internal static PeHeaderReader FromAssembly(Win32Assembly assembly) { PeHeaderReader headerreader = new PeHeaderReader(); headerreader.assembly = assembly; headerreader.image = assembly._peImage; return headerreader; }
internal static PeImage LoadFromAssembly(Win32Assembly assembly) { return(new PeImage(assembly._path) { ParentAssembly = assembly }); }
public static TreeNode ConstructAssemblyNode(Win32Assembly assembly) { TreeNode assemblyNode = CreateNode(assembly.Path.Substring(assembly.Path.LastIndexOf('\\') + 1), assembly); assemblyNode.Nodes.AddRange(new TreeNode[] { CreateNode("Dos Header", assembly.MZHeader), CreateNode("NT Header", assembly.NTHeader).AddSubNodes(new TreeNode[] { CreateNode("File Header", assembly.NTHeader.FileHeader), CreateNode("Optional Header", assembly.NTHeader.OptionalHeader).AddSubNodes(new TreeNode[] { CreateArrayNode("Data Directories", assembly.NTHeader.OptionalHeader.DataDirectories, (obj) => { return(((DataDirectory)obj).Name.ToString()); }), }) }), CreateArrayNode("Sections", assembly.NTHeader.Sections.ToArray(), (obj) => { return(((Section)obj).Name); }), CreateArrayNode("Export Directory", assembly.LibraryExports.ToArray()), CreateArrayNode("Import Directory", assembly.LibraryImports.ToArray(), (obj) => { return(((LibraryReference)obj).LibraryName); }).AddForEachNode((tag) => { return(((LibraryReference)tag.Object).ImportMethods); }, (obj) => { return(((ImportMethod)obj).Name); }), CreateNode("Resource Directory", assembly.RootResourceDirectory, TreeNodeType.ResourcesTree), CreateNode(".NET Directory", assembly.NETHeader, (netHeader) => { return(assembly.NTHeader.IsManagedAssembly); }).AddSubNodes(new TreeNode[] { CreateNode("MetaData Header", assembly.NETHeader.MetaDataHeader), CreateArrayNode("MetaData Streams", assembly.NETHeader.MetaDataStreams.ToArray(), (obj) => { return(((MetaDataStream)obj).Name); }).AddForEachNode((tag) => { return(tag.Object is TablesHeap ? tag.Object : null); }, (obj) => { return("Tables"); }, TreeNodeType.TablesTree) }), CreateNode("Hex Editor", new DynamicFileByteProvider(assembly.Image.Stream), TreeNodeType.HexBox), CreateNode("Disassembler", assembly.Disassembler, TreeNodeType.Disassembler), }); return(assemblyNode); }
public bool CanLoad(string FName, out string descr) { descr = "TUPLoader"; Win32Assembly asmbl = Win32Assembly.LoadFile(FName); return(asmbl.NTHeader.Signature == ImageSignature.NT); }
public DisassembleDlg(Win32Assembly assembly) { InitializeComponent(); textBox1.Text = assembly.NTHeader.OptionalHeader.FileOffset.ToString("X8"); textBox2.Text = "00000500"; }
/// <summary> /// Creates a new instance of a disassembler, by using an assembly as input. /// </summary> /// <param name="assembly">The assembly to be disassembled.</param> public x86Disassembler(Win32Assembly assembly) : this() { this.reader = assembly._peImage.Reader; this.assembly = assembly; this.IsDynamic = false; }
public MemberResolver(Win32Assembly parentAssembly) { if (parentAssembly.path != "") directory = parentAssembly.path.Substring(0, parentAssembly.path.LastIndexOf('\\')); ResolvedAssemblies = new Dictionary<string, Win32Assembly>(); }
public OffsetEditorDlg(Offset offset, Win32Assembly assembly) { InitializeComponent(); this.offset = offset; this.original = offset; this.assembly = assembly; RefreshTextBoxes(); }
public void SetByteProvider(Win32Assembly assembly, IByteProvider provider) { fileOffsetBox.Clear(); rvaOffsetBox.Clear(); vaOffsetBox.Clear(); this.assembly = assembly; hexBox.ByteProvider = provider; }
internal static PeHeaderReader FromAssembly(Win32Assembly assembly) { PeHeaderReader headerreader = new PeHeaderReader(); headerreader.assembly = assembly; headerreader.image = assembly._peImage; return(headerreader); }
private bool TryGetAssemblyGac(string gacDirectory, string name, out Win32Assembly resolvedAssembly) { resolvedAssembly = null; if (Directory.Exists(gacDirectory)) { return(TryGetAssembly(Directory.GetDirectories(gacDirectory)[0], name, out resolvedAssembly)); } return(false); }
public PEConstructor(Win32Assembly assembly) { OriginalAssembly = assembly; Tasks = new RebuildingTask[] { new PreparationTask(this), new MetaDataBuilderTask(this), new MsilMethodBuilder(this), }; }
public DependencyWalkerDlg(Win32Assembly assembly) { InitializeComponent(); this.assembly = assembly; TreeNode node = new TreeNode(Path.GetFileName(assembly.Path)); foreach (LibraryReference reference in assembly.LibraryImports) { treeView1.Nodes.Add(new TreeNode(reference.LibraryName) { Tag = new AssemblyReference(reference), ImageIndex = 0, SelectedImageIndex = 0 }); } }
/// <summary> /// Gets the Portable Executeable's NT header by specifing the assembly. /// </summary> /// <param name="assembly">The assembly to read the nt header</param> /// <returns></returns> public static NETHeader FromAssembly(Win32Assembly assembly) { NETHeader header = new NETHeader(); header._assembly = assembly; NETHeaderReader reader = new NETHeaderReader(assembly._ntHeader, header); header._metadata = new MetaDataHeader(reader); reader.LoadData(); header.TokenResolver = new MetaDataTokenResolver(header); return(header); }
private void OpenFile(string file, ReadingParameters parameters) { try { Win32Assembly assembly = Win32Assembly.LoadFile(file, parameters); treeView1.Nodes.Add(TreeBuilder.ConstructAssemblyNode(assembly)); } catch (Exception ex) { MessageBox.Show(ex.ToString()); } }
/// <summary> /// Gets the Portable Executeable's NT header by specifing the assembly. /// </summary> /// <param name="assembly">The assembly to read the nt header</param> /// <returns></returns> public static NETHeader FromAssembly(Win32Assembly assembly) { NETHeader header = new NETHeader(); header.assembly = assembly; header.reader = new NETHeaderReader(assembly.ntHeader, header); header.metadata = new MetaDataHeader(header.reader); header.reader.LoadData(); header.flags = header.reader.netHeader.Flags; header.entryPointToken = header.reader.netHeader.EntryPointToken; header.TokenResolver = new MetaDataTokenResolver(header); return(header); }
private bool TryReadAssembly(string file, out Win32Assembly assembly) { assembly = null; try { assembly = Win32Assembly.LoadFile(file); _assemblyCache.Add(file, assembly); return(true); } catch { return(false); } }
internal PEWriter(Win32Assembly original, WritingParameters parameters) { this.OriginalAssembly = original; this.Parameters = parameters; this.Tasks = new IWriterTask[] { new PEReconstructor(this), // Fix all offsets new PEHeaderWriter(this), // Write vital pe headers new SectionWriter(this), // Temp solution to make exe working. Need to be removed once all rebuilding is done, or maybe just write the code section(s). new DataDirectoryWriter(this), // Rewrite data directories that don't need to be rebuilded. new ImportExportWriter(this), // Rewrite exports and imports if specified. new ResourceWriter(this), // Rewrite resources if specified. new ManagedDataWriter(this), // Rewrite managed data if specified. }; }
public void LoadFile(string FName) { byte[] sf_prefixes = new byte[mediana.MAX_INSTRUCTION_LEN]; mediana.INSTRUCTION instr1 = new mediana.INSTRUCTION(); mediana.DISASM_INOUT_PARAMS param = new mediana.DISASM_INOUT_PARAMS(); RaiseLogEvent(this, "Loading " + FName); assembly = Win32Assembly.LoadFile(FName); MeDisasm = new mediana(assembly); int i = 0; foreach (Section sect in assembly.NTHeader.Sections) { RaiseLogEvent(this, i.ToString() + ". Creating a new segment " + sect.RVA.ToString("X8") + " - " + (sect.RVA + sect.VirtualSize).ToString("X8") + "... ... OK"); i++; } TFunc fnc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + assembly.NTHeader.OptionalHeader.Entrypoint.Rva, 0, 0, "main"); param.arch = mediana.ARCH_ALL; param.sf_prefixes = sf_prefixes; param.mode = mediana.DISMODE.DISASSEMBLE_MODE_32; param.options = (byte)(mediana.DISASM_OPTION_APPLY_REL | mediana.DISASM_OPTION_OPTIMIZE_DISP); param.bas = assembly.NTHeader.OptionalHeader.ImageBase; MeDisasm.medi_disassemble(RVA2FO(fnc.Addr), ref instr1, ref param); Console.WriteLine(instr1.mnemonic); //MeDisasm.medi_dump(instr, buff, OUT_BUFF_SIZE, DUMP_OPTION_IMM_UHEX | DUMP_OPTION_DISP_HEX); FullProcList.AddFunc(fnc); foreach (ExportMethod func in assembly.LibraryExports) { TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 2, func.Ordinal, func.Name); FullProcList.AddFunc(tmpfunc); } foreach (LibraryReference lib in assembly.LibraryImports) { foreach (ImportMethod func in lib.ImportMethods) { TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 3, func.Ordinal, func.Name, lib.LibraryName); FullProcList.AddFunc(tmpfunc); } } bw.WorkerSupportsCancellation = true; bw.WorkerReportsProgress = false; bw.DoWork += bw_DoWork; bw.RunWorkerCompleted += bw_RunWorkerCompleted; bw.RunWorkerAsync(); }
private void button1_Click(object sender, EventArgs e) { currentAssembly = connector.CurrentAssembly; if (currentAssembly == null) { MessageBox.Show("Please select a member or assembly.", "String Searcher", MessageBoxButtons.OK, MessageBoxIcon.Information); } else { Thread searchThread = new Thread(SearchAsync) { Priority = (ThreadPriority)comboBox1.SelectedIndex }; searchThread.Start(); } }
public virtual Win32Assembly Resolve(AssemblyReference reference) { Win32Assembly resolvedAssembly = null; string name = reference.Name; if (reference.HasImage && !string.IsNullOrEmpty(reference.NETHeader.ParentAssembly.Path)) { // Check directory of container assembly. TryGetAssembly(Path.GetDirectoryName(reference.NETHeader.ParentAssembly.Path), name, out resolvedAssembly); } if (resolvedAssembly == null) { // Check gac directories. if (!TryGetAssemblyGac(Path.Combine(_gacDirectory, "GAC_64"), name, out resolvedAssembly)) { if (!TryGetAssemblyGac(Path.Combine(_gacDirectory, "GAC_32"), name, out resolvedAssembly)) { TryGetAssemblyGac(Path.Combine(_gacDirectory, "GAC_MSIL"), name, out resolvedAssembly); } } } if (resolvedAssembly == null) { // Check search directories foreach (var directory in SearchDirectories) { if (TryGetAssembly(directory, name, out resolvedAssembly)) { break; } } } if (resolvedAssembly == null) { OnResolutionFailed(reference); } if (resolvedAssembly != null) { _assemblyCache.Add(reference.Name, resolvedAssembly); } return(resolvedAssembly); }
public virtual TypeDefinition ResolveType(TypeReference typeRef) { Win32Assembly targetAssembly = null; typeRef = typeRef.GetElementType(); if (typeRef.IsNested) { var declaringType = ResolveType(typeRef.DeclaringType); foreach (var nestedClass in declaringType.NestedClasses) { if (nestedClass.Class != null && TypeRefsAreEqual(nestedClass.Class, typeRef)) { return(nestedClass.Class); } } } else { if (typeRef.ResolutionScope is AssemblyReference) { targetAssembly = AssemblyResolver.Resolve(typeRef.ResolutionScope as AssemblyReference); } else if (typeRef.ResolutionScope is AssemblyDefinition) { targetAssembly = typeRef.ResolutionScope.NETHeader.ParentAssembly; } else { return(null); } var typesTable = targetAssembly.NETHeader.TablesHeap.GetTable(MetaDataTableType.TypeDef); foreach (TypeDefinition member in typesTable.Members) { if (TypeRefsAreEqual(member, typeRef)) { return(member); } } } return(null); }
public override object EditValue(ITypeDescriptorContext context, IServiceProvider provider, object value) { Win32Assembly assembly = null; if (context.Instance is IHeader) { assembly = (context.Instance as IHeader).ParentAssembly; } else if (context.Instance is DataDirectory) { assembly = (context.Instance as DataDirectory).Section.ParentAssembly; } OffsetEditorDlg dlg = new OffsetEditorDlg(value as Offset, assembly); if (dlg.ShowDialog() == DialogResult.OK) { value = dlg.Offset; } return(value); }
private bool TryGetAssembly(string directory, string name, out Win32Assembly resolvedAssembly) { resolvedAssembly = null; var extensions = new string[] { ".exe", ".dll" }; foreach (var extension in extensions) { string file = Path.Combine(directory, name + extension); if (_assemblyCache.TryGetValue(file, out resolvedAssembly)) { return(true); } if (File.Exists(file)) { return(TryReadAssembly(file, out resolvedAssembly)); } } return(false); }
private bool TryGetAssemblyGac(string gacDirectory, string name, out Win32Assembly resolvedAssembly) { resolvedAssembly = null; string folder = Path.Combine(gacDirectory, name); if (Directory.Exists(folder)) { return TryGetAssembly(Directory.GetDirectories(folder)[0], name, out resolvedAssembly); } return false; }
public AssemblyReference(LibraryReference reference) { this.reference = reference; this.assembly = null; }
private bool TryReadAssembly(string file, out Win32Assembly assembly) { assembly = null; try { assembly = Win32Assembly.LoadFile(file); _assemblyCache.Add(file, assembly); return true; } catch { return false; } }
public IntPtr LoadFile(string FName) { this.FName = FName; asmbly = Win32Assembly.LoadFile(FName); return(IntPtr.Zero); }
/// <summary> /// Creates an instance of a x86 instruction with a single operand. /// </summary> /// <param name="assembly">The parent assembly.</param> /// <param name="opcode">The opcode to use.</param> /// <param name="operand">The operand to use.</param> /// <returns></returns> public static x86Instruction Create(Win32Assembly assembly, x86OpCode opcode, Operand operand) { return Create(assembly, opcode, operand, null); }
private void button2_Click(object sender, EventArgs e) { Win32Assembly assembly; if (treeView1.SelectedNode.Parent == null) assembly = this.assembly; else assembly = ((AssemblyReference)treeView1.SelectedNode.Parent.Tag).assembly; if (assembly != null) { List<DataGridViewColumn> columns = new List<DataGridViewColumn>(); DataGridViewTextBoxColumn column = new DataGridViewTextBoxColumn(); column = new DataGridViewTextBoxColumn(); column.AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill; column.HeaderText = "Name"; columns.Add(column); column = new DataGridViewTextBoxColumn(); column.AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill; column.HeaderText = "Ordinal"; columns.Add(column); column = new DataGridViewTextBoxColumn(); column.AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill; column.HeaderText = "RVA"; columns.Add(column); column = new DataGridViewTextBoxColumn(); column.AutoSizeMode = DataGridViewAutoSizeColumnMode.Fill; column.HeaderText = "Value"; columns.Add(column); List<DataGridViewRow> rows = new List<DataGridViewRow>(); foreach (LibraryReference lib in assembly.LibraryImports) { if (lib.LibraryName == treeView1.SelectedNode.Text) { foreach (ImportMethod meth in lib.ImportMethods) { DataGridViewRow row = new DataGridViewRow(); DataGridViewTextBoxCell cell = new DataGridViewTextBoxCell(); cell.Value = meth.Name; row.Cells.Add(cell); cell = new DataGridViewTextBoxCell(); cell.Value = "0x" + ((long)meth.Ordinal).ToString("x8").ToUpper(); row.Cells.Add(cell); cell = new DataGridViewTextBoxCell(); cell.Value = "0x" + ((long)meth.RVA).ToString("x8").ToUpper(); row.Cells.Add(cell); cell = new DataGridViewTextBoxCell(); cell.Value = "0x" + ((long)meth.OriginalThunkValue).ToString("x8").ToUpper(); row.Cells.Add(cell); rows.Add(row); } } } ListDlg dlg = new ListDlg(columns.ToArray(), rows.ToArray(), "Methods of current dll used by " + Path.GetFileName(assembly.Path), false); dlg.Show(); } }
/// <summary> /// Creates a new instance of the InvalidOpCodeException. /// </summary> /// <param name="message">The message of the error.</param> /// <param name="bytes">The corresponding bytes.</param> /// <param name="assembly">The assembly where the error occured.</param> public InvalidOpCodeException(string message, byte[] bytes, Win32Assembly assembly) : base(message) { this.bytes = bytes; this.assembly = assembly; }
private bool TryGetAssembly(string directory, string name, out Win32Assembly resolvedAssembly) { resolvedAssembly = null; var extensions = new string[] { ".exe", ".dll" }; foreach (var extension in extensions) { string file = Path.Combine(directory, name + extension); if (_assemblyCache.TryGetValue(file, out resolvedAssembly)) return true; if (File.Exists(file)) { return TryReadAssembly(file, out resolvedAssembly); } } return false; }
internal x86Assembler(Win32Assembly assembly) { this.image = assembly.peImage; disassembler = assembly.disassembler; offsetConverter = new OffsetConverter(Section.GetSectionByRva(assembly, assembly.ntHeader.OptionalHeader.BaseOfCode)); }
internal x86Assembler(Win32Assembly assembly) { this.image = assembly.peImage; disassembler = assembly.disassembler; offsetConverter = new OffsetConverter(Section.GetSectionByRva(assembly, assembly.ntheader.OptionalHeader.BaseOfCode)); }
internal x86Instruction(Win32Assembly assembly) { this.assembly = assembly; OpCode = x86OpCodes.Unknown; Offset = new Offset(0, 0,0, OperandType.Normal); }
/// <summary> /// Gets the Portable Executeable's NT header by specifing the assembly. /// </summary> /// <param name="assembly">The assembly to read the nt header</param> /// <returns></returns> public static NETHeader FromAssembly(Win32Assembly assembly) { NETHeader header = new NETHeader(); header.assembly = assembly; header.reader = new NETHeaderReader(assembly.ntHeader, header); header.metadata = new MetaDataHeader(header.reader); header.reader.LoadData(); header.flags = header.reader.netHeader.Flags; header.entryPointToken = header.reader.netHeader.EntryPointToken; header.TokenResolver = new MetaDataTokenResolver(header); return header; }
/// <summary> /// Gets the Portable Executeable's NT header by specifing the assembly. /// </summary> /// <param name="assembly">The assembly to read the nt header</param> /// <returns></returns> public static NETHeader FromAssembly(Win32Assembly assembly) { NETHeader header = new NETHeader(); header._assembly = assembly; NETHeaderReader reader = new NETHeaderReader(assembly._ntHeader, header); header._metadata = new MetaDataHeader(reader); reader.LoadData(); header.TokenResolver = new MetaDataTokenResolver(header); return header; }
/// <summary> /// Creates an instance of a x86 instruction without an operand. /// </summary> /// <param name="assembly">The parent assembly.</param> /// <param name="opcode">The opcode to use.</param> /// <returns></returns> public static x86Instruction Create(Win32Assembly assembly, x86OpCode opcode) { return Create(assembly, opcode, null, null); }
public void SetAssembly(Win32Assembly assembly) { this.assembly = assembly; x86disassembler = assembly.Disassembler; }
/// <summary> /// Creates an instance of a x86 instruction with two operands. /// </summary> /// <param name="assembly">The parent assembly.</param> /// <param name="opcode">The opcode to use.</param> /// <param name="operand1">The first operand to use.</param> /// <param name="operand2">The second operand to use.</param> /// <returns></returns> public static x86Instruction Create(Win32Assembly assembly, x86OpCode opcode, Operand operand1, Operand operand2) { x86Instruction newInstruction = new x86Instruction(assembly); newInstruction.OpCode = opcode; newInstruction.operand1 = operand1; newInstruction.operand2 = operand2; newInstruction.GenerateBytes(); return newInstruction; }
/// <summary> /// Creates a new instance of a disassembler. /// </summary> /// <param name="assembly">The assembly to be disassembled.</param> public x86Disassembler(Win32Assembly assembly) { this.image = assembly.peImage; }
/// <summary> /// Creates a new instance of a disassembler, by using an assembly as input. /// </summary> /// <param name="assembly">The assembly to be disassembled.</param> public x86Disassembler(Win32Assembly assembly) { this.reader = assembly.peImage.Reader; this.assembly = assembly; this.IsDynamic = false; }
/// <summary> /// Creates a new instance of the InvalidInstructionException. /// </summary> /// <param name="message">The message of the error.</param> /// <param name="bytes">The corresponding bytes.</param> /// <param name="assembly">The assembly where the error occured.</param> public InvalidInstructionException(string message, byte[] bytes, Win32Assembly assembly) : base(message) { this.bytes = bytes; this.assembly = assembly; }