public AheadlibCodeGenerator(string codeGenPath, string oldDllName, bool isCodegenFunctionTrace, CodeGenDllMode dllMode, string logPath, DisplayModuleInfo dlltarget, string cfg) { CodeGenPath = codeGenPath; OldDllName = oldDllName; IsCodegenFunctionTrace = isCodegenFunctionTrace; DllMode = dllMode; LogPath = logPath; DllTarget = dlltarget; Functions = new List <AheadlibFunction>(); ReplaceRuleLoader = ReplaceRuleLoader.GetReplaceRules(cfg); PhSymbolProvider symbolProvider = new PhSymbolProvider(); foreach (var expfunction in dlltarget.Exports) { AheadlibFunction function = new AheadlibFunction(); function.Ordinal = expfunction.Ordinal; function.Name = expfunction.Name; var dx = new DisplayPeExport(expfunction, symbolProvider); function.UndecorateName = dx.Name; //function.SubstituteSymbol = function.UndecorateName; //ReplaceRuleLoader.Get_NameInSourceCode_From_Name(function.Name); function.ExportByOrdinal = expfunction.ExportByOrdinal; function.VirtualAddress = expfunction.VirtualAddress; Functions.Add(function); } }
public void InitializeView() { if (!NativeFile.Exists(this.Filename)) { MessageBox.Show( String.Format("{0:s} is not present on the disk", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.Pe = (Application.Current as App).LoadBinary(this.Filename); if (this.Pe == null || !this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(this.Filename); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); this._SelectedModule = null; this._DisplayWarning = false; // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.Items.Clear(); this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; this.ModulesList.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand; var RootFilename = Path.GetFileName(this.Filename); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe, ModuleSearchStrategy.ROOT); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, this.Filename), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Clear(); this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
private void OnListViewKeyDown(object sender, System.Windows.Input.KeyEventArgs e) { System.Windows.Controls.ListView ListView = sender as System.Windows.Controls.ListView; bool CtrlKeyDown = Keyboard.IsKeyDown(System.Windows.Input.Key.LeftCtrl) || Keyboard.IsKeyDown(System.Windows.Input.Key.RightCtrl); Debug.WriteLine("[DependencyModuleList] Key Pressed : " + e.Key + ". Ctrl Key down : " + CtrlKeyDown); if ((e.Key == System.Windows.Input.Key.C) && CtrlKeyDown) { List <string> StrToCopy = new List <string>(); foreach (object SelectItem in ListView.SelectedItems) { DisplayModuleInfo ModuleInfo = SelectItem as DisplayModuleInfo; StrToCopy.Add(ModuleInfo.ModuleName); } System.Windows.Clipboard.Clear(); System.Windows.Clipboard.SetText(String.Join("\n", StrToCopy.ToArray()), System.Windows.TextDataFormat.Text); return; } if ((e.Key == System.Windows.Input.Key.F) && CtrlKeyDown) { this.ModulesSearchBar.Visibility = System.Windows.Visibility.Visible; this.ModuleSearchFilter.Focus(); return; } }
public void AddModule(DisplayModuleInfo NewModule) { // TODO : Find a way to properly bind commands instead of using this hack NewModule.DoFindModuleInTreeCommand = DoFindModuleInTreeCommand; NewModule.ConfigureSearchOrderCommand = ConfigureSearchOrderCommand; this.Items.Add(NewModule); }
public void AddModule(DisplayModuleInfo NewModule) { // TODO : Find a way to properly bind commands instead of using this hack NewModule.DoFindModuleInTreeCommand = DoFindModuleInTreeCommand; this.ModulesList.Items.Add(NewModule); // Refresh search view ModuleSearchFilter_OnTextChanged(null, null); }
public ApiSetModuleInfo(string ApiSetModuleName, ref DisplayModuleInfo _UnderlyingModule) : base(ApiSetModuleName) { UnderlyingModule = _UnderlyingModule; _Flags |= ModuleFlag.ApiSet; if (ApiSetModuleName.StartsWith("ext-")) { _Flags |= ModuleFlag.ApiSetExt; } }
private void OnModuleViewSelectedItemChanged(object sender, RoutedEventArgs e) { DisplayModuleInfo SelectedModule = (sender as DependencyModuleList).SelectedItem as DisplayModuleInfo; // Selected Pe has not been found on disk if (SelectedModule == null) { return; } UpdateImportExportLists(SelectedModule); }
private void UpdateImportExportLists(DisplayModuleInfo SelectedModule) { if (SelectedModule == null) { this.ImportList.Items.Clear(); this.ExportList.Items.Clear(); } else { this.ImportList.SetImports(SelectedModule.Imports, SymPrv, this); this.ExportList.SetExports(SelectedModule.Exports, SymPrv); } }
private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e) { DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext); DisplayModuleInfo SelectedModule = childTreeContext.ModuleInfo.Target as DisplayModuleInfo; // Selected Pe has not been found on disk if (SelectedModule == null) { return; } UpdateImportExportLists(SelectedModule); }
private void OnModuleViewSelectedItemChanged(object sender, RoutedEventArgs e) { DisplayModuleInfo SelectedModule = (sender as DependencyModuleList).SelectedItem as DisplayModuleInfo; // Selected Pe has not been found on disk if (SelectedModule == null) { return; } // Display module as root (since we can't know which parent it's attached to) UpdateImportExportLists(SelectedModule, null); }
public PE LoadImport(string ModuleName, DisplayModuleInfo CurrentModule = null, bool DelayLoad = false) { if (CurrentModule == null) { CurrentModule = this._SelectedModule; } Tuple <ModuleSearchStrategy, PE> ResolvedModule = BinaryCache.ResolveModule( this.Pe, ModuleName, this.SxsEntriesCache, this.CustomSearchFolders, this.WorkingDirectory ); string ModuleFilepath = (ResolvedModule.Item2 != null) ? ResolvedModule.Item2.Filepath : null; ModuleCacheKey ModuleKey = new ModuleCacheKey(ModuleName, ModuleFilepath); if ((ModuleFilepath != null) && !this.ProcessedModulesCache.ContainsKey(ModuleKey)) { ModuleFlag DelayLoadFlag = (DelayLoad) ? ModuleFlag.DelayLoad : 0; if (ResolvedModule.Item1 == ModuleSearchStrategy.ApiSetSchema) { var ApiSetContractModule = new DisplayModuleInfo( BinaryCache.LookupApiSetLibrary(ModuleName), ResolvedModule.Item2, ResolvedModule.Item1, DelayLoadFlag & ModuleFlag.ApiSet ); var NewModule = new ApiSetModuleInfo(ModuleName, ref ApiSetContractModule); this.ProcessedModulesCache[ModuleKey] = NewModule; } else { var NewModule = new DisplayModuleInfo( ModuleName, ResolvedModule.Item2, ResolvedModule.Item1, DelayLoadFlag ); this.ProcessedModulesCache[ModuleKey] = NewModule; } // add it to the module list this.ModulesList.AddModule(this.ProcessedModulesCache[ModuleKey]); } return(ResolvedModule.Item2); }
private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e) { if (this.DllTreeView.SelectedItem == null) { UpdateImportExportLists(null, null); return; } DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext); DisplayModuleInfo SelectedModule = childTreeContext.ModuleInfo.Target as DisplayModuleInfo; if (SelectedModule == null) { return; } // Selected Pe has not been found on disk : unvalidate current module SelectedModule.HasErrors = !NativeFile.Exists(SelectedModule.Filepath); if (SelectedModule.HasErrors) { // TODO : do a proper refresh instead of asking the user to do it System.Windows.MessageBox.Show(String.Format("We could not find {0:s} file on the disk anymore, please fix this problem and refresh the window via F5", SelectedModule.Filepath)); } // Root Item : no parent ModuleTreeViewItem TreeRootItem = this.DllTreeView.Items[0] as ModuleTreeViewItem; ModuleTreeViewItem SelectedItem = this.DllTreeView.SelectedItem as ModuleTreeViewItem; if (SelectedItem == TreeRootItem) { // Selected Pe has not been found on disk : unvalidate current module if (SelectedModule.HasErrors) { UpdateImportExportLists(null, null); } else { SelectedModule.HasErrors = false; UpdateImportExportLists(SelectedModule, null); } return; } // Tree Item DisplayModuleInfo parentModule = SelectedItem.ParentModule.ModuleInfo; UpdateImportExportLists(SelectedModule, parentModule); }
public DependencyWindow(String FileName) { InitializeComponent(); this.Filename = FileName; this.Pe = new PE(FileName); if (!this.Pe.LoadSuccessful) { MessageBox.Show( String.Format("{0:s} is not a valid PE-COFF file", this.Filename), "Invalid PE", MessageBoxButton.OK ); return; } this.SymPrv = new PhSymbolProvider(); this.RootFolder = Path.GetDirectoryName(FileName); this.SxsEntriesCache = SxsManifest.GetSxsEntries(this.Pe); this.ProcessedModulesCache = new ModulesCache(); this.ApiSetmapCache = Phlib.GetApiSetSchema(); // TODO : Find a way to properly bind commands instead of using this hack this.ModulesList.DoFindModuleInTreeCommand = DoFindModuleInTree; var RootFilename = Path.GetFileName(FileName); var RootModule = new DisplayModuleInfo(RootFilename, this.Pe); this.ProcessedModulesCache.Add(new ModuleCacheKey(RootFilename, FileName), RootModule); ModuleTreeViewItem treeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeInfoContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(RootModule), IsDummy = false }; treeNode.DataContext = childTreeInfoContext; treeNode.Header = treeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); treeNode.IsExpanded = true; this.DllTreeView.Items.Add(treeNode); // Recursively construct tree of dll imports ConstructDependencyTree(treeNode, this.Pe); }
/// <summary> /// Reentrant version of Collapse/Expand Node /// </summary> /// <param name="Item"></param> /// <param name="ExpandNode"></param> private ModuleTreeViewItem FindModuleInTree(ModuleTreeViewItem Item, DisplayModuleInfo Module, bool Highlight = false) { if (Item.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath) == Module.ModuleName) { if (Highlight) { ExpandAllParentNode(Item.Parent as ModuleTreeViewItem); Item.IsSelected = true; Item.BringIntoView(); Item.Focus(); } return(Item); } // BFS style search -> return the first matching node with the lowest "depth" foreach (ModuleTreeViewItem ChildItem in Item.Items) { if (ChildItem.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath) == Module.ModuleName) { if (Highlight) { ExpandAllParentNode(Item); ChildItem.IsSelected = true; ChildItem.BringIntoView(); ChildItem.Focus(); } return(Item); } } foreach (ModuleTreeViewItem ChildItem in Item.Items) { ModuleTreeViewItem matchingItem = FindModuleInTree(ChildItem, Module, Highlight); // early exit as soon as we find a matching node if (matchingItem != null) { return(matchingItem); } } return(null); }
private void OnTreeViewSelectedItemChanged(object sender, RoutedPropertyChangedEventArgs <object> e) { if (this.DllTreeView.SelectedItem == null) { UpdateImportExportLists(null, null); return; } DependencyNodeContext childTreeContext = ((DependencyNodeContext)(this.DllTreeView.SelectedItem as ModuleTreeViewItem).DataContext); DisplayModuleInfo SelectedModule = childTreeContext.ModuleInfo.Target as DisplayModuleInfo; // Selected Pe has not been found on disk if (SelectedModule == null) { return; } // Root Item : no parent ModuleTreeViewItem TreeRootItem = this.DllTreeView.Items[0] as ModuleTreeViewItem; ModuleTreeViewItem SelectedItem = this.DllTreeView.SelectedItem as ModuleTreeViewItem; if (SelectedItem == TreeRootItem) { UpdateImportExportLists(SelectedModule, null); return; } // find parent. TODO : add parent ref to treeview context var parent = VisualTreeHelper.GetParent(SelectedItem as DependencyObject); while ((parent as TreeViewItem) == null) { parent = VisualTreeHelper.GetParent(parent); } DependencyNodeContext parentTreeContext = ((DependencyNodeContext)(parent as ModuleTreeViewItem).DataContext); DisplayModuleInfo parentModule = parentTreeContext.ModuleInfo.Target as DisplayModuleInfo; UpdateImportExportLists(SelectedModule, parentModule); }
private void UpdateImportExportLists(DisplayModuleInfo SelectedModule, DisplayModuleInfo Parent) { if (SelectedModule == null) { this.ImportList.Items.Clear(); this.ExportList.Items.Clear(); } else { if (Parent == null) // root module { this.ImportList.SetRootImports(SelectedModule.Imports, SymPrv, this); } else { // Imports from the same dll are not necessarly sequential (see: HDDGuru\RawCopy.exe) var machingImports = Parent.Imports.FindAll(imp => imp.Name == SelectedModule._Name); this.ImportList.SetImports(SelectedModule.Filepath, SelectedModule.Exports, machingImports, SymPrv, this); } this.ExportList.SetExports(SelectedModule.Exports, SymPrv); } }
private void UpdateImportExportLists(DisplayModuleInfo SelectedModule) { this.ImportList.SetImports(SelectedModule.Imports, SymPrv, this); this.ExportList.SetExports(SelectedModule.Exports, SymPrv); }
private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE, int RecursionLevel = 0) { // "Closured" variables (it 's a scope hack really). Dictionary <string, ImportContext> NewTreeContexts = new Dictionary <string, ImportContext>(); BackgroundWorker bw = new BackgroundWorker(); bw.WorkerReportsProgress = true; // useless here for now bw.DoWork += (sender, e) => { ProcessPe(NewTreeContexts, CurrentPE); }; bw.RunWorkerCompleted += (sender, e) => { TreeBuildingBehaviour.DependencyTreeBehaviour SettingTreeBehaviour = Dependencies.TreeBuildingBehaviour.GetGlobalBehaviour(); List <ModuleTreeViewItem> PeWithDummyEntries = new List <ModuleTreeViewItem>(); List <BacklogImport> PEProcessingBacklog = new List <BacklogImport>(); // Important ! // // This handler is executed in the STA (Single Thread Application) // which is authorized to manipulate UI elements. The BackgroundWorker is not. // foreach (ImportContext NewTreeContext in NewTreeContexts.Values) { ModuleTreeViewItem childTreeNode = new ModuleTreeViewItem(); DependencyNodeContext childTreeNodeContext = new DependencyNodeContext(); childTreeNodeContext.IsDummy = false; string ModuleName = NewTreeContext.ModuleName; string ModuleFilePath = NewTreeContext.PeFilePath; ModuleCacheKey ModuleKey = new ModuleCacheKey(ModuleName, ModuleFilePath); // Newly seen modules if (!this.ProcessedModulesCache.ContainsKey(ModuleKey)) { // Missing module "found" if ((NewTreeContext.PeFilePath == null) || !NativeFile.Exists(NewTreeContext.PeFilePath)) { this.ProcessedModulesCache[ModuleKey] = new NotFoundModuleInfo(ModuleName); } else { if (NewTreeContext.IsApiSet) { var ApiSetContractModule = new DisplayModuleInfo(NewTreeContext.ApiSetModuleName, NewTreeContext.PeProperties, NewTreeContext.ModuleLocation, NewTreeContext.Flags); var NewModule = new ApiSetModuleInfo(NewTreeContext.ModuleName, ref ApiSetContractModule); this.ProcessedModulesCache[ModuleKey] = NewModule; if (SettingTreeBehaviour == TreeBuildingBehaviour.DependencyTreeBehaviour.Recursive) { PEProcessingBacklog.Add(new BacklogImport(childTreeNode, ApiSetContractModule.ModuleName)); } } else { var NewModule = new DisplayModuleInfo(NewTreeContext.ModuleName, NewTreeContext.PeProperties, NewTreeContext.ModuleLocation, NewTreeContext.Flags); this.ProcessedModulesCache[ModuleKey] = NewModule; switch (SettingTreeBehaviour) { case TreeBuildingBehaviour.DependencyTreeBehaviour.RecursiveOnlyOnDirectImports: if ((NewTreeContext.Flags & ModuleFlag.DelayLoad) == 0) { PEProcessingBacklog.Add(new BacklogImport(childTreeNode, NewModule.ModuleName)); } break; case TreeBuildingBehaviour.DependencyTreeBehaviour.Recursive: PEProcessingBacklog.Add(new BacklogImport(childTreeNode, NewModule.ModuleName)); break; } } } // add it to the module list this.ModulesList.AddModule(this.ProcessedModulesCache[ModuleKey]); } // Since we uniquely process PE, for thoses who have already been "seen", // we set a dummy entry in order to set the "[+]" icon next to the node. // The dll dependencies are actually resolved on user double-click action // We can't do the resolution in the same time as the tree construction since // it's asynchronous (we would have to wait for all the background to finish and // use another Async worker to resolve). if ((NewTreeContext.PeProperties != null) && (NewTreeContext.PeProperties.GetImports().Count > 0)) { ModuleTreeViewItem DummyEntry = new ModuleTreeViewItem(); DependencyNodeContext DummyContext = new DependencyNodeContext() { ModuleInfo = new WeakReference(new NotFoundModuleInfo("Dummy")), IsDummy = true }; DummyEntry.DataContext = DummyContext; DummyEntry.Header = "@Dummy : if you see this header, it's a bug."; DummyEntry.IsExpanded = false; childTreeNode.Items.Add(DummyEntry); childTreeNode.Expanded += ResolveDummyEntries; } // Add to tree view childTreeNodeContext.ModuleInfo = new WeakReference(this.ProcessedModulesCache[ModuleKey]); childTreeNode.DataContext = childTreeNodeContext; childTreeNode.Header = childTreeNode.GetTreeNodeHeaderName(Dependencies.Properties.Settings.Default.FullPath); RootNode.Items.Add(childTreeNode); } // Process next batch of dll imports if (SettingTreeBehaviour != TreeBuildingBehaviour.DependencyTreeBehaviour.ChildOnly) { foreach (var ImportNode in PEProcessingBacklog) { ConstructDependencyTree(ImportNode.Item1, ImportNode.Item2, RecursionLevel + 1); // warning : recursive call } } }; bw.RunWorkerAsync(); }
private void UpdateImportExportLists(DisplayModuleInfo SelectedModule) { this.ImportList.SetImports(SelectedModule.Imports, this.Pe, this.SxsEntriesCache, SymPrv); this.ExportList.SetExports(SelectedModule.Exports, SymPrv); }
public ApiSetModuleInfo(string ApiSetModuleName, ref DisplayModuleInfo _UnderlyingModule) : base(ApiSetModuleName) { UnderlyingModule = _UnderlyingModule; }