public void guess(IGuesserListener listener, string file)
{
try
{
ExeParser ep = new ExeParser(file);
IList <ImportTableEntry> imps = ep.ImportTable;
string[] dlls = new string[imps.Count];
int count = 0;
foreach (ImportTableEntry imp in imps)
{
dlls[count++] = imp.DLL;
listener.guessInfo(1, "** Uses DLL: " + imp.DLL);
}
IList <string> results = sp.parse("", dlls);
foreach (string result in results)
{
listener.guessInfo(0, "DLLImports suggest: " + result);
listener.guessAttribute("IMPORTS", result);
}
}
catch (EXEFormatException ex)
{
listener.guessInfo(1, "** EXE Format: " + ex.Message);
}
}
internal void guessWindow(IGuesserListener listener, ManagedWinapi.Windows.SystemWindow window)
{
foreach (IWindowGuesser g in windowGuessers)
{
g.guess(listener, window);
}
}
internal void guessWindow(IGuesserListener listener, ManagedWinapi.Windows.SystemWindow window)
{
foreach (IWindowGuesser g in windowGuessers)
{
g.guess(listener, window);
}
}
public void guessFile(IGuesserListener listener, string file)
{
foreach (IFileGuesser g in fileGuessers)
{
g.guess(listener, file);
}
}
public void guess(IGuesserListener listener, string file)
{
try
{
ExeParser ep = new ExeParser(file);
IList<ImportTableEntry> imps = ep.ImportTable;
string[] dlls = new string[imps.Count];
int count = 0;
foreach (ImportTableEntry imp in imps)
{
dlls[count++] = imp.DLL;
listener.guessInfo(1, "** Uses DLL: " + imp.DLL);
}
IList<string> results = sp.parse("", dlls);
foreach (string result in results)
{
listener.guessInfo(0, "DLLImports suggest: " + result);
listener.guessAttribute("IMPORTS", result);
}
}
catch (EXEFormatException ex)
{
listener.guessInfo(1, "** EXE Format: " + ex.Message);
}
}
public void guessFile(IGuesserListener listener, string file)
{
foreach (IFileGuesser g in fileGuessers)
{
g.guess(listener, file);
}
}
public void guess(IGuesserListener listener, string file)
{
try
{
String stub = new ExeParser(file).StubSignature;
listener.guessInfo(1, "** EXE Stub signature: " + stub);
listener.guessAttribute("STUB", stub);
}
catch (EXEFormatException ex)
{
listener.guessInfo(1, "** EXE Format: " + ex.Message);
}
}
public void guess(IGuesserListener listener, SystemWindow window)
{
string file;
try
{
file = window.Process.MainModule.FileName;
}
catch (Win32Exception)
{
listener.guessInfo(2, "*** File access denied");
return;
}
listener.guessInfo(2, "*** Detected File: " + file);
ctrl.guessFile(listener, file);
}
internal string summarize(IGuesserListener listener, string[] attributes)
{
foreach (string att in attributes)
{
listener.guessInfo(2, "** Summary attribute: " + att);
}
List<string> r = summary.parse("", attributes);
string ss;
if (r.Count > 0)
ss = r[0];
else
ss = "UNKNOWN";
listener.guessInfo(0, "Summary: " + ss);
return ss;
}
public void guess(IGuesserListener listener, SystemWindow window)
{
string file;
try
{
file = window.Process.MainModule.FileName;
}
catch (Win32Exception)
{
listener.guessInfo(2, "*** File access denied");
return;
}
listener.guessInfo(2, "*** Detected File: " + file);
ctrl.guessFile(listener, file);
}
public void guess(IGuesserListener listener, SystemWindow window)
{
string mainclass = window.ClassName;
List<string> childClasses = new List<string>();
childClasses.Add(mainclass);
parseChildren(childClasses, window);
childClasses.Sort();
listener.guessInfo(1, "** Main class: " + mainclass);
foreach (string c in childClasses)
{
listener.guessInfo(2, "*** Child class:" + c);
}
IList<string> results = sp.parse(mainclass, childClasses.ToArray());
foreach (string r in results)
{
listener.guessInfo(0, "Wndclass suggests: " + r);
listener.guessAttribute("WNDCLASS", r);
}
}
internal string summarize(IGuesserListener listener, string[] attributes)
{
foreach (string att in attributes)
{
listener.guessInfo(2, "** Summary attribute: " + att);
}
List <string> r = summary.parse("", attributes);
string ss;
if (r.Count > 0)
{
ss = r[0];
}
else
{
ss = "UNKNOWN";
}
listener.guessInfo(0, "Summary: " + ss);
return(ss);
}
public void guess(IGuesserListener listener, SystemWindow window)
{
string mainclass = window.ClassName;
List <string> childClasses = new List <string>();
childClasses.Add(mainclass);
parseChildren(childClasses, window);
childClasses.Sort();
listener.guessInfo(1, "** Main class: " + mainclass);
foreach (string c in childClasses)
{
listener.guessInfo(2, "*** Child class:" + c);
}
IList <string> results = sp.parse(mainclass, childClasses.ToArray());
foreach (string r in results)
{
listener.guessInfo(0, "Wndclass suggests: " + r);
listener.guessAttribute("WNDCLASS", r);
}
}
public void guess(IGuesserListener listener, string file)
{
try
{
IList <ExeSection> ss = new ExeParser(file).Sections;
string[] names = new string[ss.Count];
int count = 0;
foreach (ExeSection s in ss)
{
listener.guessInfo(2, "** Section: " + s.Name);
names[count++] = s.Name;
}
List <string> results = sp.parse("", names);
foreach (string result in results)
{
listener.guessInfo(0, "EXE Sections suggest: " + result);
listener.guessAttribute("SECTIONS", result);
}
}
catch (EXEFormatException) { }
}
public void guess(IGuesserListener listener, string file)
{
try
{
IList<ExeSection> ss = new ExeParser(file).Sections;
string[] names = new string[ss.Count];
int count = 0;
foreach (ExeSection s in ss)
{
listener.guessInfo(2, "** Section: " + s.Name);
names[count++] = s.Name;
}
List<string> results = sp.parse("", names);
foreach (string result in results)
{
listener.guessInfo(0, "EXE Sections suggest: " + result);
listener.guessAttribute("SECTIONS", result);
}
}
catch (EXEFormatException) { }
}
public void guess(IGuesserListener listener, string file)
{
try
{
String stub = new ExeParser(file).StubSignature;
listener.guessInfo(1, "** EXE Stub signature: " + stub);
listener.guessAttribute("STUB", stub);
}
catch (EXEFormatException ex)
{
listener.guessInfo(1, "** EXE Format: " + ex.Message);
}
}
