public static List <ImportedDLL> ParseImportTableLog()
{
string[] lines_log = (Properties.Resources._01).Split(Environment.NewLine.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
List <ImportedDLL> import_info = new List <ImportedDLL>();
int module_count = 1;
int total_func_count = 1;
for (int i = 0; i < lines_log.Length; i++)
{
if (lines_log[i] == Convert.ToString(module_count) &&
(lines_log[i + 1].Contains(".dll") || lines_log[i + 1].Contains(".drv") || lines_log[i + 1].Contains(".exe")))
{
ImportedDLL imp_dll = new ImportedDLL();
imp_dll.DLL_IMPORTED_FUNCTIONS = new List <ImportedFUNC>();
imp_dll.DLL_NAME = lines_log[++i];
++i;
imp_dll.DLL_IMPORTED_FUNCTION_COUNT = Int32.Parse(lines_log[++i]);
++i;
imp_dll.DLL_PR_FOUND_IN_EXE = Double.Parse(lines_log[++i].TrimEnd('%'));
imp_dll.DLL_PR_TOTAL_FUNC_IN_EXE = Double.Parse(lines_log[++i].TrimEnd('%'));
++i;
module_count++;
int func_count = 1;
__continue_fill:
{
for (int x = i; x < (i + (6 * imp_dll.DLL_IMPORTED_FUNCTION_COUNT)); x++)
{
if (lines_log[x] == string.Concat(func_count, " | ", total_func_count))
{
ImportedFUNC imp_func = new ImportedFUNC();
imp_func.FUNC_NAME = lines_log[++x];
++x;
imp_func.FUNC_PR_FOR_CURRENT_MODULE = Double.Parse(lines_log[++x].TrimEnd('%'));
imp_func.FUNC_PR_ALL_EXE = Double.Parse(lines_log[++x].TrimEnd('%'));
++x;
imp_dll.DLL_IMPORTED_FUNCTIONS.Add(imp_func);
func_count++;
total_func_count++;
goto __continue_fill;
}
}
}
import_info.Add(imp_dll);
}
}
// check for ordinals
//List<ImportedDLL> non_ordinal_import_info = new List<ImportedDLL>();
// okay
// i need to remove all instances of
// import_info -> DLLS -> Imported Functions -> Where Imported Function.Name.StartsWith("0x")
foreach (ImportedDLL DLL in import_info)
{
ImportedFUNC[] items = DLL.DLL_IMPORTED_FUNCTIONS.Where(a => a.FUNC_NAME.StartsWith("0x")).ToArray <ImportedFUNC>();
foreach (ImportedFUNC i in items)
{
DLL.DLL_IMPORTED_FUNCTIONS.Remove(i);
}
}
import_info = import_info.Where(X => !X.DLL_NAME.Contains("oleaut32.dll")).ToList <ImportedDLL>();
import_info = import_info.Where(X => !X.DLL_NAME.Contains("atl.dll")).ToList <ImportedDLL>();
import_info = import_info.Where(X => !X.DLL_NAME.Contains("msvcrt.dll")).ToList <ImportedDLL>();
return(import_info);
}
public static List<ImportedDLL> ParseImportTableLog()
{
string[] lines_log = (Properties.Resources._01).Split(Environment.NewLine.ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
List<ImportedDLL> import_info = new List<ImportedDLL>();
int module_count = 1;
int total_func_count = 1;
for (int i = 0; i < lines_log.Length; i++)
{
if (lines_log[i] == Convert.ToString(module_count) &&
(lines_log[i + 1].Contains(".dll") || lines_log[i + 1].Contains(".drv") || lines_log[i + 1].Contains(".exe")))
{
ImportedDLL imp_dll = new ImportedDLL();
imp_dll.DLL_IMPORTED_FUNCTIONS = new List<ImportedFUNC>();
imp_dll.DLL_NAME = lines_log[++i];
++i;
imp_dll.DLL_IMPORTED_FUNCTION_COUNT = Int32.Parse(lines_log[++i]);
++i;
imp_dll.DLL_PR_FOUND_IN_EXE = Double.Parse(lines_log[++i].TrimEnd('%'));
imp_dll.DLL_PR_TOTAL_FUNC_IN_EXE = Double.Parse(lines_log[++i].TrimEnd('%'));
++i;
module_count++;
int func_count = 1;
__continue_fill:
{
for (int x = i; x < (i + (6 * imp_dll.DLL_IMPORTED_FUNCTION_COUNT)); x++)
{
if (lines_log[x] == string.Concat(func_count, " | ", total_func_count))
{
ImportedFUNC imp_func = new ImportedFUNC();
imp_func.FUNC_NAME = lines_log[++x];
++x;
imp_func.FUNC_PR_FOR_CURRENT_MODULE = Double.Parse(lines_log[++x].TrimEnd('%'));
imp_func.FUNC_PR_ALL_EXE = Double.Parse(lines_log[++x].TrimEnd('%'));
++x;
imp_dll.DLL_IMPORTED_FUNCTIONS.Add(imp_func);
func_count++;
total_func_count++;
goto __continue_fill;
}
}
}
import_info.Add(imp_dll);
}
}
// check for ordinals
//List<ImportedDLL> non_ordinal_import_info = new List<ImportedDLL>();
// okay
// i need to remove all instances of
// import_info -> DLLS -> Imported Functions -> Where Imported Function.Name.StartsWith("0x")
foreach (ImportedDLL DLL in import_info)
{
ImportedFUNC[] items = DLL.DLL_IMPORTED_FUNCTIONS.Where(a => a.FUNC_NAME.StartsWith("0x")).ToArray<ImportedFUNC>();
foreach (ImportedFUNC i in items) DLL.DLL_IMPORTED_FUNCTIONS.Remove(i);
}
import_info = import_info.Where(X => !X.DLL_NAME.Contains("oleaut32.dll")).ToList<ImportedDLL>();
import_info = import_info.Where(X => !X.DLL_NAME.Contains("atl.dll")).ToList<ImportedDLL>();
import_info = import_info.Where(X => !X.DLL_NAME.Contains("msvcrt.dll")).ToList<ImportedDLL>();
return import_info;
}