public bool CanLoad(string FName, out string descr)
{
descr = "TUPLoader";
Win32Assembly asmbl = Win32Assembly.LoadFile(FName);
return(asmbl.NTHeader.Signature == ImageSignature.NT);
}
private void OpenFile(string file, ReadingParameters parameters)
{
try
{
Win32Assembly assembly = Win32Assembly.LoadFile(file, parameters);
treeView1.Nodes.Add(TreeBuilder.ConstructAssemblyNode(assembly));
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
private bool TryReadAssembly(string file, out Win32Assembly assembly)
{
assembly = null;
try
{
assembly = Win32Assembly.LoadFile(file);
_assemblyCache.Add(file, assembly);
return(true);
}
catch
{
return(false);
}
}
public void LoadFile(string FName)
{
byte[] sf_prefixes = new byte[mediana.MAX_INSTRUCTION_LEN];
mediana.INSTRUCTION instr1 = new mediana.INSTRUCTION();
mediana.DISASM_INOUT_PARAMS param = new mediana.DISASM_INOUT_PARAMS();
RaiseLogEvent(this, "Loading " + FName);
assembly = Win32Assembly.LoadFile(FName);
MeDisasm = new mediana(assembly);
int i = 0;
foreach (Section sect in assembly.NTHeader.Sections)
{
RaiseLogEvent(this, i.ToString() + ". Creating a new segment " + sect.RVA.ToString("X8") + " - " + (sect.RVA + sect.VirtualSize).ToString("X8") + "... ... OK");
i++;
}
TFunc fnc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + assembly.NTHeader.OptionalHeader.Entrypoint.Rva, 0, 0, "main");
param.arch = mediana.ARCH_ALL;
param.sf_prefixes = sf_prefixes;
param.mode = mediana.DISMODE.DISASSEMBLE_MODE_32;
param.options = (byte)(mediana.DISASM_OPTION_APPLY_REL | mediana.DISASM_OPTION_OPTIMIZE_DISP);
param.bas = assembly.NTHeader.OptionalHeader.ImageBase;
MeDisasm.medi_disassemble(RVA2FO(fnc.Addr), ref instr1, ref param);
Console.WriteLine(instr1.mnemonic);
//MeDisasm.medi_dump(instr, buff, OUT_BUFF_SIZE, DUMP_OPTION_IMM_UHEX | DUMP_OPTION_DISP_HEX);
FullProcList.AddFunc(fnc);
foreach (ExportMethod func in assembly.LibraryExports)
{
TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 2, func.Ordinal, func.Name);
FullProcList.AddFunc(tmpfunc);
}
foreach (LibraryReference lib in assembly.LibraryImports)
{
foreach (ImportMethod func in lib.ImportMethods)
{
TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 3, func.Ordinal, func.Name, lib.LibraryName);
FullProcList.AddFunc(tmpfunc);
}
}
bw.WorkerSupportsCancellation = true;
bw.WorkerReportsProgress = false;
bw.DoWork += bw_DoWork;
bw.RunWorkerCompleted += bw_RunWorkerCompleted;
bw.RunWorkerAsync();
}
public IntPtr LoadFile(string FName)
{
this.FName = FName;
asmbly = Win32Assembly.LoadFile(FName);
return(IntPtr.Zero);
}
