public bool CanLoad(string FName, out string descr) { descr = "TUPLoader"; Win32Assembly asmbl = Win32Assembly.LoadFile(FName); return(asmbl.NTHeader.Signature == ImageSignature.NT); }
private void OpenFile(string file, ReadingParameters parameters) { try { Win32Assembly assembly = Win32Assembly.LoadFile(file, parameters); treeView1.Nodes.Add(TreeBuilder.ConstructAssemblyNode(assembly)); } catch (Exception ex) { MessageBox.Show(ex.ToString()); } }
private bool TryReadAssembly(string file, out Win32Assembly assembly) { assembly = null; try { assembly = Win32Assembly.LoadFile(file); _assemblyCache.Add(file, assembly); return(true); } catch { return(false); } }
public void LoadFile(string FName) { byte[] sf_prefixes = new byte[mediana.MAX_INSTRUCTION_LEN]; mediana.INSTRUCTION instr1 = new mediana.INSTRUCTION(); mediana.DISASM_INOUT_PARAMS param = new mediana.DISASM_INOUT_PARAMS(); RaiseLogEvent(this, "Loading " + FName); assembly = Win32Assembly.LoadFile(FName); MeDisasm = new mediana(assembly); int i = 0; foreach (Section sect in assembly.NTHeader.Sections) { RaiseLogEvent(this, i.ToString() + ". Creating a new segment " + sect.RVA.ToString("X8") + " - " + (sect.RVA + sect.VirtualSize).ToString("X8") + "... ... OK"); i++; } TFunc fnc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + assembly.NTHeader.OptionalHeader.Entrypoint.Rva, 0, 0, "main"); param.arch = mediana.ARCH_ALL; param.sf_prefixes = sf_prefixes; param.mode = mediana.DISMODE.DISASSEMBLE_MODE_32; param.options = (byte)(mediana.DISASM_OPTION_APPLY_REL | mediana.DISASM_OPTION_OPTIMIZE_DISP); param.bas = assembly.NTHeader.OptionalHeader.ImageBase; MeDisasm.medi_disassemble(RVA2FO(fnc.Addr), ref instr1, ref param); Console.WriteLine(instr1.mnemonic); //MeDisasm.medi_dump(instr, buff, OUT_BUFF_SIZE, DUMP_OPTION_IMM_UHEX | DUMP_OPTION_DISP_HEX); FullProcList.AddFunc(fnc); foreach (ExportMethod func in assembly.LibraryExports) { TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 2, func.Ordinal, func.Name); FullProcList.AddFunc(tmpfunc); } foreach (LibraryReference lib in assembly.LibraryImports) { foreach (ImportMethod func in lib.ImportMethods) { TFunc tmpfunc = new TFunc((uint)assembly.NTHeader.OptionalHeader.ImageBase + func.RVA, 3, func.Ordinal, func.Name, lib.LibraryName); FullProcList.AddFunc(tmpfunc); } } bw.WorkerSupportsCancellation = true; bw.WorkerReportsProgress = false; bw.DoWork += bw_DoWork; bw.RunWorkerCompleted += bw_RunWorkerCompleted; bw.RunWorkerAsync(); }
public IntPtr LoadFile(string FName) { this.FName = FName; asmbly = Win32Assembly.LoadFile(FName); return(IntPtr.Zero); }