public AssemblyDebugParser(Stream?peStream, Stream pdbStream)
        {
            Stream inputStream;

            if (!PdbConverter.IsPortable(pdbStream))
            {
                if (peStream == null)
                {
                    throw new ArgumentNullException(nameof(peStream), "Full PDB's require the PE file to be next to the PDB");
                }

                if (!AppCompat.IsSupported(RuntimeFeature.DiaSymReader))
                {
                    throw new PlatformNotSupportedException("Windows PDB cannot be processed on this platform.");
                }

                // Full PDB. convert to ppdb in memory

                _pdbBytes          = pdbStream.ReadAllBytes();
                pdbStream.Position = 0;
                _peBytes           = peStream.ReadAllBytes();
                peStream.Position  = 0;

                _temporaryPdbStream = new MemoryStream();
                PdbConverter.Default.ConvertWindowsToPortable(peStream, pdbStream, _temporaryPdbStream);
                _temporaryPdbStream.Position = 0;
                peStream.Position            = 0;
                inputStream = _temporaryPdbStream;
                _pdbType    = PdbType.Full;
            }
            else
            {
                inputStream        = pdbStream;
                _pdbType           = PdbType.Portable;
                _pdbBytes          = pdbStream.ReadAllBytes();
                pdbStream.Position = 0;
            }



            _readerProvider = MetadataReaderProvider.FromPortablePdbStream(inputStream);
            _reader         = _readerProvider.GetMetadataReader();

            if (peStream != null)
            {
                _peReader    = new PEReader(peStream);
                _ownPeReader = true;
            }
        }
示例#2
0
        public void AppCompatTestCreators()
        {
            var r = new AppCompat();

            var reg = new RegistryHive(@"D:\SynologyDrive\Registry\SYSTEM_Creators");

            reg.ParseHive();

            var key = reg.GetKey(@"ControlSet001\Control\Session Manager\AppCompatCache");

            Check.That(r.Values.Count).IsEqualTo(0);

            r.ProcessValues(key);

            Check.That(r.Values.Count).IsEqualTo(506);

            var ff = (ValuesOut)r.Values[0];

            Check.That(ff.CacheEntryPosition).IsEqualTo(0);
            Check.That(ff.ProgramName).Contains("nvstreg.exe");
        }
示例#3
0
        public void AppCompatTestOneOff()
        {
            var r = new AppCompat();

            var reg = new RegistryHive(@"C:\Users\eric\Desktop\SYSTEM");

            reg.ParseHive();

            var key = reg.GetKey(@"ControlSet001\Control\Session Manager\AppCompatCache");

            Check.That(r.Values.Count).IsEqualTo(0);

            r.ProcessValues(key);

            Check.That(r.Values.Count).IsEqualTo(325);

            var ff = (ValuesOut)r.Values[0];

            Check.That(ff.CacheEntryPosition).IsEqualTo(0);
            Check.That(ff.ProgramName).Contains("Logon");
        }
示例#4
0
        public void AppCompatTest()
        {
            var r = new AppCompat();

            var reg = new RegistryHive(@"D:\Sync\RegistryHives\SYSTEM");

            reg.ParseHive();

            var key = reg.GetKey(@"ControlSet001\Control\Session Manager\AppCompatCache");

            Check.That(r.Values.Count).IsEqualTo(0);

            r.ProcessValues(key);

            Check.That(r.Values.Count).IsEqualTo(1024);

            var ff = (ValuesOut)r.Values[0];

            Check.That(ff.CacheEntryPosition).IsEqualTo(0);
            Check.That(ff.ProgramName).Contains("java");
        }
示例#5
0
        private void ShowFile(PackageFile file)
        {
            object?content  = null;
            var    isBinary = false;

            // find all plugins which can handle this file's extension
            var contentViewers = FindContentViewer(file);

            if (contentViewers != null)
            {
                try
                {
                    // iterate over all plugins, looking for the first one that return non-null content
                    foreach (var viewer in contentViewers)
                    {
                        var files = file.GetAssociatedPackageFiles().ToList();

                        content = viewer.GetView(file, files);
                        if (content != null)
                        {
                            // found a plugin that can read this file, stop
                            break;
                        }
                    }
                }
                catch (Exception ex) when(!(ex is FileNotFoundException))
                {
                    DiagnosticsClient.TrackException(ex, ViewModel.Package, ViewModel.PublishedOnNuGetOrg);
                    // don't let plugin crash the app
                    content = Resources.PluginFailToReadContent + Environment.NewLine + ex.ToString();
                }

                isBinary = content is not string;
            }

            // if plugins fail to read this file, fall back to the default viewer
            var truncated = false;

            if (content == null)
            {
                isBinary = FileHelper.IsBinaryFile(file.Name);
                if (isBinary)
                {
                    content = Resources.UnsupportedFormatMessage;
                }
                else
                {
                    content = ReadFileContent(file, out truncated);
                }
            }

            long size = -1;
            IReadOnlyList <AuthenticodeSignature> sigs;
            SignatureCheckResult isValidSig;
            {
                // note: later, throught binding converter, SigningCertificate's CN value is extracted through native api
                if (AppCompat.IsSupported(RuntimeFeature.Cryptography, RuntimeFeature.NativeMethods))
                {
                    using var stream   = file.GetStream();
                    using var tempFile = new TemporaryFile(stream, Path.GetExtension(file.Name));
                    var extractor = new FileInspector(tempFile.FileName);

                    sigs       = extractor.GetSignatures().ToList();
                    isValidSig = extractor.Validate();
                    size       = tempFile.Length;
                }
                else
                {
                    using var stream = StreamUtility.MakeSeekable(file.GetStream(), disposeOriginal: true);
                    var peFile      = new PeFile(stream);
                    var certificate = CryptoUtility.GetSigningCertificate(peFile);

                    if (certificate is not null)
                    {
                        sigs       = new List <AuthenticodeSignature>(0);
                        isValidSig = SignatureCheckResult.UnknownProvider;
                    }
                    else
                    {
                        sigs       = new List <AuthenticodeSignature>(0);
                        isValidSig = SignatureCheckResult.NoSignature;
                    }
                    size = peFile.FileSize;
                }
            }

            var fileInfo = new FileContentInfo(
                file,
                file.Path,
                content,
                !isBinary,
                size,
                truncated,
                sigs,
                isValidSig);

            ViewModel.ShowFile(fileInfo);
        }