directoryentry - Page 4

AD - DirectoryServices: VBNET2.0 - Speaking architecture...

- by Will Marcouiller

I've been mandated to write an application to migrate the Active Directory access models to another environment. Here's the context: I'm stuck with VB.NET 2005 and .NET Framework 2.0; The application must use the Windows authenticated user to manage AD; The objects I have to handle are Groups, Users and OrganizationalUnits; I intend to use the Façade design pattern to provider ease of use and a fully reusable code; I plan to write a factory for each of the objects managed (group, ou, user); The use of Attributes should be useful here, I guess; As everything is about the DirectoryEntry class when accessing the AD, it seems a good candidate for generic types. Obligatory features: User creates new OUs manually; User creates new group manually; User creates new user (these users are services accounts) manually; Application reads an XML file which contains the OUs, groups and users to create; Application informs the user about the OUs, groups and users that shall be created; User specifies the domain environment where to migrate the XML input file designated objects; User makes changes if needed, and launches the task operations; Application performs required by the XML input file operations against the underlying AD as specified by the user; Application informs the user upon completion. Linear features: User fetches OUs, groups, users; User changes OUs, groups, users; User deletes OUs, groups, users; The application logs AD entries and operations performed, plus errors and exceptions; Nice-to-have features: Application rollbacks operations on error or exception. I've been working for weeks now to get acquainted with the AD and the System.DirectoryServices assembly. But I don't seem to find a way to be fully satisfied with what I'm doing and always looking for better. I have studied Bret de Smet's Linq to AD on CodePlex, but then again, I can't use it as I'm stuck with .NET 2.0, so no Linq! But I've learned about Attributes, and seen that he's working with generic types as he codes a DirectorySource class to perform the operations for OUs, groups and users. Any suggestions? Thanks for any help, code sample, ideas, architural solution, everything!

Read the article

PowerShell Script to Enumerate SharePoint 2010 or 2013 Permissions and Active Directory Group Membership

- by Brian T. Jackett

Originally posted on: http://geekswithblogs.net/bjackett/archive/2013/07/01/powershell-script-to-enumerate-sharepoint-2010-or-2013-permissions-and.aspx In this post I will present a script to enumerate SharePoint 2010 or 2013 permissions across the entire farm down to the site (SPWeb) level. As a bonus this script also recursively expands the membership of any Active Directory (AD) group including nested groups which you wouldn’t be able to find through the SharePoint UI. History Back in 2009 (over 4 years ago now) I published one my most read blog posts about enumerating SharePoint 2007 permissions. I finally got around to updating that script to remove deprecated APIs, supporting the SharePoint 2010 commandlets, and fixing a few bugs. There are 2 things that script did that I had to remove due to major architectural or procedural changes in the script. Indenting the XML output Ability to search for a specific user I plan to add back the ability to search for a specific user but wanted to get this version published first. As for indenting the XML that could be added but would take some effort. If there is user demand for it (let me know in the comments or email me using the contact button at top of blog) I’ll move it up in priorities. As a side note you may also notice that I’m not using the Active Directory commandlets. This was a conscious decision since not all environments have them available. Instead I’m relying on the older [ADSI] type accelerator and APIs. It does add a significant amount of code to the script but it is necessary for compatibility. Hopefully in a few years if I need to update again I can remove that legacy code. Solution Below is the script to enumerate SharePoint 2010 and 2013 permissions down to site level. You can also download it from my SkyDrive account or my posting on the TechNet Script Center Repository. SkyDrive TechNet Script Center Repository http://gallery.technet.microsoft.com/scriptcenter/Enumerate-SharePoint-2010-35976bdb 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 095 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 ########################################################### #DisplaySPWebApp8.ps1 # #Author: Brian T. Jackett #Last Modified Date: 2013-07-01 # #Traverse the entire web app site by site to display # hierarchy and users with permissions to site. ########################################################### function Expand-ADGroupMembership { Param ( [Parameter(Mandatory=$true, Position=0)] [string] $ADGroupName, [Parameter(Position=1)] [string] $RoleBinding ) Process { $roleBindingText = "" if(-not [string]::IsNullOrEmpty($RoleBinding)) { $roleBindingText = " RoleBindings=`"$roleBindings`"" } Write-Output "<ADGroup Name=`"$($ADGroupName)`"$roleBindingText>" $domain = $ADGroupName.substring(0, $ADGroupName.IndexOf("\") + 1) $groupName = $ADGroupName.Remove(0, $ADGroupName.IndexOf("\") + 1) #BEGIN - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY #http://www.microsoft.com/technet/scriptcenter/scripts/powershell/search/users/srch106.mspx #GET AD GROUP FROM DIRECTORY SERVICES SEARCH $strFilter = "(&(objectCategory=Group)(name="+($groupName)+"))" $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.Filter = $strFilter # specify properties to be returned $colProplist = ("name","member","objectclass") foreach ($i in $colPropList) { $catcher = $objSearcher.PropertiesToLoad.Add($i) } $colResults = $objSearcher.FindAll() #END - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY foreach ($objResult in $colResults) { if($objResult.Properties["Member"] -ne $null) { foreach ($member in $objResult.Properties["Member"]) { $indMember = [adsi] "LDAP://$member" $fullMemberName = $domain + ($indMember.Name) #if($indMember["objectclass"] # if child AD group continue down chain if(($indMember | Select-Object -ExpandProperty objectclass) -contains "group") { Expand-ADGroupMembership -ADGroupName $fullMemberName } elseif(($indMember | Select-Object -ExpandProperty objectclass) -contains "user") { Write-Output "<ADUser>$fullMemberName</ADUser>" } } } } Write-Output "</ADGroup>" } } #end Expand-ADGroupMembership # main portion of script if((Get-PSSnapin -Name microsoft.sharepoint.powershell) -eq $null) { Add-PSSnapin Microsoft.SharePoint.PowerShell } $farm = Get-SPFarm Write-Output "<Farm Guid=`"$($farm.Id)`">" $webApps = Get-SPWebApplication foreach($webApp in $webApps) { Write-Output "<WebApplication URL=`"$($webApp.URL)`" Name=`"$($webApp.Name)`">" foreach($site in $webApp.Sites) { Write-Output "<SiteCollection URL=`"$($site.URL)`">" foreach($web in $site.AllWebs) { Write-Output "<Site URL=`"$($web.URL)`">" # if site inherits permissions from parent then stop processing if($web.HasUniqueRoleAssignments -eq $false) { Write-Output "" } # else site has unique permissions else { foreach($assignment in $web.RoleAssignments) { if(-not [string]::IsNullOrEmpty($assignment.Member.Xml)) { $roleBindings = ($assignment.RoleDefinitionBindings | Select-Object -ExpandProperty name) -join "," # check if assignment is SharePoint Group if($assignment.Member.XML.StartsWith('<Group') -eq "True") { Write-Output "<SPGroup Name=`"$($assignment.Member.Name)`" RoleBindings=`"$roleBindings`">" foreach($SPGroupMember in $assignment.Member.Users) { # if SharePoint group member is an AD Group if($SPGroupMember.IsDomainGroup) { Expand-ADGroupMembership -ADGroupName $SPGroupMember.Name } # else SharePoint group member is an AD User else { # remove claim portion of user login #Write-Output "<ADUser>$($SPGroupMember.UserLogin.Remove(0,$SPGroupMember.UserLogin.IndexOf("|") + 1))</ADUser>" Write-Output "<ADUser>$($SPGroupMember.UserLogin)</ADUser>" } } Write-Output "</SPGroup>" } # else an indivdually listed AD group or user else { if($assignment.Member.IsDomainGroup) { Expand-ADGroupMembership -ADGroupName $assignment.Member.Name -RoleBinding $roleBindings } else { # remove claim portion of user login #Write-Output "<ADUser>$($assignment.Member.UserLogin.Remove(0,$assignment.Member.UserLogin.IndexOf("|") + 1))</ADUser>" Write-Output "<ADUser RoleBindings=`"$roleBindings`">$($assignment.Member.UserLogin)</ADUser>" } } } } } Write-Output "</Site>" $web.Dispose() } Write-Output "</SiteCollection>" $site.Dispose() } Write-Output "</WebApplication>" } Write-Output "</Farm>" The output from the script can be sent to an XML which you can then explore using the [XML] type accelerator. This lets you explore the XML structure however you see fit. See the screenshot below for an example. If you do view the XML output through a text editor (Notepad++ for me) notice the format. Below we see a SharePoint site that has a SharePoint group Demo Members with Edit permissions assigned. Demo Members has an AD group corp\developers as a member. corp\developers has a child AD group called corp\DevelopersSub with 1 AD user in that sub group. As you can see the script recursively expands the AD hierarchy. Conclusion It took me 4 years to finally update this script but I‘m happy to get this published. I was able to fix a number of errors and smooth out some rough edges. I plan to develop this into a more full fledged tool over the next year with more features and flexibility (copy permissions, search for individual user or group, optional enumerate lists / items, etc.). If you have any feedback, feature requests, or issues running it please let me know. Enjoy the script! -Frog Out

Read the article

Code that Worked with MultiView fails with Wizard ASP.NET

- by davemackey

I originally created a process that occurred by transitioning between views in a multiview and it worked fine. Now, I've moved this same code into a ASP.NET Wizard and it keeps throwing an error at the second step. The error is: Method 'System.Object AndObject(System.Object, System.Object)' has no supported translation to SQL. Any ideas why this would occur when moving the code into the wizard? I'm sure its something stupid, but I've checked over the code 3-4 times now and it appears identical operationally. Here is the code: ' Make sure we have the LDAP portion of the .NET Framework available. Imports System.DirectoryServices ' Allows us to interface with LDAP. Imports System.Data.Linq.SqlClient ' Allows us to use LINQ SQL Methods. Partial Public Class buildit Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load ' ******* Grab the LDAP info. for current user. Dim ID As FormsIdentity = DirectCast(User.Identity, FormsIdentity) Dim ticket As FormsAuthenticationTicket = ID.Ticket Dim adDirectory As New DirectoryEntry("LDAP://OU=[info],DC=[info],DC=[info],DC=[info]") ' We need to strip off @email.address from the ticket name, so we'll use substring to grab the first ' five characters. Dim adTicketID As String = ticket.Name.Substring(0, 5) Dim adEmployeeID As String adEmployeeID = adDirectory.Children.Find("CN=" & adTicketID).Properties("employeeID").Value ' ******* Lets make sure they have signed the housing contract and the community covenant. Dim dbContractSigs As New pcRoomOccupantsDataContext Dim pcContractSigs = From p In dbContractSigs.webContractSigs _ Where p.people_id = adEmployeeID _ Select p.res_contract, p.comm_life If pcContractSigs.Count.Equals(0) Then Response.Redirect("signcontract.aspx") Else Dim cs As String = pcContractSigs.First.res_contract.ToString Dim cos As String = pcContractSigs.First.comm_life.ToString If cs = "Y" And cos = "Y" Then ' We don't need to do anything. ' We use the else statement b/c there are multiple conditions that could occur besides "N" ' that would cause us to redirect to the signature page, whereas there is only one valid response - "Y". Else ' Redirect the individual to our contracts page. Response.Redirect("signcontract.aspx") End If End If ' ******* Now lets find out what gender that individual is. Dim dbIndividual As New pcPeopleDataContext Dim pcIndividual = From p In dbIndividual.PEOPLEs _ Join d In dbIndividual.DEMOGRAPHICs On p.PEOPLE_CODE_ID Equals d.PEOPLE_CODE_ID _ Where p.PEOPLE_ID = adEmployeeID _ Select p, d ' Make a session variable that will carry with the user throughout the session delineating gender. Session("sgender") = pcIndividual.First.d.GENDER.ToString ' Debug Code. ' Put a stop at end sub to get these values. ' Response.Write(adEmployeeID) End Sub Sub LinqDataSource1_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' Lets get a list of the dorms that are available for user's gender. Dim pcDorms As New pcDormsDataContext Dim selectedDorms = (From sd In pcDorms.PBU_WEB_DORMs _ Where IIf(Session("sgender").ToString = "M", sd.description = "Male", sd.description = "Female") _ Select sd.dorm_building).Distinct() e.Result = selectedDorms End Sub Public Sub Button_ItemCommand(ByVal Sender As Object, ByVal e As RepeaterCommandEventArgs) ' ******** Lets pass on the results of our query in LinqDataSource1_Selecting. Session("sdorm") = RTrim(e.CommandName) ' ******** Debug code. ' Response.Write(sDorm) End Sub Sub LinqDataSource2_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' ******** Get a list of rooms available in the dorm for user's gender. Dim pcDorms As New pcDormsDataContext Dim selectedDorm = (From sd In pcDorms.PBU_WEB_DORMs _ Where IIf(Session("sgender").ToString = "M", sd.description = "Male", sd.description = "Female") _ And sd.dorm_building = CStr(Session("sdorm")) _ Select sd.dorm_room) e.Result = selectedDorm End Sub Public Sub Button2_ItemCommand(ByVal Sender As Object, ByVal e As RepeaterCommandEventArgs) ' ******** Lets pass on the results of our query in LinqDataSource2_Selecting. Session("sroom") = RTrim(e.CommandName) End Sub Sub LinqDataSource3_Selecting(ByVal sender As Object, ByVal e As LinqDataSourceSelectEventArgs) ' ******** Grabs the individuals currently listed as residing in this room and displays them. Note the use of SqlMethods.Like ' for dorm_building, this is due to legacy issues where dorms sometimes have leading or trailing blank spaces. We could have ' also used Trim. Dim pcOccupants As New pcRoomOccupantsDataContext Dim roomOccupants = (From ro In pcOccupants.webResidents _ Where SqlMethods.Like(ro.dorm_building, "%" & CStr(Session("sdorm")) & "%") _ And ro.dorm_room = CStr(Session("sroom")) _ Select ro.person_name) e.Result = roomOccupants ' ******** Debug code. 'Response.Write(CStr(Session("sdorm"))) 'Response.Write(CStr(Session("sroom"))) End Sub Protected Sub Button4_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button4.Click ' ******** Reserve the room for a student. End Sub End Class

Read the article

Postmortem debugging with WinDBG.

- by Drazar

I have an WCF-service running on an server, and occasionally(1-2 times every month) it throws an COMException with the informative message ”Unknown error (0x8005008)”. When i googled for this particular error I only got threads about problems when creating virtual directories in IIS. And the source code hasn’t anything with making a virtual directory in IIS. DirectoryServiceLib.LdapProvider.Directory - CreatePost - Could not create employee for 195001010000,000000000000: System.Runtime.InteropServices.COMException (0x80005008): Unknown error (0x80005008) at System.DirectoryServices.PropertyValueCollection.PopulateList I've taken a memorydump when I catch the Exception for further analysis in WinDBG. After switching to the right thread I executed the !CLRStack command: 000000001b8ab6d8 000000007708671a [NDirectMethodFrameStandalone: 000000001b8ab6d8] Common.MemoryDump.MiniDumpWriteDump(IntPtr, Int32, IntPtr, MINIDUMP_TYPE, IntPtr, IntPtr, IntPtr) 000000001b8ab680 000007ff002808d8 DomainBoundILStubClass.IL_STUB_PInvoke(IntPtr, Int32, IntPtr, MINIDUMP_TYPE, IntPtr, IntPtr, IntPtr) 000000001b8ab780 000007ff00280812 Common.MemoryDump.CreateMiniDump(System.String) 000000001b8ab7e0 000007ff0027b218 DirectoryServiceLib.LdapProvider.Directory.CreatePost(System.String, DirectoryServiceLib.Model.Post, DirectoryServiceLib.Model.Presumptions, Services.Common.SourceEnum, System.String) 000000001b8ad6d8 000007fef8816869 [HelperMethodFrame: 000000001b8ad6d8] 000000001b8ad820 000007feec2b6c6f System.DirectoryServices.PropertyValueCollection.PopulateList() 000000001b8ad860 000007feec225f0f System.DirectoryServices.PropertyValueCollection..ctor(System.DirectoryServices.DirectoryEntry, System.String) 000000001b8ad8a0 000007feec22d023 System.DirectoryServices.PropertyCollection.get_Item(System.String) 000000001b8ad8f0 000007ff00274d34 Common.DirectoryEntryExtension.GetStringAttribute(System.String) 000000001b8ad940 000007ff0027f507 DirectoryServiceLib.LdapProvider.DirectoryPost.Copy(DirectoryServiceLib.LdapProvider.DirectoryPost) 000000001b8ad980 000007ff0027a7cf DirectoryServiceLib.LdapProvider.Directory.CreatePost(System.String, DirectoryServiceLib.Model.Post, DirectoryServiceLib.Model.Presumptions, Services.Common.SourceEnum, System.String) 000000001b8adbe0 000007ff00279532 DirectoryServiceLib.WCFDirectory.CreatePost(System.String, DirectoryServiceLib.Model.Post, DirectoryServiceLib.Model.Presumptions, Services.Common.SourceEnum, System.String) 000000001b8adc60 000007ff001f47bd DynamicClass.SyncInvokeCreatePost(System.Object, System.Object[], System.Object[]) My conclusion is that it fails when the code is calling System.DirectoryServices.PropertyCollection.get_Item(System.String). So after issuing an !CLRStack -a I get this result: 000000001b8ad8a0 000007feec22d023 System.DirectoryServices.PropertyCollection.get_Item(System.String) PARAMETERS: this = <no data> propertyName = <no data> LOCALS: <CLR reg> = 0x0000000001dcef78 <no data> My very first question is why does it display no data on the propertyname? I am kinda new on Windbg. However I executed an dumpobject on = 0x0000000001dcef78: 0:013> !do 0x0000000001dcef78 Name: System.String MethodTable: 000007fef66d6960 EEClass: 000007fef625eec8 Size: 74(0x4a) bytes File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll String: personalprescriptioncode Fields: MT Field Offset Type VT Attr Value Name 000007fef66dc848 40000ed 8 System.Int32 1 instance 24 m_stringLength 000007fef66db388 40000ee c System.Char 1 instance 70 m_firstChar 000007fef66d6960 40000ef 10 System.String 0 shared static Empty >> Domain:Value 0000000000174e10:00000000019d1420 000000001a886f50:00000000019d1420 << So when the source code wants to fetch the personalprescriptioncode from Active Directory(what is used for persistence layer) it fails. Looking back at the stack it is when issuing the Copy method. DirectoryServiceLib.LdapProvider.DirectoryPost.Copy(DirectoryServiceLib.LdapProvider.DirectoryPost) So looking in the sourcecode: DirectoryPost postInLimbo = DirectoryPostFactory.Instance().GetDirectoryPost(LdapConfigReader.Instance().GetConfigValue("LimboDN"), idGenPerson.ID.UserId); if (postInLimbo != null) newPost.Copy(postInLimbo); This code is looking for another post in OU=limbo with the same UserId and if it finds one it copies the attributes to the new post. In this case it does and it fails with personalprescriptioncode. I've looked in Active Directory under OU=Limbo and the post exist there with the attribute personalprescriptioncode=31243. Question 1: Why does it display no data for some of the PARAMETERS and LOCALS? Is it the GC who has cleaned up before the memorydump had been created. Question 2: Is there anymore i can do to get to the solution to this problem?

Read the article

How to programatically read native DLL imports in C#?

- by Eric

The large hunk of C# code below is intended to print the imports of a native DLL. I copied it from from this link and modified it very slightly, just to use LoadLibraryEx as Mike Woodring does here. I find that when I call the Foo.Test method with the original example's target, MSCOREE.DLL, it prints all the imports fine. But when I use other dlls like GDI32.DLL or WSOCK32.DLL the imports do not get printed. What's missing from this code that would let it print all the imports as, for example, DUMPBIN.EXE does? (Is there a hint I'm not grokking in the original comment that says, "using mscoree.dll as an example as it doesnt export any thing"?) Here's the extract that just shows how it's being invoked: public static void Test() { // WORKS: var path = @"c:\windows\system32\mscoree.dll"; // NO ERRORS, BUT NO IMPORTS PRINTED EITHER: //var path = @"c:\windows\system32\gdi32.dll"; //var path = @"c:\windows\system32\wsock32.dll"; var hLib = LoadLibraryEx(path, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_IGNORE_CODE_AUTHZ_LEVEL); TestImports(hLib, true); } And here is the whole code example: namespace PETest2 { [StructLayout(LayoutKind.Explicit)] public unsafe struct IMAGE_IMPORT_BY_NAME { [FieldOffset(0)] public ushort Hint; [FieldOffset(2)] public fixed char Name[1]; } [StructLayout(LayoutKind.Explicit)] public struct IMAGE_IMPORT_DESCRIPTOR { #region union /// <summary> /// CSharp doesnt really support unions, but they can be emulated by a field offset 0 /// </summary> [FieldOffset(0)] public uint Characteristics; // 0 for terminating null import descriptor [FieldOffset(0)] public uint OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA) #endregion [FieldOffset(4)] public uint TimeDateStamp; [FieldOffset(8)] public uint ForwarderChain; [FieldOffset(12)] public uint Name; [FieldOffset(16)] public uint FirstThunk; } [StructLayout(LayoutKind.Explicit)] public struct THUNK_DATA { [FieldOffset(0)] public uint ForwarderString; // PBYTE [FieldOffset(4)] public uint Function; // PDWORD [FieldOffset(8)] public uint Ordinal; [FieldOffset(12)] public uint AddressOfData; // PIMAGE_IMPORT_BY_NAME } public unsafe class Interop { #region Public Constants public static readonly ushort IMAGE_DIRECTORY_ENTRY_IMPORT = 1; #endregion #region Private Constants #region CallingConvention CALLING_CONVENTION /// <summary> /// Specifies the calling convention. /// </summary> /// <remarks> /// Specifies <see cref="CallingConvention.Winapi" /> for Windows to /// indicate that the default should be used. /// </remarks> private const CallingConvention CALLING_CONVENTION = CallingConvention.Winapi; #endregion CallingConvention CALLING_CONVENTION #region IMPORT DLL FUNCTIONS private const string KERNEL_DLL = "kernel32"; private const string DBGHELP_DLL = "Dbghelp"; #endregion #endregion Private Constants [DllImport(KERNEL_DLL, CallingConvention = CALLING_CONVENTION, EntryPoint = "GetModuleHandleA"), SuppressUnmanagedCodeSecurity] public static extern void* GetModuleHandleA(/*IN*/ char* lpModuleName); [DllImport(KERNEL_DLL, CallingConvention = CALLING_CONVENTION, EntryPoint = "GetModuleHandleW"), SuppressUnmanagedCodeSecurity] public static extern void* GetModuleHandleW(/*IN*/ char* lpModuleName); [DllImport(KERNEL_DLL, CallingConvention = CALLING_CONVENTION, EntryPoint = "IsBadReadPtr"), SuppressUnmanagedCodeSecurity] public static extern bool IsBadReadPtr(void* lpBase, uint ucb); [DllImport(DBGHELP_DLL, CallingConvention = CALLING_CONVENTION, EntryPoint = "ImageDirectoryEntryToData"), SuppressUnmanagedCodeSecurity] public static extern void* ImageDirectoryEntryToData(void* Base, bool MappedAsImage, ushort DirectoryEntry, out uint Size); } static class Foo { // From winbase.h in the Win32 platform SDK. // const uint DONT_RESOLVE_DLL_REFERENCES = 0x00000001; const uint LOAD_IGNORE_CODE_AUTHZ_LEVEL = 0x00000010; [DllImport("kernel32.dll"), SuppressUnmanagedCodeSecurity] static extern uint LoadLibraryEx(string fileName, uint notUsedMustBeZero, uint flags); public static void Test() { //var path = @"c:\windows\system32\mscoree.dll"; //var path = @"c:\windows\system32\gdi32.dll"; var path = @"c:\windows\system32\wsock32.dll"; var hLib = LoadLibraryEx(path, 0, DONT_RESOLVE_DLL_REFERENCES | LOAD_IGNORE_CODE_AUTHZ_LEVEL); TestImports(hLib, true); } // using mscoree.dll as an example as it doesnt export any thing // so nothing shows up if you use your own module. // and the only none delayload in mscoree.dll is the Kernel32.dll private static void TestImports( uint hLib, bool mappedAsImage ) { unsafe { //fixed (char* pszModule = "mscoree.dll") { //void* hMod = Interop.GetModuleHandleW(pszModule); void* hMod = (void*)hLib; uint size = 0; uint BaseAddress = (uint)hMod; if (hMod != null) { Console.WriteLine("Got handle"); IMAGE_IMPORT_DESCRIPTOR* pIID = (IMAGE_IMPORT_DESCRIPTOR*)Interop.ImageDirectoryEntryToData((void*)hMod, mappedAsImage, Interop.IMAGE_DIRECTORY_ENTRY_IMPORT, out size); if (pIID != null) { Console.WriteLine("Got Image Import Descriptor"); while (!Interop.IsBadReadPtr((void*)pIID->OriginalFirstThunk, (uint)size)) { try { char* szName = (char*)(BaseAddress + pIID->Name); string name = Marshal.PtrToStringAnsi((IntPtr)szName); Console.WriteLine("pIID->Name = {0} BaseAddress - {1}", name, (uint)BaseAddress); THUNK_DATA* pThunkOrg = (THUNK_DATA*)(BaseAddress + pIID->OriginalFirstThunk); while (!Interop.IsBadReadPtr((void*)pThunkOrg->AddressOfData, 4U)) { char* szImportName; uint Ord; if ((pThunkOrg->Ordinal & 0x80000000) > 0) { Ord = pThunkOrg->Ordinal & 0xffff; Console.WriteLine("imports ({0}).Ordinal{1} - Address: {2}", name, Ord, pThunkOrg->Function); } else { IMAGE_IMPORT_BY_NAME* pIBN = (IMAGE_IMPORT_BY_NAME*)(BaseAddress + pThunkOrg->AddressOfData); if (!Interop.IsBadReadPtr((void*)pIBN, (uint)sizeof(IMAGE_IMPORT_BY_NAME))) { Ord = pIBN->Hint; szImportName = (char*)pIBN->Name; string sImportName = Marshal.PtrToStringAnsi((IntPtr)szImportName); // yes i know i am a lazy ass Console.WriteLine("imports ({0}).{1}@{2} - Address: {3}", name, sImportName, Ord, pThunkOrg->Function); } else { Console.WriteLine("Bad ReadPtr Detected or EOF on Imports"); break; } } pThunkOrg++; } } catch (AccessViolationException e) { Console.WriteLine("An Access violation occured\n" + "this seems to suggest the end of the imports section\n"); Console.WriteLine(e); } pIID++; } } } } } Console.WriteLine("Press Any Key To Continue......"); Console.ReadKey(); } }

Developer IT