public static TreeNode ConstructAssemblyNode(Win32Assembly assembly)
{
TreeNode assemblyNode = CreateNode(assembly.Path.Substring(assembly.Path.LastIndexOf('\\') + 1), assembly);
assemblyNode.Nodes.AddRange(new TreeNode[] {
CreateNode("Dos Header", assembly.MZHeader),
CreateNode("NT Header", assembly.NTHeader).AddSubNodes(new TreeNode[] {
CreateNode("File Header", assembly.NTHeader.FileHeader),
CreateNode("Optional Header", assembly.NTHeader.OptionalHeader).AddSubNodes(new TreeNode[] {
CreateArrayNode("Data Directories", assembly.NTHeader.OptionalHeader.DataDirectories, (obj) => { return ((DataDirectory)obj).Name.ToString(); }),
})
}),
CreateArrayNode("Sections", assembly.NTHeader.Sections),
CreateArrayNode("Export Directory", assembly.LibraryExports.ToArray()),
CreateArrayNode("Import Directory", assembly.LibraryImports.ToArray(), (obj) => { return ((LibraryReference)obj).LibraryName; }).AddForEachNode((tag) => { return ((LibraryReference)tag.Object).ImportMethods; }, (obj) => { return ((ImportMethod)obj).Name;}),
CreateNode("Resource Directory", assembly.RootResourceDirectory),
CreateNode(".NET Directory", assembly.NETHeader, ()=> { return assembly.NTHeader.IsManagedAssembly; }).AddSubNodes(new TreeNode[] {
CreateNode("MetaData Header", assembly.NETHeader.MetaDataHeader),
CreateArrayNode("MetaData Streams", assembly.NETHeader.MetaDataStreams, (obj) => { return ((MetaDataStream)obj).Name; }).MakeOtherType((obj) => { return obj is TablesHeap;}, TreeNodeType.TablesTree),
}),
CreateNode("Hex Editor", new DynamicFileByteProvider(assembly.Image.Stream), TreeNodeType.HexBox),
CreateNode("Disassembler", assembly.Disassembler, TreeNodeType.Disassembler),
});
return assemblyNode;
}
private static OffsetConverter CreateConverter(Win32Assembly assembly, ulong offset, int type)
{
OffsetConverter converter;
switch (type)
{
case 2:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset));
break;
case 3:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly.ntHeader.OptionalHeader.ImageBase)));
break;
default: // case 1:
converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset));
break;
}
if (converter.TargetSection == null)
{
converter = new OffsetConverter(assembly);
}
return(converter);
}
/// <summary>
/// Creates an instance of an offset by specifying a raw offset.
/// </summary>
/// <param name="rawoffset">The file offset.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromFileOffset(uint rawoffset, Win32Assembly assembly)
{
if (rawoffset == 0)
return new Offset(0, 0, 0, ASM.OperandType.Normal);
OffsetConverter offsetconverter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, rawoffset));
return new Offset(rawoffset, offsetconverter.FileOffsetToRva(rawoffset), offsetconverter.FileOffsetToVa(rawoffset), ASM.OperandType.Normal);
}
/// <summary>
/// Gets the Portable Executeable's MZ header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the mz header</param>
/// <returns></returns>
public static MZHeader FromAssembly(Win32Assembly assembly)
{
MZHeader a = new MZHeader();
a._assembly = assembly;
return(a);
}
public OffsetEditorDlg(Offset offset, Win32Assembly assembly)
{
InitializeComponent();
this.offset = offset;
this.original = offset;
this.assembly = assembly;
RefreshTextBoxes();
}
/// <summary>
/// Gets the Portable Executeable's file header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the mz header</param>
/// <returns></returns>
public static FileHeader FromAssembly(Win32Assembly assembly)
{
FileHeader a = new FileHeader();
a.assembly = assembly;
a.header = assembly.headerReader;
return(a);
}
/// <summary>
/// Gets the 64 bit optional header by specifing a 64 bit assembly.
/// </summary>
/// <param name="assembly">The assembly to read the optional header</param>
/// <returns></returns>
public static OptionalHeader64 FromAssembly(Win32Assembly assembly)
{
OptionalHeader64 a = new OptionalHeader64();
a.assembly = assembly;
a.header = assembly.headerReader;
return(a);
}
/// <summary>
/// Converts the offset to an Ascii String pointer.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public ulong ToAsciiStringPtr(Win32Assembly assembly)
{
Section targetsection = Section.GetSectionByRva(assembly, Rva);
ulong stroffset = Va - assembly.ntHeader.OptionalHeader.ImageBase - targetsection.RVA + targetsection.RawOffset;
// if (stroffset < 0)
// throw new ArgumentException("The target offset is not a valid offset to a string");
return(stroffset);
}
internal Section(Win32Assembly assembly,
uint headeroffset,
Structures.IMAGE_SECTION_HEADER rawHeader)
{
this._rawHeader = rawHeader;
this.headeroffset = headeroffset;
this.assembly = assembly;
this.HasImage = true;
}
internal Section(Win32Assembly assembly,
uint headeroffset,
Structures.IMAGE_SECTION_HEADER rawHeader)
{
this._rawHeader = rawHeader;
this.headeroffset = headeroffset;
this.assembly = assembly;
this.HasImage = true;
}
/// <summary>
/// Creates an instance of an offset by specifying a raw offset.
/// </summary>
/// <param name="rawoffset">The file offset.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromFileOffset(uint rawoffset, Win32Assembly assembly)
{
if (rawoffset == 0)
return new Offset(0, 0, 0);
if (assembly == null)
return new Offset(rawoffset, 0, 0);
OffsetConverter offsetconverter = CreateConverter(assembly, rawoffset, 1);
return new Offset(rawoffset, offsetconverter.FileOffsetToRva(rawoffset), offsetconverter.FileOffsetToVa(rawoffset));
}
// /// <summary>
// /// Gets the address of the library reference in the portable executable file.
// /// </summary>
// public uint Address
// {
// get { return rawDescriptor.; }
// }
/// <summary>
/// Resolves the asembly by checking the directory of the assembly, the system directories and the current directory.
/// </summary>
/// <param name="parentAssembly">The parent assembly to search from. You can fill in a null value, but it can influent the result.</param>
/// <param name="disableWOW64Redirection">Disables WOW64 layer redirections to get access 64 bit directories. Default value is true.</param>
/// <returns></returns>
public Win32Assembly Resolve(Win32Assembly parentAssembly, bool disableWOW64Redirection = true)
{
Win32Assembly assembly;
if (disableWOW64Redirection)
ASMGlobals.Wow64EnableWow64FsRedirection(false);
try
{
string actualpath = "";
if (parentAssembly != null)
{
string path = parentAssembly._path.Substring(0, parentAssembly._path.LastIndexOf("\\"));
if (File.Exists(path + "\\" + LibraryName))
{
actualpath = path + "\\" + LibraryName;
goto things;
}
}
if (parentAssembly._ntHeader.OptionalHeader.Is32Bit)
{
if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName))
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName;
}
else if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName))
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName;
if (actualpath == "" & File.Exists(Environment.CurrentDirectory + "\\" + LibraryName))
actualpath = Environment.CurrentDirectory + "\\" + LibraryName;
things:
if (actualpath == "")
throw new Exceptions.ResolveException(new FileNotFoundException("The target application can not be found."));
try
{
assembly = Win32Assembly.LoadFile(actualpath);
}
catch (Exception ex)
{
throw new Exceptions.ResolveException(ex);
}
}
catch
{
if (disableWOW64Redirection)
ASMGlobals.Wow64EnableWow64FsRedirection(true);
throw;
}
finally
{
if (disableWOW64Redirection)
ASMGlobals.Wow64EnableWow64FsRedirection(true);
}
return assembly;
}
/// <summary>
/// Gets the Portable Executeable's NT header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the nt header</param>
/// <returns></returns>
public static NTHeader FromAssembly(Win32Assembly assembly)
{
NTHeader a = new NTHeader();
a.assembly = assembly;
a.file = assembly.path;
a.header = assembly.headerReader;
a.fheader = FileHeader.FromAssembly(assembly);
return(a);
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address.
/// </summary>
/// <param name="va">The virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromVa(ulong va, Win32Assembly assembly)
{
if (va == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(0, 0, va));
}
OffsetConverter offsetconverter = CreateConverter(assembly, va, 3);
return(new Offset(offsetconverter.VaToFileOffset(va), offsetconverter.VaToRva(va), va));
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address that is relative to a section.
/// </summary>
/// <param name="rva">The relative virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromRva(uint rva, Win32Assembly assembly)
{
if (rva == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(0, rva, 0));
}
OffsetConverter offsetconverter = CreateConverter(assembly, rva, 2);
return(new Offset(offsetconverter.RvaToFileOffset(rva), rva, offsetconverter.RvaToVa(rva)));
}
/// <summary>
/// Creates an instance of an offset by specifying a raw offset.
/// </summary>
/// <param name="rawoffset">The file offset.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromFileOffset(uint rawoffset, Win32Assembly assembly)
{
if (rawoffset == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(rawoffset, 0, 0));
}
OffsetConverter offsetconverter = CreateConverter(assembly, rawoffset, 1);
return(new Offset(rawoffset, offsetconverter.FileOffsetToRva(rawoffset), offsetconverter.FileOffsetToVa(rawoffset)));
}
private void button1_Click(object sender, EventArgs e)
{
currentAssembly = connector.CurrentAssembly;
if (currentAssembly == null)
{
MessageBox.Show("Please select a member or assembly.", "String Searcher", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
Thread searchThread = new Thread(SearchAsync)
{
Priority = (ThreadPriority)comboBox1.SelectedIndex
};
searchThread.Start();
}
}
internal Section(Win32Assembly assembly,
uint headeroffset,
string name,
uint roffset,
uint rsize,
uint voffset,
uint vsize,
uint flags)
{
this.name = name;
this.roffset = roffset;
this.rsize = rsize;
this.voffset = voffset;
this.vsize = vsize;
this.flags = flags;
this.headeroffset = headeroffset;
this.assembly = assembly;
}
internal Section(PE.PeHeaderReader reader,
uint headeroffset,
string name,
uint roffset,
uint rsize,
uint voffset,
uint vsize,
uint flags)
{
this.name = name;
this.roffset = roffset;
this.rsize = rsize;
this.voffset = voffset;
this.vsize = vsize;
this.flags = flags;
this.headeroffset = headeroffset;
this.headerreader = reader;
assembly = reader.assembly;
}
/// <summary>
/// Loads an assembly from a specific file using the specific reading parameters.
/// </summary>
/// <param name="file">The file to read.</param>
/// <param name="arguments">The reading parameters to use.</param>
/// <returns></returns>
/// <exception cref="System.BadImageFormatException"></exception>
public static Win32Assembly LoadFile(string file, ReadingParameters arguments)
{
try
{
Win32Assembly a = new Win32Assembly();
a.path = file;
a.ReadingArguments = arguments;
a.peImage = PeImage.LoadFromAssembly(a);
a.headerReader = PeHeaderReader.FromAssembly(a);
a.ntHeader = NTHeader.FromAssembly(a);
a.mzHeader = MZHeader.FromAssembly(a);
a.headerReader.LoadData(arguments.IgnoreDataDirectoryAmount);
if (!arguments.OnlyManaged)
{
a.disassembler = new x86Disassembler(a);
a.assembler = new x86Assembler(a);
a.importExportTableReader = new ImportExportTableReader(a.ntHeader);
a.resourcesReader = new ResourcesReader(a.ntHeader);
}
a.netHeader = NETHeader.FromAssembly(a);
a.peImage.SetOffset(a.ntHeader.OptionalHeader.HeaderSize);
return(a);
}
catch (Exception ex)
{
if (ex is AccessViolationException || ex is FileNotFoundException)
{
throw;
}
throw new BadImageFormatException("The file is not a valid Portable Executable File.", ex);
}
}
/// <summary>
/// Converts the offset to an imported or exported method/
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public IMethod ToMethod(Win32Assembly assembly)
{
foreach (LibraryReference lib in assembly.LibraryImports)
{
foreach (ImportMethod method in lib.ImportMethods)
{
if (method.RVA + assembly.ntHeader.OptionalHeader.ImageBase == Va)
{
return(method);
}
}
}
foreach (ExportMethod method in assembly.LibraryExports)
{
if (Va == method.RVA + assembly.ntHeader.OptionalHeader.ImageBase)
{
return(method);
}
}
throw new ArgumentException("No matching method has been found.");
}
/// <summary>
/// Converts the offset to an imported or exported method/
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public IMethod ToMethod(Win32Assembly assembly)
{
foreach (LibraryReference lib in assembly.LibraryImports)
foreach (ImportMethod method in lib.ImportMethods)
{
if (method.RVA + assembly._ntHeader.OptionalHeader.ImageBase == Va)
return method;
}
foreach (ExportMethod method in assembly.LibraryExports)
{
if (Va == method.RVA + assembly._ntHeader.OptionalHeader.ImageBase)
return method;
}
throw new ArgumentException("No matching method has been found.");
}
/// <summary>
/// Gets the section of an assembly by it's virtual offset.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="va">The virtual offset to search for.</param>
/// <returns></returns>
public static Section GetSectionByRva(Win32Assembly assembly, uint va)
{
return GetSectionByRva(assembly.ntheader.Sections, va);
}
/// <summary>
/// Gets the last section of an assembly that contains the specified flag
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="characteristics">The flag to search for.</param>
/// <returns></returns>
public static Section GetLastSectionByFlag(Win32Assembly assembly, SectionFlags characteristics)
{
return(GetLastSectionByFlag(assembly._ntHeader.Sections, characteristics));
}
/// <summary>
/// Loads an assembly from a specific file.
/// </summary>
/// <param name="file">The file to read.</param>
/// <returns></returns>
/// <exception cref="System.BadImageFormatException"></exception>
public static Win32Assembly LoadFile(string file, ReadingArguments arguments)
{
try
{
Win32Assembly a = new Win32Assembly();
a.path = file;
a.ReadingArguments = arguments;
a.peImage = PeImage.LoadFromAssembly(a);
a.headerreader = PeHeaderReader.FromAssembly(a);
a.ntheader = NTHeader.FromAssembly(a);
a.mzheader = MZHeader.FromAssembly(a);
a.headerreader.LoadData(arguments.IgnoreDataDirectoryAmount);
if (!arguments.OnlyManaged)
{
a.disassembler = new x86Disassembler(a);
a.Assembler = new x86Assembler(a);
a.importexporttablereader = new ImportExportTableReader(a.ntheader);
a.resourcesreader = new ResourcesReader(a.ntheader);
}
a.netheader = NETHeader.FromAssembly(a);
a.peImage.SetOffset(a.ntheader.OptionalHeader.HeaderSize);
return a;
}
catch (Exception ex)
{
throw new BadImageFormatException("The file is not a valid Portable Executable File.", ex);
}
}
/// <summary>
/// Converts the offset to an instruction.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public x86Instruction ToInstruction(Win32Assembly assembly)
{
return(assembly.disassembler.Disassemble(FileOffset, 10)[0]);
}
/// <summary>
/// Gets the section of an assembly by it's raw offset.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="rawoffset">The raw offset to search for.</param>
/// <returns></returns>
public static Section GetSectionByFileOffset(Win32Assembly assembly, uint rawoffset)
{
return(GetSectionByFileOffset(assembly._ntHeader.Sections, rawoffset));
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address.
/// </summary>
/// <param name="va">The virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromVa(ulong va, Win32Assembly assembly)
{
if (va == 0)
return new Offset(0, 0, 0);
if (assembly == null)
return new Offset(0, 0, va);
OffsetConverter offsetconverter = CreateConverter(assembly, va, 3);
return new Offset(offsetconverter.VaToFileOffset(va), offsetconverter.VaToRva(va), va);
}
/// <summary>
/// Gets the Portable Executeable's MZ header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the mz header</param>
/// <returns></returns>
public static MZHeader FromAssembly(Win32Assembly assembly)
{
MZHeader a = new MZHeader();
a.assembly = assembly;
return a;
}
/// <summary>
/// Converts the offset to an Ascii string.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public string ToAsciiString(Win32Assembly assembly)
{
return assembly._peImage.ReadZeroTerminatedString((uint)this.ToAsciiStringPtr(assembly));
}
/// <summary>
/// Converts the offset to an Ascii string.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public string ToAsciiString(Win32Assembly assembly)
{
return(assembly.peImage.ReadZeroTerminatedString((uint)this.ToAsciiStringPtr(assembly)));
}
/// <summary>
/// Converts the offset to an Ascii String pointer.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public ulong ToAsciiStringPtr(Win32Assembly assembly)
{
Section targetsection = Section.GetSectionByRva(assembly, Rva);
ulong stroffset = Va - assembly._ntHeader.OptionalHeader.ImageBase - targetsection.RVA + targetsection.RawOffset;
// if (stroffset < 0)
// throw new ArgumentException("The target offset is not a valid offset to a string");
return stroffset;
}
/// <summary>
/// Converts the offset to an instruction.
/// </summary>
/// <param name="assembly">The assembly that contains the offset</param>
/// <returns></returns>
public x86Instruction ToInstruction(Win32Assembly assembly)
{
return assembly._disassembler.Disassemble(FileOffset, 10)[0];
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address that is relative to a section.
/// </summary>
/// <param name="rva">The relative virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromRva(uint rva, Win32Assembly assembly)
{
if (rva == 0)
return new Offset(0, 0, 0);
if (assembly == null)
return new Offset(0, rva, 0);
OffsetConverter offsetconverter = CreateConverter(assembly, rva, 2);
return new Offset(offsetconverter.RvaToFileOffset(rva), rva, offsetconverter.RvaToVa(rva));
}
public IntPtr LoadFile(string FName)
{
this.FName = FName;
asmbly = Win32Assembly.LoadFile(FName);
return IntPtr.Zero;
}
/// <summary>
/// Gets the Portable Executeable's NT header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the nt header</param>
/// <returns></returns>
public static NTHeader FromAssembly(Win32Assembly assembly)
{
NTHeader a = new NTHeader();
a.assembly = assembly;
a.file = assembly.path;
a.header = assembly.headerreader;
a.fheader = FileHeader.FromAssembly(assembly);
return a;
}
public void SetAssembly(Win32Assembly assembly)
{
this.assembly = assembly;
x86disassembler = assembly.Disassembler;
}
/// <summary>
/// Gets the Portable Executeable's file header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the mz header</param>
/// <returns></returns>
public static FileHeader FromAssembly(Win32Assembly assembly)
{
FileHeader a = new FileHeader();
a.assembly = assembly;
a.header = assembly.headerReader;
return a;
}
/// <summary>
/// Gets the Portable Executeable's NT header by specifing the assembly.
/// </summary>
/// <param name="assembly">The assembly to read the nt header</param>
/// <returns></returns>
public static NTHeader FromAssembly(Win32Assembly assembly)
{
NTHeader a = new NTHeader();
a._assembly = assembly;
a._file = assembly._path;
a._header = assembly._headerReader;
a._fheader = FileHeader.FromAssembly(assembly);
return a;
}
private void OpenFile(string file)
{
listView1.Items.Clear();
Wow64EnableWow64FsRedirection(false);
loadedAssembly = Win32Assembly.LoadFile(file, new ReadingArguments() { IgnoreDataDirectoryAmount = true });
Wow64EnableWow64FsRedirection(true);
Text = "TUP.AsmResolver Preview Application - [" + Path.GetFileName(loadedAssembly.Path) + "]";
}
/// <summary>
/// Gets the section of an assembly by it's name.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="sectionname">The section name to search for.</param>
/// <returns></returns>
public static Section GetSectionByName(Win32Assembly assembly, string sectionname)
{
return(GetSectionByName(assembly.NTHeader.Sections, sectionname));
}
/// <summary>
/// Gets the last section of an assembly that contains the specified flag
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="characteristics">The flag to search for.</param>
/// <returns></returns>
public static Section GetLastSectionByFlag(Win32Assembly assembly, SectionFlags characteristics)
{
return GetLastSectionByFlag(assembly.ntheader.Sections, characteristics);
}
/// <summary>
/// Gets the section of an assembly by it's virtual offset.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="va">The virtual offset to search for.</param>
/// <returns></returns>
public static Section GetSectionByRva(Win32Assembly assembly, uint va)
{
return(GetSectionByRva(assembly._ntHeader.Sections, va));
}
/// <summary>
/// Gets the section of an assembly by it's raw offset.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="rawoffset">The raw offset to search for.</param>
/// <returns></returns>
public static Section GetSectionByFileOffset(Win32Assembly assembly, uint rawoffset)
{
return GetSectionByFileOffset(assembly.ntheader.Sections, rawoffset);
}
/// <summary>
/// Gets the 32 bit optional header by specifing a 32 bit assembly.
/// </summary>
/// <param name="assembly">The assembly to read the optional header</param>
/// <returns></returns>
public static OptionalHeader32 FromAssembly(Win32Assembly assembly)
{
OptionalHeader32 a = new OptionalHeader32();
a.assembly = assembly;
a.header = assembly.headerReader;
return a;
}
/// <summary>
/// Gets the section of an assembly by it's name.
/// </summary>
/// <param name="assembly">The assembly to search in.</param>
/// <param name="sectionname">The section name to search for.</param>
/// <returns></returns>
public static Section GetSectionByName(Win32Assembly assembly, string sectionname)
{
return GetSectionByName(assembly.NTHeader.Sections, sectionname);
}
public OffsetConverter(Win32Assembly assembly)
{
TargetSection = new Section(assembly, 0, default(Structures.IMAGE_SECTION_HEADER));
}
private static OffsetConverter CreateConverter(Win32Assembly assembly, ulong offset, int type)
{
OffsetConverter converter;
switch (type)
{
case 2:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset));
break;
case 3:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly._ntHeader.OptionalHeader.ImageBase)));
break;
default: // case 1:
converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset));
break;
}
if (converter.TargetSection == null)
converter = new OffsetConverter(assembly);
return converter;
}
public OffsetConverter(Win32Assembly assembly)
{
TargetSection = new Section(assembly, 0, default(Structures.IMAGE_SECTION_HEADER));
}
// /// <summary>
// /// Gets the address of the library reference in the portable executable file.
// /// </summary>
// public uint Address
// {
// get { return rawDescriptor.; }
// }
/// <summary>
/// Resolves the asembly by checking the directory of the assembly, the system directories and the current directory.
/// </summary>
/// <param name="parentAssembly">The parent assembly to search from. You can fill in a null value, but it can influent the result.</param>
/// <param name="disableWOW64Redirection">Disables WOW64 layer redirections to get access 64 bit directories. Default value is true.</param>
/// <returns></returns>
public Win32Assembly Resolve(Win32Assembly parentAssembly, bool disableWOW64Redirection = true)
{
Win32Assembly assembly;
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(false);
}
try
{
string actualpath = "";
if (parentAssembly != null)
{
string path = parentAssembly._path.Substring(0, parentAssembly._path.LastIndexOf("\\"));
if (File.Exists(path + "\\" + LibraryName))
{
actualpath = path + "\\" + LibraryName;
goto things;
}
}
if (parentAssembly._ntHeader.OptionalHeader.Is32Bit)
{
if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName))
{
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName;
}
}
else if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName))
{
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName;
}
if (actualpath == "" & File.Exists(Environment.CurrentDirectory + "\\" + LibraryName))
{
actualpath = Environment.CurrentDirectory + "\\" + LibraryName;
}
things:
if (actualpath == "")
{
throw new Exceptions.ResolveException(new FileNotFoundException("The target application can not be found."));
}
try
{
assembly = Win32Assembly.LoadFile(actualpath);
}
catch (Exception ex)
{
throw new Exceptions.ResolveException(ex);
}
}
catch
{
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(true);
}
throw;
}
finally
{
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(true);
}
}
return(assembly);
}