunctionNames = new List <string>();
                                if (path != null)
                                {
                                    LoadExports(path, true, exportsOfFile);
                                    foreach (FunctionObject exports in exportsOfFile)
                                    {
                                        exportsFunctionNames.Add(exports.Function);
                                    }
                                    var firstNotSecond = importedFunctionNames.Except(exportsFunctionNames).ToList();
                                    //   filePath = path;
                                    if (string.Equals(name, "kernel32.dll", StringComparison.OrdinalIgnoreCase) || string.Equals(name, "msvcrt.dll", StringComparison.OrdinalIgnoreCase))
                                    {
                                        filePath = GetModulePath(name, currentDirectory, FilePath, reader).First();
                                        break;
                                    }
                                    else if (!importedFunctionNames.Except(exportsFunctionNames).Any())
                                    {
                                        filePath = path;
                                        break;
                                    }
                                }
                            }
                        }

                        else
                        {
                            filePath = filePathsTable[name].ToString();
                        }

                        if (filePath == null)
                        {
                            if (GetModulePath(name, currentDirectory, FilePath, reader).Count > 0)
                            {
                                //   importMismatchedFiles.Add(name);
                                issues.Add(new ErrorObject(name, "Imports and Export mismatch found"));
                                //Suggestion for import export mismatch error
                                smartSuggestionEngine.readErrorCode(name, 4);
                            }
                            else
                            {
                                issues.Add(new ErrorObject(name, "File path not found"));
                                //Suggestion for null file path
                                smartSuggestionEngine.readErrorCode(name, 5);
                            }
                        }
                        var hLib2 = LoadLibraryEx(filePath, 0,
                                                  DONT_RESOLVE_DLL_REFERENCES | LOAD_IGNORE_CODE_AUTHZ_LEVEL);
                        if (listOfBranch.Contains(name))
                        {
                            //  circularDependencyFiles.Add(name);
                            issues.Add(new ErrorObject(name, "Circular dependency is detected"));
                            //Suggestion for circular dependency
                            smartSuggestionEngine.readErrorCode(name, 6);
                            continue;
                        }
                        else
                        {
                            List <string> newBranchList = listOfBranch.ToList();
                            newBranchList.Add(name);
                            if (!CheckLibrary(name))
                            {
                                PE = new PortableExecutable(name, filePath, true, newBranchList);
                            }
                            else
                            {
                                PE = new PortableExecutable(name, filePath, false, newBranchList);
                            }
                            // Dependencies.Add(PE);
                            portableExecutableLoader.Load(PE);
                            Dependencies.Add(PE);
                        }
                    }
                }
                //To catch error in dependencies
                catch (Exception) {
                }
                return;
            }
        }