Skip to content
/ LibSnitcher Public

Find which libraries/Assembly failed to load for a Portable Executable library, application, or .NET assembly.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FranciscoNabas/LibSnitcher

BranchesTags

Repository files navigation

LibSnitcher

LibSnitcher is a PowerShell module designed to retrieve module dependency information. It easily, and quickly returns the module's entire dependency chain, including if a given module loaded successfully. You can also find which modules didn't load, or bring the whole PE headers.

This module was designed to work with Portable Executables. It's also prepared to work with .NET assemblies. It works by loading the module, reading its PE information, and retrieving referenced assemblies, if applicable.

Installation

This module is available at the PowerShell Gallery.

Install-Module -Name 'LibSnitcher'
Import-Module -Name 'LibSnitcher'

If you clone the repository, run \Tools\Build.ps1, and the output should be at \Release\LibSnitcher

Set-Location "$env:SystemDrive\LibSnitcher"
& '.\Tools\Build.ps1'

Import-Module '.\Release\LibSnitcher\LibSnitcher.psd1'

Cmdlets

Get-PeDependencyChain

This command lists the module's dependency chain. Due to the nature of module dependencies, if a module appears more than once, its dependency chain is brought only once. Subsequent appearances show only module information.
You can also bring unique module information by using the -Unique parameter. This will only bring the first occurrence of a module.
Attention! Using the -Unique parameter might not return all dependencies for a given module.

The -Path parameter accepts a file path, module name, or .NET fully qualified assembly name. The -Depth parameter allows to set the maximum recursion depth. I.E.: depth = 1 will only return the dependencies for the main module.

Get-PeDependencyChain -Path 'C:\Windows\System32\kernel32.dll'
Get-PeDependencyChain -Path 'System.Private.CoreLib, Version=8.0.0.0, Culture=neutral'
Get-PeDependencyChain -Name 'explorer.exe' -Unique
Get-PeDependencyChain -Name 'ntdll.dll' -Depth 1

Get-PeFailedDependency

This command lists the dependencies of a given module that failed to load. The -Path parameter works like the previous command, with file path, module name, or .NET fully qualified name.
The -ClrOnly parameter returns only .NET assemblies that failed to load.

Get-PeFailedDependency -Path 'C:\repos\MyAwesomeProject\MyAwesomeLibrary.dll'
Get-PeFailedDependency -Path 'MyAwesomeLibrary, Version=0.0.0.0, Culture=neutral' -ClrOnly

Get-PeHeaders

This command returns information from the portable executable headers. Although implemented differently, it mimics the System.Reflection.PortableExecutable.PEHeaders, from .NET Core.
The object does not include the DOS header.
The -Path parameter must contain a file path to a valid portable executable.

Get-PeHeaders -Path 'C:\Windows\System32\ntdll.dll'

Credit

This project draws inspiration from the great Dependencies.
The documentation used is available in the Microsoft docs:

PE file format
The 'Assembly' class
The 'PortableExecutable' namespace

About

Find which libraries/Assembly failed to load for a Portable Executable library, application, or .NET assembly.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages