private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens) { List <string> paths = new List <string>(); if (Path != null) { paths.AddRange(Path); } if (Win32Path != null) { paths.AddRange(Win32Path.Select(p => ConvertWin32Path(p))); } foreach (string path in paths) { if (!path.StartsWith(@"\")) { WriteWarning($"Path '{path}' doesn't start with \\. Perhaps you want to specify -Win32Path instead?"); } try { RunAccessCheckPath(tokens, path); } catch (NtException ex) { WriteError(new ErrorRecord(ex, "NtException", ErrorCategory.DeviceError, this)); } } }
void DumpUnpackedFiles() { foreach (var unpackedFile in unpackedFiles) { DeobfuscatedFile.CreateAssemblyFile(unpackedFile.data, Win32Path.GetFileNameWithoutExtension(unpackedFile.filename), Win32Path.GetExtension(unpackedFile.filename)); } }
UnpackedFile unpackEmbeddedFile(int index, ApplicationModeDecrypter decrypter) { uint offset = 0; for (int i = 0; i < index + 1; i++) { offset += sizes[i]; } string filename = Win32Path.GetFileName(filenames[index]); var data = peImage.offsetReadBytes(offset, (int)sizes[index + 1]); data = DeobUtils.aesDecrypt(data, decrypter.AssemblyKey, decrypter.AssemblyIv); data = decompress(data); return(new UnpackedFile(filename, data)); }
public override int GetHashCode() { return(Version.GetSafeHashCode() ^ Name.GetSafeHashCode() ^ Win32Path.GetSafeHashCode() ^ Win64Path.GetSafeHashCode()); }