public List <PortableExecutable> Process(String FilePath, PortableExecutable target) { this.LoadLocal(FilePath); this.SearchLocal(target); return(this.reverseDependecyList); }
private void SearchLocal(PortableExecutable target) { foreach (PortableExecutable portableExecutable in localPortableExecutables) { if (SearchIndividualPE(portableExecutable, target)) { reverseDependecyList.Add(portableExecutable); } } }
public void Load(PortableExecutable portableExecutable) { //references to properties of the portableExecutable we are going to load String FilePath = portableExecutable.FilePath; String currentDirectory = portableExecutable.directoryPath; List <string> listOfBranch = portableExecutable.listOfBranch; List <PortableExecutable> Dependencies = portableExecutable.Dependencies; List <DependeciesObject> DependencyNames = portableExecutable.DependencyNames; List <FunctionObject> ExportedFunctions = portableExecutable.ExportedFunctions; List <ImportFunctionObject> ImportFunctions = portableExecutable.ImportFunctions; List <HeaderObject> Headers = portableExecutable.Headers; List <SectionObject> Sections = portableExecutable.Sections; List <DirectoryObject> Directories = portableExecutable.Directories; List <string> ImportNames = portableExecutable.ImportNames; List <string> importMismatchedFiles = portableExecutable.importMismatchedFiles; List <string> circularDependencyFiles = portableExecutable.circularDependencyFiles; List <ErrorObject> issues = portableExecutable.issues; //the PE Header reader to be used PeHeaderReader reader = new PeHeaderReader(FilePath); if (Is32bitFile(reader)) { LoadImports(FilePath, true, ImportFunctions, ImportNames); LoadExports(FilePath, true, ExportedFunctions); } else { Service64Proxy.Service64 proxy = new Service64Proxy.Service64(); MyObject obj2 = new MyObject(); MyObject myobject = proxy.Load64Imports(obj2, FilePath, true); List <ImportFunctionObject> listOfobj = myobject.FunctionObjectList; foreach (ImportFunctionObject importFunctions in listOfobj) { ImportFunctions.Add(importFunctions); ImportNames.Add(importFunctions.Dependency); } ExportObject exportObject = new ExportObject(); ExportObject exports = proxy.Load64Exports(exportObject, FilePath, true); List <FunctionObject> exportList = exports.ExportFunctionObjectList; ExportedFunctions.AddRange(exportList); } GetHeader(Headers, reader); GetAssemblyDependencies(FilePath, ImportFunctions, ImportNames); GetAssemblyExports(FilePath, ExportedFunctions); GetDirectories(Directories, reader); GetSections(Sections, reader); LoadDependencies(ImportNames, Dependencies, currentDirectory, FilePath, reader, listOfBranch, this, ImportFunctions, importMismatchedFiles, circularDependencyFiles, issues); }
//Define EQ of PE on baseClass private bool SearchIndividualPE(PortableExecutable portableExecutable, PortableExecutable target) { bool containsTargetAsaDependecy = false; foreach (PortableExecutable dependency in portableExecutable.Dependencies) { if (dependency.Name == target.Name) { containsTargetAsaDependecy = true; break; } } return(containsTargetAsaDependecy); }
public void LoadLocal(String FilePath) { List <String> fileList = LoadDirectory(FilePath); foreach (String Path in fileList) { PortableExecutable portableExecutable = new PortableExecutable(ExtractFileNameFromPath(Path), Path); PortableExecutableLoader loader = new PortableExecutableLoader(); loader.Load(portableExecutable); localPortableExecutables.Add(portableExecutable); } foreach (string d in Directory.GetDirectories(FilePath)) { LoadLocal(d); } }
private bool SearchIndividualPE(PortableExecutable candidate, PortableExecutable target) { bool containsTargetAsaDependecy = false; if (candidate != null && target != null && candidate.Dependencies.Count > 0) { foreach (PortableExecutable dependency in candidate.Dependencies) { if (target.Equals(dependency)) { containsTargetAsaDependecy = true; break; } } } return(containsTargetAsaDependecy); }
/// <summary> /// Load each of the dependencies as a Portable Executable Object /// </summary> /// <returns> The Dependencies in a Portable Executable File Format </returns> private void LoadDependencies(List <string> ImportNames, List <PortableExecutable> Dependencies, String currentDirectory, String FilePath, PeHeaderReader reader, List <string> listOfBranch, PortableExecutableLoader portableExecutableLoader, List <ImportFunctionObject> importFunctions, List <string> importMismatchedFiles, List <string> circularDependencyFiles, List <ErrorObject> issues) { PortableExecutable PE; string filePath; unsafe { try { ImportNames = ImportNames.Distinct().ToList(); foreach (string name in ImportNames) { filePath = null; if (!filePathsTable.ContainsKey(name)) { var importedFunction = from import in importFunctions where import.Dependency == name select import.Function; List <String> importedFunctionNames = new List <string>(); importedFunctionNames.AddRange(importedFunction); foreach (String path in GetModulePath(name, currentDirectory, FilePath, reader)) { List <FunctionObject> exportsOfFile = new List <FunctionObject>(); List <string> exportsFunctionNames = new List <string>(); if (path != null) { LoadExports(path, true, exportsOfFile); foreach (FunctionObject exports in exportsOfFile) { exportsFunctionNames.Add(exports.Function); } var firstNotSecond = importedFunctionNames.Except(exportsFunctionNames).ToList(); // filePath = path; if (string.Equals(name, "kernel32.dll", StringComparison.OrdinalIgnoreCase) || string.Equals(name, "msvcrt.dll", StringComparison.OrdinalIgnoreCase)) { filePath = GetModulePath(name, currentDirectory, FilePath, reader).First(); break; } else if (!importedFunctionNames.Except(exportsFunctionNames).Any()) { filePath = path; break; } } } } else { filePath = filePathsTable[name].ToString(); } if (filePath == null) { if (GetModulePath(name, currentDirectory, FilePath, reader).Count > 0) { // importMismatchedFiles.Add(name); issues.Add(new ErrorObject(name, "Imports and Export mismatch found")); //Suggestion for import export mismatch error smartSuggestionEngine.readErrorCode(name, 4); } else { issues.Add(new ErrorObject(name, "File path not found")); //Suggestion for null file path smartSuggestionEngine.readErrorCode(name, 5); } } var hLib2 = LoadLibraryEx(filePath, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_IGNORE_CODE_AUTHZ_LEVEL); if (listOfBranch.Contains(name)) { // circularDependencyFiles.Add(name); issues.Add(new ErrorObject(name, "Circular dependency is detected")); //Suggestion for circular dependency smartSuggestionEngine.readErrorCode(name, 6); continue; } else { List <string> newBranchList = listOfBranch.ToList(); newBranchList.Add(name); if (!CheckLibrary(name)) { PE = new PortableExecutable(name, filePath, true, newBranchList); } else { PE = new PortableExecutable(name, filePath, false, newBranchList); } // Dependencies.Add(PE); portableExecutableLoader.Load(PE); Dependencies.Add(PE); } } } //To catch error in dependencies catch (Exception) { } return; } }