RpcServer.ParsePeFile throw and uncatchable error #53
Description
When I am calling RpcServer.ParsePeFile like that:
string name = @"C:\Windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_10.0.19041.1_none_e690fdc7d17e3f70\System.IdentityModel.dll";
string symbolsPath = @"srv*c:\symbols*http://msdl.microsoft.com/download/symbols";
string dbgHelp = @"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll";
NtApiDotNet.Win32.RpcServer.ParsePeFile(name, dbgHelp , symbolsPath , NtApiDotNet.Win32.RpcServerParserFlags.None);
I am getting the following error:
C:\Windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_10.0.19041.1_none_e690fdc7d17e3f70\System.IdentityModel.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administator or the software vendor for support. Error status: 0xc000012f.
The problem is that I when I tried to use try...catch it doesn't work on these kind of errors.
Any idea how to solve\workaround it?
I noticed that the DLL PE magic starts with DCS which is related to Delta Compression Application.
More reference from this answer.
I think I can workaround it by checking the magic of the file by reading it first before moving it to the function but it might affect the performance a bit.
The problem can also repeat if you run it like that:
rpcFile = @"C:\Windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_10.0.19041.1_none_e690fdc7d17e3f70\System.IdentityModel.dll";
using (var result = SafeLoadLibraryHandle.LoadLibrary(rpcFile, LoadLibraryFlags.DontResolveDllReferences, false))
{
}
I noticed that it won't help to check for MZ as magic file because there are files like:
C:\Windows\winsxs\x86_microsoft-windows-n..nd-syswow64-payload_31bf3856ad364e35_1.0.19041.1_none_beac3411b23832d5\compobj.dll
Which starts with MZ but still have bad image.
Thanks