Supporting x64 CLR dependencies

ClrPhlib/include/ClrPhlib.h

@@ -159,6 +159,9 @@ namespace Dependencies {
 
             // Check if the PE is 32-bit
             bool IsArm32Dll();
+
+            // Check if the PE is a dot net
+            bool IsClrDll();
 
             // return the processorArchiture of PE
             String^ GetProcessor();

ClrPhlib/src/managed/PE.cpp

@@ -201,6 +201,16 @@ bool PE::IsArm32Dll()
   return ((Properties->Machine & 0xffff) == IMAGE_FILE_MACHINE_ARMNT);
 }
 
+bool PE::IsClrDll()
+{
+    PIMAGE_DATA_DIRECTORY dataDirectory;
+    if (NT_SUCCESS(PhGetMappedImageDataEntry( &m_Impl->m_PvMappedImage, IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, &dataDirectory)))
+    {
+        return dataDirectory->VirtualAddress != 0;
+    }
+    return false;
+}
+
 String^ PE::GetProcessor()
 {
   if ((Properties->Machine & 0xffff) == IMAGE_FILE_MACHINE_I386)

DependenciesGui/DependencyWindow.xaml.cs

@@ -765,16 +765,10 @@ private void ProcessAppInitDlls(Dictionary<string, ImportContext> NewTreeContext
             }
         }
 
-        private void ProcessClrImports(Dictionary<string, ImportContext> NewTreeContexts, PE AnalyzedPe, ImportContext ImportModule)
+        private void ProcessClrImports(Dictionary<string, ImportContext> NewTreeContexts, PE AnalyzedPe)
         {
-            List<PeImportDll> PeImports = AnalyzedPe.GetImports();
 
-            // only mscorre triggers clr parsing
-            string User32Filepath = Path.Combine(FindPe.GetSystemPath(this.Pe), "mscoree.dll");
-            if (ImportModule.PeFilePath != User32Filepath)
-            {
-                return;
-            }
+            List<PeImportDll> PeImports = AnalyzedPe.GetImports();
 
             var resolver = new DefaultAssemblyResolver();
             resolver.AddSearchDirectory(RootFolder);
@@ -938,17 +932,19 @@ private void ProcessPe(Dictionary<string, ImportContext> NewTreeContexts, PE new
 
                 // add warning for appv isv applications 
                 TriggerWarningOnAppvIsvImports(DllImport.Name);
-
 
                 NewTreeContexts.Add(DllImport.Name, ImportModule);
 
-
                 // AppInitDlls are triggered by user32.dll, so if the binary does not import user32.dll they are not loaded.
                 ProcessAppInitDlls(NewTreeContexts, newPe, ImportModule);
 
+            }
 
-                // if mscoree.dll is imported, it means the module is a C# assembly, and we can use Mono.Cecil to enumerate its references
-                ProcessClrImports(NewTreeContexts, newPe, ImportModule);
+            // This should happen only if this is validated to be a C# assembly
+            if (newPe.IsClrDll())
+            {
+                // We use Mono.Cecil to enumerate its references
+                ProcessClrImports(NewTreeContexts, newPe);
             }
         }
 
@@ -980,6 +976,7 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE,
             BackgroundWorker bw = new BackgroundWorker();
             bw.WorkerReportsProgress = true; // useless here for now
 
+            (Application.Current as App).StatusBarMessage = "Analyzing PE File " + CurrentPE.Filepath;
 
             bw.DoWork += (sender, e) => {
 
@@ -1073,7 +1070,10 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE,
                     // it's asynchronous (we would have to wait for all the background to finish and
                     // use another Async worker to resolve).
 
-                    if ((NewTreeContext.PeProperties != null) && (NewTreeContext.PeProperties.GetImports().Count > 0))
+                    // Some dot net dlls give 0 for GetImports() but they will always have imports
+                    // that can be detected using the special CLR dll processing we do. 
+                    if ((NewTreeContext.PeProperties != null)  && 
+                    (NewTreeContext.PeProperties.GetImports().Count > 0 || NewTreeContext.PeProperties.IsClrDll()))
                     {
                         ModuleTreeViewItem DummyEntry = new ModuleTreeViewItem();
                         DependencyNodeContext DummyContext = new DependencyNodeContext()
@@ -1112,7 +1112,8 @@ private void ConstructDependencyTree(ModuleTreeViewItem RootNode, PE CurrentPE,
                     }
                 }
 
-
+
+                (Application.Current as App).StatusBarMessage = CurrentPE.Filepath + " Loaded successfully.";
             };
 
             bw.RunWorkerAsync();

README.md

@@ -1,9 +1,7 @@
 # Dependencies - An open-source modern Dependency Walker
 [![Build status](https://ci.appveyor.com/api/projects/status/wtr5v8ksndbkkqxg?svg=true)](https://ci.appveyor.com/project/lucasg/dependencies)
 
-### [Download here](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release.zip)
-
-#### [(If you're running an AV, use this download instead)](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release_.without.peview.exe.zip)
+### [Download here](https://github.com/himeshsameera/Dependencies/releases/download/V2.0-alpha/Dependencies_V2.0-alpha_x64.zip)
 
 NB : due to [limitations on /clr compilation](https://msdn.microsoft.com/en-us/library/ffkc918h.aspx), `Dependencies` needs [Visual C++  Redistributable](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads) installed to run properly.
 
@@ -13,10 +11,14 @@ NB : due to [limitations on /clr compilation](https://msdn.microsoft.com/en-us/l
 
 
 ## Overview
+
 `Dependencies` is a rewrite of the legacy software [Dependency Walker](http://www.dependencywalker.com/) which was shipped along Windows SDKs, but whose development stopped around 2006.
 `Dependencies` can help Windows developers troubleshooting their dll load dependencies issues.
 
 ## Releases
+* [v2.0-alpha](https://github.com/himeshsameera/Dependencies/releases/download/V2.0-alpha/Dependencies_V2.0-alpha_x64.zip) :
+	* Changes from HimeshSameera repository
+	* Fixed some issues with loading .NET dlls (mostly x64 ones) to Dependencies.
 * [v1.11](https://github.com/lucasg/Dependencies/releases/download/v1.11.1/Dependencies_x64_Release.zip) :
 	* lots of bugfixes and incremental improvements
 	* covid pandemic