This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of ".Net Assembly Analyzer"

From OWASP
Jump to: navigation, search
 
Line 106: Line 106:
 
         [XmlAttribute()] public string Name;
 
         [XmlAttribute()] public string Name;
 
     }
 
     }
}
+
}
 +
 
 +
 
 +
== Output Sample==
 +
 
 +
The output is a serialized version of the populated AssemblyRawData object
 +
 
 +
<?xml version="1.0"?>
 +
<AssemblyRawData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
 +
  <aAssemblies>
 +
    <aAssembly Name="AssemblyAnalyzer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">
 +
      <strAttributes>
 +
        <string>System.Reflection.AssemblyConfigurationAttribute</string>
 +
        <string>System.Reflection.AssemblyTitleAttribute</string>
 +
        <string>System.Reflection.AssemblyCompanyAttribute</string>
 +
        <string>System.Reflection.AssemblyFileVersionAttribute</string>
 +
        <string>System.Reflection.AssemblyProductAttribute</string>
 +
        <string>System.Diagnostics.DebuggableAttribute</string>
 +
        <string>System.Runtime.CompilerServices.CompilationRelaxationsAttribute</string>
 +
        <string>System.Runtime.CompilerServices.RuntimeCompatibilityAttribute</string>
 +
        <string>System.Reflection.AssemblyDescriptionAttribute</string>
 +
        <string>System.Runtime.InteropServices.GuidAttribute</string>
 +
        <string>System.Runtime.InteropServices.ComVisibleAttribute</string>
 +
        <string>System.Reflection.AssemblyTrademarkAttribute</string>
 +
        <string>System.Reflection.AssemblyCopyrightAttribute</string>
 +
      </strAttributes>
 +
      <mModules>
 +
        <mModule Name="AssemblyAnalyzer.exe">
 +
          <FullyQualifiedName>F:\_Research\_MS session in Seattle\AssemblyAnalyzer\bin\AssemblyAnalyzer.exe</FullyQualifiedName>
 +
          <tTypes>
 +
            <tType FullName="Owasp.AssemblyAnalyzer.Properties.Resources" Name="Resources" Namespace="Owasp.AssemblyAnalyzer.Properties" bIsAbstract="false" bIsAnsiClass="true" bIsArray="false" bIsAutoClass="false" bIsAutoLayout="true" bIsByRef="false" bIsClass="true" bIsCOMObject="false" bIsContextful="false" bIsEnum="false" bIsExplicitLayout="false" bIsGenericParameter="false" bIsGenericType="false" bIsGenericTypeDefinition="false" bIsImport="false" bIsInterface="false" bIsLayoutSequential="false" bIsMarshalByRef="false" bIsNested="false" bIsNestedAssembly="false" bIsNestedFamily="false" bIsNestedPrivate="false" bIsNestedPublic="false" bIsNotPublic="true" bIsPointer="false" bIsPrimitive="false" bIsPublic="false" bIsSealed="false" bIsSerializable="false" bIsSpecialName="false" bIsUnicodeClass="false" bIsValueType="false" bIsVisible="false">
 +
              <strTypeAttributes>AutoLayout, AnsiClass, Class, BeforeFieldInit</strTypeAttributes>
 +
              <strAttributes>
 +
                <string>System.Diagnostics.DebuggerNonUserCodeAttribute</string>
 +
                <string>System.Runtime.CompilerServices.CompilerGeneratedAttribute</string>
 +
                <string>System.CodeDom.Compiler.GeneratedCodeAttribute</string>
 +
              </strAttributes>
 +
              <mMethods>
 +
                <mMethod Name="GetType" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="false">
 +
                  <strCalls />
 +
                  <strUsedBy />
 +
                </mMethod>
 +
                <mMethod Name="ToString" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
 +
                  <strCalls />
 +
                  <strUsedBy />
 +
                </mMethod>
 +
                <mMethod Name="Equals" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
 +
                  <strCalls />
 +
                  <strUsedBy />
 +
                </mMethod>
 +
                <mMethod Name="GetHashCode" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
 +
                  <strCalls />
 +
                  <strUsedBy />
 +
                </mMethod>
 +
              </mMethods>
 +
              <fFields />
 +
              <pProperties />
 +
            </tType>
 +
            <tType FullName="Owasp.AssemblyAnalyzer.utils.serialization" Name="serialization" Namespace="Owasp.AssemblyAnalyzer.utils" bIsAbstract="false" bIsAnsiClass="true" bIsArray="false" bIsAutoClass="false" bIsAutoLayout="true" bIsByRef="false" bIsClass="true" bIsCOMObject="false" bIsContextful="false" bIsEnum="false" bIsExplicitLayout="false" bIsGenericParameter="false" bIsGenericType="false" bIsGenericTypeDefinition="false" bIsImport="false" bIsInterface="false" bIsLayoutSequential="false" bIsMarshalByRef="false" bIsNested="false" bIsNestedAssembly="false" bIsNestedFamily="false" bIsNestedPrivate="false" bIsNestedPublic="false" bIsNotPublic="true" bIsPointer="false" bIsPrimitive="false" bIsPublic="false" bIsSealed="false" bIsSerializable="false" bIsSpecialName="false" bIsUnicodeClass="false" bIsValueType="false" bIsVisible="false">
 +
              <strTypeAttributes>AutoLayout, AnsiClass, Class, BeforeFieldInit</strTypeAttributes>
 +
              <strAttributes />
 +
              <mMethods>
 +
                <mMethod Name="returnStringOfSerializedObject" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="true" bIsVirtual="false">
 +
                  <strCalls>
 +
                    <string>System.Object.GetType</string>
 +
                    <string>System.Xml.Serialization.XmlSerializer..ctor</string>
 +
                    <string>System.Object.GetType</string>
 +
                    <string>System.Xml.Serialization.XmlSerializer..ctor</string>
 +
                    <string>System.IO.MemoryStream..ctor</string>
 +
                    <string>System.Xml.Serialization.XmlSerializer.Serialize</string>
 +
                    <string>System.IO.Stream.Flush</string>
 +
                    <string>System.IO.Stream.set_Position</string>
 +
                    <string>System.IO.Stream.get_Length</string>
 +
                    <string>System.IO.Stream.get_Length</string>
 +
                    <string>System.IO.Stream.Read</string>
 +
                    <string>System.Text.Encoding.get_UTF8</string>
 +
                    <string>System.Text.Encoding.GetString</string>
 +
                  </strCalls>
 +
                  <strUsedBy />
 +
                </mMethod>
 +
                <mMethod Name="returnDeSerializedObjectOfSerializedString" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="true" bIsVirtual="false">
 +
                  <strCalls>
 +
                    <string>System.Xml.Serialization.XmlSerializer..ctor</string>
 +
                    <string>System.Text.Encoding.get_UTF8</string>
 +
                    <string>System.Text.Encoding.GetBytes</string>
 +
                    <string>System.IO.MemoryStream..ctor</string>
 +
                    <string>System.Xml.Serialization.XmlSerializer.Deserialize</string>
 +
                  </strCalls>
 +
                  <strUsedBy />
 +
                </mMethod>

Revision as of 06:35, 28 July 2006

.Net Assembly Analyzer is a tool that uses reflection to analyze .Net (i.e. MSIL) code.

Download

You can download the current version from here File:AssemblyAnalyzer v0.2.zip.ppt AssemblyAnalyzer v0.2.zip.ppt (remove the .ppt to unzip)

Info

The current version takes an assembly and creates an XML file containg the following information 

namespace Owasp.AssemblyAnalyzer
{
   [Serializable]
   public class AssemblyRawData
   {        
       public List<aAssembly> aAssemblies = new List<aAssembly>();
   }
   [Serializable]
   public class aAssembly
   {
       [XmlAttribute()] public string Name = "";
       public List<String> strAttributes = new List<String>();
       public List<mModule> mModules = new List<mModule>();
   }
   [Serializable]
   public class mModule
   {
       [XmlAttribute()] public string Name;
       public string FullyQualifiedName;
       public List<tType> tTypes = new List<tType>();
   }
   [Serializable]
   public class tType
   {
       [XmlAttribute()] public string FullName;  
       [XmlAttribute()] public string Name;
       [XmlAttribute()] public string Namespace;        
       [XmlAttribute()] public bool bIsAbstract;
       [XmlAttribute()] public bool bIsAnsiClass;
       [XmlAttribute()] public bool bIsArray;
       [XmlAttribute()] public bool bIsAutoClass;
       [XmlAttribute()] public bool bIsAutoLayout;
       [XmlAttribute()] public bool bIsByRef;
       [XmlAttribute()] public bool bIsClass;
       [XmlAttribute()] public bool bIsCOMObject;
       [XmlAttribute()] public bool bIsContextful;
       [XmlAttribute()] public bool bIsEnum;
       [XmlAttribute()] public bool bIsExplicitLayout;
       [XmlAttribute()] public bool bIsGenericParameter;
       [XmlAttribute()] public bool bIsGenericType;
       [XmlAttribute()] public bool bIsGenericTypeDefinition;
       [XmlAttribute()] public bool bIsImport;
       [XmlAttribute()] public bool bIsInterface;
       [XmlAttribute()] public bool bIsLayoutSequential;
       [XmlAttribute()] public bool bIsMarshalByRef;
       [XmlAttribute()] public bool bIsNested;
       [XmlAttribute()] public bool bIsNestedAssembly;
       [XmlAttribute()] public bool bIsNestedFamily;
       [XmlAttribute()] public bool bIsNestedPrivate;
       [XmlAttribute()] public bool bIsNestedPublic;
       [XmlAttribute()] public bool bIsNotPublic;
       [XmlAttribute()] public bool bIsPointer;
       [XmlAttribute()] public bool bIsPrimitive;
       [XmlAttribute()] public bool bIsPublic;
       [XmlAttribute()] public bool bIsSealed;
       [XmlAttribute()] public bool bIsSerializable;
       [XmlAttribute()] public bool bIsSpecialName;
       [XmlAttribute()] public bool bIsUnicodeClass;
       [XmlAttribute()] public bool bIsValueType;
       [XmlAttribute()] public bool bIsVisible;
       public string strTypeAttributes;
       public List<String> strAttributes = new List<String>();
       public List<mMethod> mMethods = new List<mMethod>();
       public List<fField> fFields = new List<fField>();
       public List<pProperty> pProperties = new List<pProperty>();
   }
   [Serializable]
   public class mMethod
   {
       [XmlAttribute()] public string Name;
       [XmlAttribute()] public bool bIsAbstract;
       [XmlAttribute()] public bool bIsAssembly;
       [XmlAttribute()] public bool bIsConstructor;
       [XmlAttribute()] public bool bIsFamily;
       [XmlAttribute()] public bool bIsFinal;
       [XmlAttribute()] public bool bIsGenericMethod;
       [XmlAttribute()] public bool bIsGenericMethodDefinition;
       [XmlAttribute()] public bool bIsHideBySig;
       [XmlAttribute()] public bool bIsPrivate;
       [XmlAttribute()] public bool bIsPublic;
       [XmlAttribute()] public bool bIsSpecialName;
       [XmlAttribute()] public bool bIsStatic;
       [XmlAttribute()] public bool bIsVirtual;        
       public List<string> strCalls = new List<string>();
       public List<string> strUsedBy = new List<string>();
   }
   [Serializable]
   public class fField
   {
       [XmlAttribute()] public string Name;
   }
   [Serializable]
   public class pProperty
   {
       [XmlAttribute()] public string Name;
   }
}


Output Sample

The output is a serialized version of the populated AssemblyRawData object 

<?xml version="1.0"?>
<AssemblyRawData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
 <aAssemblies>
   <aAssembly Name="AssemblyAnalyzer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null">
     <strAttributes>
       <string>System.Reflection.AssemblyConfigurationAttribute</string>
       <string>System.Reflection.AssemblyTitleAttribute</string>
       <string>System.Reflection.AssemblyCompanyAttribute</string>
       <string>System.Reflection.AssemblyFileVersionAttribute</string>
       <string>System.Reflection.AssemblyProductAttribute</string>
       <string>System.Diagnostics.DebuggableAttribute</string>
       <string>System.Runtime.CompilerServices.CompilationRelaxationsAttribute</string>
       <string>System.Runtime.CompilerServices.RuntimeCompatibilityAttribute</string>
       <string>System.Reflection.AssemblyDescriptionAttribute</string>
       <string>System.Runtime.InteropServices.GuidAttribute</string>
       <string>System.Runtime.InteropServices.ComVisibleAttribute</string>
       <string>System.Reflection.AssemblyTrademarkAttribute</string>
       <string>System.Reflection.AssemblyCopyrightAttribute</string>
     </strAttributes>
     <mModules>
       <mModule Name="AssemblyAnalyzer.exe">
         <FullyQualifiedName>F:\_Research\_MS session in Seattle\AssemblyAnalyzer\bin\AssemblyAnalyzer.exe</FullyQualifiedName>
         <tTypes>
           <tType FullName="Owasp.AssemblyAnalyzer.Properties.Resources" Name="Resources" Namespace="Owasp.AssemblyAnalyzer.Properties" bIsAbstract="false" bIsAnsiClass="true" bIsArray="false" bIsAutoClass="false" bIsAutoLayout="true" bIsByRef="false" bIsClass="true" bIsCOMObject="false" bIsContextful="false" bIsEnum="false" bIsExplicitLayout="false" bIsGenericParameter="false" bIsGenericType="false" bIsGenericTypeDefinition="false" bIsImport="false" bIsInterface="false" bIsLayoutSequential="false" bIsMarshalByRef="false" bIsNested="false" bIsNestedAssembly="false" bIsNestedFamily="false" bIsNestedPrivate="false" bIsNestedPublic="false" bIsNotPublic="true" bIsPointer="false" bIsPrimitive="false" bIsPublic="false" bIsSealed="false" bIsSerializable="false" bIsSpecialName="false" bIsUnicodeClass="false" bIsValueType="false" bIsVisible="false">
             <strTypeAttributes>AutoLayout, AnsiClass, Class, BeforeFieldInit</strTypeAttributes>
             <strAttributes>
               <string>System.Diagnostics.DebuggerNonUserCodeAttribute</string>
               <string>System.Runtime.CompilerServices.CompilerGeneratedAttribute</string>
               <string>System.CodeDom.Compiler.GeneratedCodeAttribute</string>
             </strAttributes>
             <mMethods>
               <mMethod Name="GetType" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="false">
                 <strCalls />
                 <strUsedBy />
               </mMethod>
               <mMethod Name="ToString" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
                 <strCalls />
                 <strUsedBy />
               </mMethod>
               <mMethod Name="Equals" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
                 <strCalls />
                 <strUsedBy />
               </mMethod>
               <mMethod Name="GetHashCode" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="false" bIsVirtual="true">
                 <strCalls />
                 <strUsedBy />
               </mMethod>
             </mMethods>
             <fFields />
             <pProperties />
           </tType>
           <tType FullName="Owasp.AssemblyAnalyzer.utils.serialization" Name="serialization" Namespace="Owasp.AssemblyAnalyzer.utils" bIsAbstract="false" bIsAnsiClass="true" bIsArray="false" bIsAutoClass="false" bIsAutoLayout="true" bIsByRef="false" bIsClass="true" bIsCOMObject="false" bIsContextful="false" bIsEnum="false" bIsExplicitLayout="false" bIsGenericParameter="false" bIsGenericType="false" bIsGenericTypeDefinition="false" bIsImport="false" bIsInterface="false" bIsLayoutSequential="false" bIsMarshalByRef="false" bIsNested="false" bIsNestedAssembly="false" bIsNestedFamily="false" bIsNestedPrivate="false" bIsNestedPublic="false" bIsNotPublic="true" bIsPointer="false" bIsPrimitive="false" bIsPublic="false" bIsSealed="false" bIsSerializable="false" bIsSpecialName="false" bIsUnicodeClass="false" bIsValueType="false" bIsVisible="false">
             <strTypeAttributes>AutoLayout, AnsiClass, Class, BeforeFieldInit</strTypeAttributes>
             <strAttributes />
             <mMethods>
               <mMethod Name="returnStringOfSerializedObject" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="true" bIsVirtual="false">
                 <strCalls>
                   <string>System.Object.GetType</string>
                   <string>System.Xml.Serialization.XmlSerializer..ctor</string>
                   <string>System.Object.GetType</string>
                   <string>System.Xml.Serialization.XmlSerializer..ctor</string>
                   <string>System.IO.MemoryStream..ctor</string>
                   <string>System.Xml.Serialization.XmlSerializer.Serialize</string>
                   <string>System.IO.Stream.Flush</string>
                   <string>System.IO.Stream.set_Position</string>
                   <string>System.IO.Stream.get_Length</string>
                   <string>System.IO.Stream.get_Length</string>
                   <string>System.IO.Stream.Read</string>
                   <string>System.Text.Encoding.get_UTF8</string>
                   <string>System.Text.Encoding.GetString</string>
                 </strCalls>
                 <strUsedBy />
               </mMethod>
               <mMethod Name="returnDeSerializedObjectOfSerializedString" bIsAbstract="false" bIsAssembly="false" bIsConstructor="false" bIsFamily="false" bIsFinal="false" bIsGenericMethod="false" bIsGenericMethodDefinition="false" bIsHideBySig="true" bIsPrivate="false" bIsPublic="true" bIsSpecialName="false" bIsStatic="true" bIsVirtual="false">
                 <strCalls>
                   <string>System.Xml.Serialization.XmlSerializer..ctor</string>
                   <string>System.Text.Encoding.get_UTF8</string>
                   <string>System.Text.Encoding.GetBytes</string>
                   <string>System.IO.MemoryStream..ctor</string>
                   <string>System.Xml.Serialization.XmlSerializer.Deserialize</string>
                 </strCalls>
                 <strUsedBy />
               </mMethod>
Retrieved from "https://wiki.owasp.org/index.php?title=.Net_Assembly_Analyzer&oldid=8317"