diff --git a/ClrPhlib/include/ClrPhlib.h b/ClrPhlib/include/ClrPhlib.h index 8fde4478..79091cf7 100644 --- a/ClrPhlib/include/ClrPhlib.h +++ b/ClrPhlib/include/ClrPhlib.h @@ -159,6 +159,9 @@ namespace Dependencies { // Check if the PE is 32-bit bool IsArm32Dll(); + + // Check if the PE is a dot net + bool IsClrDll(); // return the processorArchiture of PE String^ GetProcessor(); diff --git a/ClrPhlib/src/managed/PE.cpp b/ClrPhlib/src/managed/PE.cpp index 7a0429f5..46e6cb34 100644 --- a/ClrPhlib/src/managed/PE.cpp +++ b/ClrPhlib/src/managed/PE.cpp @@ -201,6 +201,16 @@ bool PE::IsArm32Dll() return ((Properties->Machine & 0xffff) == IMAGE_FILE_MACHINE_ARMNT); } +bool PE::IsClrDll() +{ + PIMAGE_DATA_DIRECTORY dataDirectory; + if (NT_SUCCESS(PhGetMappedImageDataEntry( &m_Impl->m_PvMappedImage, IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, &dataDirectory))) + { + return dataDirectory->VirtualAddress != 0; + } + return false; +} + String^ PE::GetProcessor() { if ((Properties->Machine & 0xffff) == IMAGE_FILE_MACHINE_I386) diff --git a/DependenciesGui/DependencyWindow.xaml.cs b/DependenciesGui/DependencyWindow.xaml.cs index fe4599a5..14f7c53c 100755 --- a/DependenciesGui/DependencyWindow.xaml.cs +++ b/DependenciesGui/DependencyWindow.xaml.cs @@ -765,16 +765,10 @@ private void ProcessAppInitDlls(Dictionary NewTreeContext } } - private void ProcessClrImports(Dictionary NewTreeContexts, PE AnalyzedPe, ImportContext ImportModule) + private void ProcessClrImports(Dictionary NewTreeContexts, PE AnalyzedPe) { - List PeImports = AnalyzedPe.GetImports(); - // only mscorre triggers clr parsing - string User32Filepath = Path.Combine(FindPe.GetSystemPath(this.Pe), "mscoree.dll"); - if (ImportModule.PeFilePath != User32Filepath) - { - return; - } + List PeImports = AnalyzedPe.GetImports(); var resolver = new DefaultAssemblyResolver(); resolver.AddSearchDirectory(RootFolder); @@ -938,17 +932,19 @@ private void ProcessPe(Dictionary NewTreeContexts, PE new // add warning for appv isv applications TriggerWarningOnAppvIsvImports(DllImport.Name); - NewTreeContexts.Add(DllImport.Name, ImportModule); - // AppInitDlls are triggered by user32.dll, so if the binary does not import user32.dll they are not loaded. ProcessAppInitDlls(NewTreeContexts, newPe, ImportModule); + } - // if mscoree.dll is imported, it means the module is a C# assembly, and we can use Mono.Cecil to enumerate its references - ProcessClrImports(NewTreeContexts, newPe, ImportModule); + // This should happen only if this is validated to be a C# assembly + if (newPe.IsClrDll()) + { + // We use Mono.Cecil to enumerate its references + ProcessClrImports(NewTreeContexts, newPe); } } @@ -980,6 +976,7 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE, BackgroundWorker bw = new BackgroundWorker(); bw.WorkerReportsProgress = true; // useless here for now + (Application.Current as App).StatusBarMessage = "Analyzing PE File " + CurrentPE.Filepath; bw.DoWork += (sender, e) => { @@ -1073,7 +1070,10 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE, // it's asynchronous (we would have to wait for all the background to finish and // use another Async worker to resolve). - if ((NewTreeContext.PeProperties != null) && (NewTreeContext.PeProperties.GetImports().Count > 0)) + // Some dot net dlls give 0 for GetImports() but they will always have imports + // that can be detected using the special CLR dll processing we do. + if ((NewTreeContext.PeProperties != null) && + (NewTreeContext.PeProperties.GetImports().Count > 0 || NewTreeContext.PeProperties.IsClrDll())) { ModuleTreeViewItem DummyEntry = new ModuleTreeViewItem(); DependencyNodeContext DummyContext = new DependencyNodeContext() @@ -1112,7 +1112,8 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE, } } - + + (Application.Current as App).StatusBarMessage = CurrentPE.Filepath + " Loaded successfully."; }; bw.RunWorkerAsync(); diff --git a/README.md b/README.md index 5230ca88..6765d4d4 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ # Dependencies - An open-source modern Dependency Walker [![Build status](https://ci.appveyor.com/api/projects/status/wtr5v8ksndbkkqxg?svg=true)](https://ci.appveyor.com/project/lucasg/dependencies) -### [Download here](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release.zip) - -#### [(If you're running an AV, use this download instead)](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release_.without.peview.exe.zip) +### [Download here](https://github.com/himeshsameera/Dependencies/releases/download/V2.0-alpha/Dependencies_V2.0-alpha_x64.zip) NB : due to [limitations on /clr compilation](https://msdn.microsoft.com/en-us/library/ffkc918h.aspx), `Dependencies` needs [Visual C++ Redistributable](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads) installed to run properly. @@ -13,10 +11,14 @@ NB : due to [limitations on /clr compilation](https://msdn.microsoft.com/en-us/l ## Overview + `Dependencies` is a rewrite of the legacy software [Dependency Walker](http://www.dependencywalker.com/) which was shipped along Windows SDKs, but whose development stopped around 2006. `Dependencies` can help Windows developers troubleshooting their dll load dependencies issues. ## Releases +* [v2.0-alpha](https://github.com/himeshsameera/Dependencies/releases/download/V2.0-alpha/Dependencies_V2.0-alpha_x64.zip) : + * Changes from HimeshSameera repository + * Fixed some issues with loading .NET dlls (mostly x64 ones) to Dependencies. * [v1.11](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release.zip) : * lots of bugfixes and incremental improvements * covid pandemic