public DisplayModuleInfo(string ModuleName, PE Pe, ModuleSearchStrategy Location, ModuleFlag Flags = 0)
{
_Name = ModuleName;
_Filepath = Pe.Filepath;
_Flags = Flags;
// Do not set this variables in order to
// lessen memory allocations
_Imports = null;
_Exports = null;
_Location = Location;
_Info = new ModuleInfo()
{
Machine = Pe.Properties.Machine,
Magic = Pe.Properties.Magic,
Filesize = Pe.Properties.FileSize,
ImageBase = (UInt64)Pe.Properties.ImageBase,
SizeOfImage = Pe.Properties.SizeOfImage,
EntryPoint = (UInt64)Pe.Properties.EntryPoint,
Checksum = Pe.Properties.Checksum,
CorrectChecksum = Pe.Properties.CorrectChecksum,
Subsystem = Pe.Properties.Subsystem,
SubsystemVersion = Pe.Properties.SubsystemVersion,
Characteristics = Pe.Properties.Characteristics,
DllCharacteristics = Pe.Properties.DllCharacteristics,
};
AddNewEventHandler("FullPath", "FullPath", "ModuleName", this.GetPathDisplayName);
}
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(PE RootPe, string ModuleName, SxsEntries SxsCache)
{
Tuple <ModuleSearchStrategy, string> ResolvedFilepath;
string ApiSetName = LookupApiSetLibrary(ModuleName);
if (ApiSetName != null)
{
ModuleName = ApiSetName;
}
ResolvedFilepath = FindPe.FindPeFromDefault(RootPe, ModuleName, SxsCache);
// ApiSet override the underneath search location if found
ModuleSearchStrategy ModuleLocation = ResolvedFilepath.Item1;
if ((ApiSetName != null) && (ResolvedFilepath.Item2 != null))
{
ModuleLocation = ModuleSearchStrategy.ApiSetSchema;
}
//
PE ResolvedModule = null;
if (ResolvedFilepath.Item2 != null)
{
ResolvedModule = LoadPe(ResolvedFilepath.Item2);
}
return(new Tuple <ModuleSearchStrategy, PE>(ModuleLocation, ResolvedModule));
}
/// <summary>
/// Search the missing DLL
/// </summary>
/// <param name="ignoreapppath">If true, the current dir will be ignored</param>
/// <returns>The names of missing DLL</returns>
public List <string> FindMissingDll(bool ignoreapppath = false)
{
if (localPE == null)
{
throw new InvalidOperationException();
}
List <string> result = new List <string>();
List <PeImportDll> peImports = GetImportDllList();
Environment.SpecialFolder WindowsSystemFolder = (localPE.IsWow64Dll()) ?
Environment.SpecialFolder.SystemX86 :
Environment.SpecialFolder.System;
string User32Filepath = Path.Combine(Environment.GetFolderPath(WindowsSystemFolder), "user32.dll");
foreach (PeImportDll dllImp in peImports)
{
Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule(localPE, dllImp.Name, SxsEntriesCache);
ModuleSearchStrategy strategy = ResolvedModule.Item1;
if (strategy == ModuleSearchStrategy.NOT_FOUND)
{
result.Add(dllImp.Name);
}
if (ignoreapppath && (strategy == ModuleSearchStrategy.ApplicationDirectory))
{
result.Add(dllImp.Name);
}
}
return(result);
}
public PeDependencyItem(PeDependencies _Root, string _ModuleName, string ModuleFilepath, ModuleSearchStrategy Strategy, int Level)
{
Root = _Root;
ModuleName = _ModuleName;
Imports = new List <PeImportDll>();
Filepath = ModuleFilepath;
SearchStrategy = Strategy;
RecursionLevel = Level;
DependenciesResolved = false;
Dependencies = new List <PeDependencyItem>();
ResolvedImports = new List <PeDependencyItem>();
}
public PeDependencyItem(PeDependencies _Root, string _ModuleName, string ModuleFilepath, ModuleSearchStrategy Strategy, int Level)
{
Root = _Root;
ModuleName = _ModuleName;
if (ModuleFilepath != null)
{
PE Module = BinaryCache.LoadPe(ModuleFilepath);
Imports = Module.GetImports();
}
else
{
//Module = null;
Imports = new List <PeImportDll>();
}
Filepath = ModuleFilepath;
SearchStrategy = Strategy;
RecursionLevel = Level;
DependenciesResolved = false;
}
public PeDependencyItem(PeDependencies _Root, string _ModuleName, string ModuleFilepath, ModuleSearchStrategy Strategy, int Level)
{
Action action = () =>
{
Root = _Root;
ModuleName = _ModuleName;
Imports = new List <ImportDll>();
Filepath = ModuleFilepath;
SearchStrategy = Strategy;
RecursionLevel = Level;
DependenciesResolved = false;
FullDependencies = new List <PeDependencyItem>();
ResolvedImports = new List <PeDependencyItem>();
ModuleReferences = new List <ImportDll>();
AssemblyReferences = new List <AssemblyNameReference>();
};
SafeExecutor(action);
}
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(PE RootPe, string ModuleName, SxsEntries SxsCache)
{
Tuple <ModuleSearchStrategy, string> ResolvedFilepath;
// if no extension is used, assume a .dll
if (Path.GetExtension(ModuleName) == String.Empty)
{
ModuleName = String.Format("{0:s}.dll", ModuleName);
}
string ApiSetName = LookupApiSetLibrary(ModuleName);
if (ApiSetName != null)
{
ModuleName = ApiSetName;
}
ResolvedFilepath = FindPe.FindPeFromDefault(RootPe, ModuleName, SxsCache);
// ApiSet override the underneath search location if found
ModuleSearchStrategy ModuleLocation = ResolvedFilepath.Item1;
if ((ApiSetName != null) && (ResolvedFilepath.Item2 != null))
{
ModuleLocation = ModuleSearchStrategy.ApiSetSchema;
}
//
PE ResolvedModule = null;
if (ResolvedFilepath.Item2 != null)
{
ResolvedModule = LoadPe(ResolvedFilepath.Item2);
}
return(new Tuple <ModuleSearchStrategy, PE>(ModuleLocation, ResolvedModule));
}
public PeDependencyItem GetModuleItem(string ModuleName, string ModuleFilepath, ModuleSearchStrategy SearchStrategy, int RecursionLevel)
{
// Do not process twice the same item
ModuleCacheKey ModuleKey = new ModuleCacheKey(ModuleName, ModuleFilepath);
if (!ModulesCache.ContainsKey(ModuleKey))
{
ModulesCache[ModuleKey] = new PeDependencyItem(this, ModuleName, ModuleFilepath, SearchStrategy, RecursionLevel);
}
return(ModulesCache[ModuleKey]);
}