private async Task ParseOrBindMoniker(bool bind)
{
using (BuildMonikerForm frm = new BuildMonikerForm(_last_moniker))
{
if (frm.ShowDialog(this) == DialogResult.OK)
{
try
{
_last_moniker = frm.MonikerString;
object comObj = frm.Moniker;
if (bind)
{
Guid iid = COMInterfaceEntry.IID_IUnknown;
frm.Moniker.BindToObject(frm.BindContext, null, ref iid, out comObj);
}
if (comObj != null)
{
await OpenObjectInformation(comObj, _last_moniker);
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
}
}
private void btnOK_Click(object sender, EventArgs e)
{
try
{
IBindCtx bind_context = COMUtilities.CreateBindCtx(0);
if (checkBoxParseComposite.Checked)
{
foreach (string m in textBoxMoniker.Text.Split('!'))
{
IMoniker moniker = ParseMoniker(bind_context, m);
if (Moniker != null)
{
Moniker.ComposeWith(moniker, false, out moniker);
}
Moniker = moniker;
}
}
else
{
Moniker = ParseMoniker(bind_context, textBoxMoniker.Text);
}
MonikerString = textBoxMoniker.Text;
BindContext = bind_context;
DialogResult = DialogResult.OK;
Close();
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void viewProxyDefinitionToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
ListView view = GetListViewForMenu(sender);
if (view != null && view.SelectedIndices.Count > 0)
{
ListViewItem item = view.SelectedItems[0];
Tuple <COMInterfaceInstance, COMInterfaceEntry> intf =
item.Tag as Tuple <COMInterfaceInstance, COMInterfaceEntry>;
if (m_registry.Clsids.ContainsKey(intf.Item2.ProxyClsid))
{
COMCLSIDEntry clsid = m_registry.Clsids[intf.Item2.ProxyClsid];
using (var resolver = EntryPoint.GetProxyParserSymbolResolver())
{
EntryPoint.GetMainForm(m_registry).HostControl(new TypeLibControl(m_registry,
Path.GetFileName(clsid.DefaultServer), COMProxyInstance.GetFromCLSID(clsid, resolver), intf.Item1.Iid));
}
}
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void btnOK_Click(object sender, EventArgs e)
{
bool valid_dll = false;
try
{
using (SafeLoadLibraryHandle lib = SafeLoadLibraryHandle.LoadLibrary(textBoxDbgHelp.Text))
{
if (lib.GetProcAddress("SymInitializeW") != IntPtr.Zero)
{
valid_dll = true;
}
}
}
catch (Win32Exception)
{
}
if (!valid_dll)
{
MessageBox.Show(this, "Invalid DBGHELP.DLL file", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (Environment.Is64BitProcess)
{
Properties.Settings.Default.DbgHelpPath64 = textBoxDbgHelp.Text;
Properties.Settings.Default.DatabasePath64 = textBoxDatabasePath.Text;
Properties.Settings.Default.EnableLoadOnStart64 = checkBoxEnableLoadOnStart.Checked;
Properties.Settings.Default.EnableSaveOnExit64 = checkBoxEnableSaveOnExit.Checked;
}
else
{
Properties.Settings.Default.DbgHelpPath32 = textBoxDbgHelp.Text;
Properties.Settings.Default.DatabasePath32 = textBoxDatabasePath.Text;
Properties.Settings.Default.EnableLoadOnStart32 = checkBoxEnableLoadOnStart.Checked;
Properties.Settings.Default.EnableSaveOnExit32 = checkBoxEnableSaveOnExit.Checked;
}
Properties.Settings.Default.SymbolPath = textBoxSymbolPath.Text;
Properties.Settings.Default.SymbolsConfigured = true;
Properties.Settings.Default.ParseStubMethods = checkBoxParseStubMethods.Checked;
Properties.Settings.Default.ResolveMethodNames = checkBoxResolveMethodNames.Checked;
Properties.Settings.Default.ProxyParserResolveSymbols = checkBoxProxyParserResolveSymbols.Checked;
Properties.Settings.Default.ParseRegisteredClasses = checkBoxParseRegisteredClasses.Checked;
Properties.Settings.Default.ParseActivationContext = checkBoxParseActCtx.Checked;
try
{
Properties.Settings.Default.Save();
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
DialogResult = DialogResult.OK;
Close();
}
private void btnMarshalProps_Click(object sender, EventArgs e)
{
try
{
COMObjRef objref = COMObjRef.FromArray(hexEditor.Bytes);
EntryPoint.GetMainForm(m_registry).HostControl(new MarshalEditorControl(m_registry, objref));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void viewPropertiesToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
EntryPoint.GetMainForm(m_registry).HostControl(new MarshalEditorControl(m_registry,
COMUtilities.MarshalObjectToObjRef(m_pObject, GetSelectedIID(),
MSHCTX.DIFFERENTMACHINE, MSHLFLAGS.NORMAL)));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private async void btnUnmarshal_Click(object sender, EventArgs e)
{
try
{
MemoryStream stm = new MemoryStream(hexEditor.Bytes);
object obj = COMUtilities.UnmarshalObject(hexEditor.Bytes);
await EntryPoint.GetMainForm(m_registry).OpenObjectInformation(obj, "Unmarshaled Object");
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void btnMarshal_Click(object sender, EventArgs e)
{
try
{
EntryPoint.GetMainForm(m_registry).HostControl(new ObjectHexEditor(m_registry,
"Marshal Editor", COMUtilities.MarshalObject(m_pObject, GetSelectedIID(),
MSHCTX.DIFFERENTMACHINE, MSHLFLAGS.NORMAL)));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private async void btnLoadFromStream_Click(object sender, System.EventArgs e)
{
try
{
MemoryStream stm = new MemoryStream(hexEditor.Bytes);
Guid clsid;
object obj = COMUtilities.OleLoadFromStream(new MemoryStream(hexEditor.Bytes), out clsid);
await EntryPoint.GetMainForm(m_registry).HostObject(m_registry.MapClsidToEntry(clsid), obj, false);
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void btnSaveStream_Click(object sender, EventArgs e)
{
try
{
using (MemoryStream stm = new MemoryStream())
{
COMUtilities.OleSaveToStream(m_pObject, stm);
EntryPoint.GetMainForm(m_registry).HostControl(new ObjectHexEditor(m_registry, "Stream Editor", stm.ToArray()));
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void linkLabel_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
ProcessStartInfo start_info = new ProcessStartInfo(linkLabel.Text);
start_info.UseShellExecute = true;
start_info.Verb = "open";
try
{
using (Process.Start(start_info))
{
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
internal void LoadProcessByProcessId(int pid)
{
try
{
ConfigureSymbols();
var processes = COMUtilities.LoadProcesses(new int[] { pid }, this, m_registry);
if (!processes.Any())
{
throw new ArgumentException(string.Format("Process {0} has not initialized COM, or is inaccessible", pid));
}
HostControl(new PropertiesControl(m_registry, string.Format("Process {0}", pid), processes.First()));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private async void toObjectToolStripMenuItem_Click(object sender, EventArgs e)
{
COMIPIDEntry ipid = GetSelectedIpid();
if (ipid != null)
{
try
{
await EntryPoint.GetMainForm(m_registry).OpenObjectInformation(
COMUtilities.UnmarshalObject(ipid.ToObjref()),
String.Format("IPID {0}", ipid.Ipid));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
}
private void viewInterfaceToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
COMObjRefStandard objref = COMUtilities.MarshalObjectToObjRef(m_pObject,
GetSelectedIID(), MSHCTX.DIFFERENTMACHINE, MSHLFLAGS.NORMAL) as COMObjRefStandard;
if (objref == null)
{
throw new Exception("Object must be standard marshaled to view the interface");
}
EntryPoint.GetMainForm(m_registry).LoadIPid(objref.Ipid);
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
void LoadROT(bool trusted_only)
{
IBindCtx bindCtx;
listViewROT.Items.Clear();
try
{
bindCtx = COMUtilities.CreateBindCtx(trusted_only ? 1U : 0U);
IRunningObjectTable rot;
IEnumMoniker enumMoniker;
IMoniker[] moniker = new IMoniker[1];
bindCtx.GetRunningObjectTable(out rot);
rot.EnumRunning(out enumMoniker);
while (enumMoniker.Next(1, moniker, IntPtr.Zero) == 0)
{
string strDisplayName;
Guid clsid;
moniker[0].GetDisplayName(bindCtx, null, out strDisplayName);
moniker[0].GetClassID(out clsid);
ListViewItem item = listViewROT.Items.Add(strDisplayName);
item.Tag = new MonikerInfo(strDisplayName, clsid, moniker[0]);
if (m_registry.Clsids.ContainsKey(clsid))
{
item.SubItems.Add(m_registry.Clsids[clsid].Name);
}
else
{
item.SubItems.Add(clsid.FormatGuid());
}
}
}
catch (Exception e)
{
EntryPoint.ShowError(this, e);
}
listViewROT.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
}
private void menuStorageNewStorage_Click(object sender, EventArgs e)
{
try
{
using (SaveFileDialog dlg = new SaveFileDialog())
{
dlg.Filter = STORAGE_FILTER;
if (dlg.ShowDialog(this) == DialogResult.OK)
{
Guid iid = typeof(IStorage).GUID;
IStorage stg = COMUtilities.StgCreateStorageEx(dlg.FileName,
STGM.SHARE_EXCLUSIVE | STGM.READWRITE, STGFMT.Storage, 0, null, IntPtr.Zero, ref iid);
HostControl(new StorageViewer(stg, Path.GetFileName(dlg.FileName), false));
}
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex, true);
}
}
private void menuFileOpenPowershell_Click(object sender, EventArgs e)
{
try
{
string temp_file = Path.GetTempFileName();
m_registry.Save(temp_file);
string startup_script = Path.Combine(COMUtilities.GetAppDirectory(), "Startup-Module.ps1");
if (!File.Exists(startup_script))
{
throw new ArgumentException("PowerShell startup script is missing");
}
using (Process.Start("powershell.exe", $"-NoExit -ExecutionPolicy Bypass -File \"{startup_script}\" \"{temp_file}\" -DeleteFile"))
{
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void menuStorageOpenStorage_Click(object sender, EventArgs e)
{
try
{
using (OpenFileDialog dlg = new OpenFileDialog())
{
dlg.ShowReadOnly = true;
dlg.ReadOnlyChecked = true;
dlg.Filter = STORAGE_FILTER;
if (dlg.ShowDialog(this) == DialogResult.OK)
{
IStorage stg = COMUtilities.StgOpenStorage(dlg.FileName, null, GetStorageAccess(dlg.ReadOnlyChecked), IntPtr.Zero, 0);
HostControl(new StorageViewer(stg, Path.GetFileName(dlg.FileName), dlg.ReadOnlyChecked));
}
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex, true);
}
}
private void menuFileOpenProxyDll_Click(object sender, EventArgs e)
{
using (OpenFileDialog dlg = new OpenFileDialog())
{
dlg.Filter = "Executable Files (*.dll;*.ocx)|*.dll;*.ocx|All Files (*.*)|*.*";
if (dlg.ShowDialog(this) == DialogResult.OK)
{
try
{
using (var resolver = EntryPoint.GetProxyParserSymbolResolver())
{
COMProxyInstance proxy = COMProxyInstance.GetFromFile(dlg.FileName, resolver, m_registry);
HostControl(new TypeLibControl(m_registry, Path.GetFileName(dlg.FileName), proxy, Guid.Empty));
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
}
}
private void toFileToolStripMenuItem_Click(object sender, EventArgs e)
{
COMIPIDEntry ipid = GetSelectedIpid();
if (ipid != null)
{
using (SaveFileDialog dlg = new SaveFileDialog())
{
dlg.Filter = "All Files (*.*)|*.*";
if (dlg.ShowDialog(this) == DialogResult.OK)
{
try
{
File.WriteAllBytes(dlg.FileName, ipid.ToObjref());
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
}
}
}
private void btnViewAssembly_Click(object sender, EventArgs e)
{
try
{
Assembly asm = null;
if (!string.IsNullOrWhiteSpace(textBoxDotNetCodeBase.Text))
{
asm = Assembly.LoadFrom(textBoxDotNetCodeBase.Text);
}
else
{
asm = Assembly.Load(textBoxDotNetAssemblyName.Text);
}
EntryPoint.GetMainForm(m_registry).HostControl(new TypeLibControl(asm.GetName().Name,
asm, m_clsid != null ? m_clsid.Clsid : Guid.Empty, true));
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
internal void LoadIPid(Guid ipid)
{
try
{
ConfigureSymbols();
var proc = COMUtilities.LoadProcesses(new int[] { COMUtilities.GetProcessIdFromIPid(ipid) }, this, m_registry).FirstOrDefault();
if (proc != null)
{
COMIPIDEntry ipid_entry = proc.Ipids.Where(e => e.Ipid == ipid).FirstOrDefault();
if (ipid_entry != null)
{
HostControl(new PropertiesControl(m_registry, string.Format("IPID: {0}", ipid.FormatGuid()), ipid_entry));
}
}
else
{
throw new Exception($"Couldn't load process for IPID: {ipid.FormatGuid()}");
}
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}
private void btnOK_Click(object sender, EventArgs e)
{
try
{
if (radioCurrentProcess.Checked)
{
Token = OpenImpersonationToken();
}
else if (radioSpecificProcess.Checked)
{
NtProcess process = selectProcessControl.SelectedProcess;
if (process == null)
{
throw new InvalidOperationException("Please select a process from the list");
}
using (var token = NtToken.OpenProcessToken(process, false, TokenAccessRights.Duplicate))
{
Token = token.DuplicateToken(TokenType.Impersonation, SecurityImpersonationLevel.Impersonation, TokenAccessRights.GenericAll);
}
}
else if (radioAnonymous.Checked)
{
Token = TokenUtils.GetAnonymousToken();
}
if (checkBoxSetIL.Checked)
{
Token.SetIntegrityLevel((TokenIntegrityLevel)comboBoxIL.SelectedItem);
}
if (checkBoxLocalAccess.Checked)
{
AccessRights |= COMAccessRights.ExecuteLocal;
}
if (checkBoxRemoteAccess.Checked)
{
AccessRights |= COMAccessRights.ExecuteRemote;
}
if (!_process_security)
{
if (checkBoxLocalLaunch.Checked)
{
LaunchRights |= COMAccessRights.ExecuteLocal;
}
if (checkBoxRemoteLaunch.Checked)
{
LaunchRights |= COMAccessRights.ExecuteRemote;
}
if (checkBoxLocalActivate.Checked)
{
LaunchRights |= COMAccessRights.ActivateLocal;
}
if (checkBoxRemoteActivate.Checked)
{
LaunchRights |= COMAccessRights.ActivateRemote;
}
if (!_process_security)
{
Principal = COMSecurity.UserToSid(textBoxPrincipal.Text).ToString();
}
}
DialogResult = DialogResult.OK;
Close();
}
catch (Exception ex)
{
EntryPoint.ShowError(this, ex);
}
}