public PEManifest(PE _Application) { Application = _Application; Manifest = Application.GetManifest(); XmlManifest = null; Exception = ""; if (Manifest.Length != 0) { try { // Use a memory stream to correctly handle BOM encoding for manifest resource using (var stream = new System.IO.MemoryStream(System.Text.Encoding.UTF8.GetBytes(Manifest))) { XmlManifest = SxsManifest.ParseSxsManifest(stream); } } catch (System.Xml.XmlException e) { //Console.Error.WriteLine("[x] \"Malformed\" pe manifest for file {0:s} : {1:s}", Application.Filepath, PeManifest); //Console.Error.WriteLine("[x] Exception : {0:s}", e.ToString()); XmlManifest = null; Exception = e.ToString(); } } }
public void InitializeView() { if (!NativeFile.Exists(this.Filename)) { MessageBox.Show( String.Format("{0:s} is not present on the disk", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.Pe = (Application.Current as App).LoadBinary(this.Filename); if (this.Pe == null || !this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(this.Filename); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); this._SelectedModule = null; this._DisplayWarning = false; // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.Items.Clear(); this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; this.ModulesList.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand; var RootFilename = Path.GetFileName(this.Filename); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe, ModuleSearchStrategy.ROOT); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, this.Filename), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Clear(); this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(PE RootPe, string ModuleName) { string WorkingDirectory = Path.GetDirectoryName(RootPe.Filepath); List <string> CustomSearchFolders = new List <string>(); SxsEntries SxsCache = SxsManifest.GetSxsEntries(RootPe); return(ResolveModule(RootPe, ModuleName, SxsCache, CustomSearchFolders, WorkingDirectory)); }
public static Tuple <ModuleSearchStrategy, PE> ResolveModule(string ModuleName) { PE RootPe = LoadPe(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "ntdll.dll")); string WorkingDirectory = Path.GetDirectoryName(RootPe.Filepath); List <string> CustomSearchFolders = new List <string>(); SxsEntries SxsCache = SxsManifest.GetSxsEntries(RootPe); return(ResolveModule(RootPe, ModuleName, SxsCache, CustomSearchFolders, WorkingDirectory)); }
public PeDependencies(PE Application) { string RootFilename = Path.GetFileName(Application.Filepath); RootPe = Application; SxsEntriesCache = SxsManifest.GetSxsEntries(RootPe); ModulesCache = new ModuleEntries(); Root = GetModuleItem(RootFilename, Application.Filepath, ModuleSearchStrategy.ROOT, 0); Root.ResolveDependencies(); }
public PeDependencies(PE Application, int recursion_depth) { string RootFilename = Path.GetFileName(Application.Filepath); RootPe = Application; SxsEntriesCache = SxsManifest.GetSxsEntries(RootPe); ModulesCache = new ModuleEntries(); MaxRecursion = recursion_depth; ModulesVisited = new Dictionary <ModuleCacheKey, bool>(); Root = GetModuleItem(RootFilename, Application.Filepath, ModuleSearchStrategy.ROOT, 0); Root.LoadPe(); Root.ResolveDependencies(); }
public DependencyWindow(String FileName) { InitializeComponent(); this.Filename = FileName; this.Pe = new PE(FileName); if (!this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(FileName); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; var RootFilename = Path.GetFileName(FileName); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, FileName), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
public SxsDependencies(PE _Application) { Application = _Application; SxS = SxsManifest.GetSxsEntries(Application); }