mikehadlow / asmspy Goto Github PK
View Code? Open in Web Editor NEWSimple command line assembly reference checker
License: MIT License
Simple command line assembly reference checker
License: MIT License
I wasted a good few minutes trying to understand why I wasn't getting a DGML graph even though I asked for one, until I realized I passed in "--dmgl" instead of "--dgml".
In my case, my console windows default to ConsoleColor.Gray or ConsoleColor.Red, if I have elevated permissions.
This causes the text after the Version number "by " (in italics below) to be invisible:
Reference: JetBrains.Annotations, Version=2020.3.0.0, Culture=neutral, PublicKeyToken=1010a0d8d6380325
JetBrains.Annotations, Version=2020.3.0.0, Culture=neutral, PublicKeyToken=1010a0d8d6380325
Source: Local, Location: C:\dropbox\2018.11\AOD\ConsoleHelpers\lib\net40\JetBrains.Annotations.dll
2020.3.0.0 by >>> AOD.Common, Version=2020.12.30.29793, Culture=neutral, PublicKeyToken=null <<< This is invisible !!
The simplest suggested fix is to set the colors to the expected defaults, like so:
public ConsoleLogger(bool showMessages)
{
_showMessages = showMessages;
Console.ForegroundColor = ConsoleColor.White;
Console.BackgroundColor = ConsoleColor.Black;
Console.Clear();
}
I may not have picked the best place for this, but it worked for me.
The more general approach is to always set FG & BG colors, to avoid FG == BG.
There is also an issue with using Console.ResetColor(), since this reverts back to my default colors. The result is some empty grey lines in the output. It can be removed from ConsoleVisualizer.Visualize().
The usage statement currently says:
Console.WriteLine("AsmSpy <directory to load assemblies from> [all]");
It should include the nonsystem argument:
Console.WriteLine("AsmSpy <directory to load assemblies from> [all|nonsystem]");
It'd also be nice to add /? -? -help --help parameter handling. The app respsonds with "Directory: '/? ' does not exist" which is annoying when it doesn't occur to me (maybe others) to run AsmSpy without parameters.
Further niceness could be achieved by making the parameters a bit more standard, /a, /n, /all, /nonsystem. That'd make argument order irrelevant.
I have a solution with hundreds of projects. and I can not see any references because the cmd limits the result.
When calling ".\AsmSpy.exe mydirectory" i got first a list of found references but it ends with an exception.
:
:
Found reference PresentationCore 4.0.0.0
Found reference PresentationFramework 4.0.0.0
Found reference System 4.0.0.0
Found reference System.ComponentModel.Composition 4.0.0.0
Found reference System.Configuration 4.0.0.0
Found reference System.Core 4.0.0.0
Found reference System.Data 4.0.0.0
Found reference System.Drawing 4.0.0.0
Found reference System.IO.Compression.FileSystem 0.0.0.0
Found reference System.Management 4.0.0.0
Found reference System.Messaging 4.0.0.0
Found reference System.Net 2.0.5.0
Found reference System.Numerics 0.0.0.0
Found reference System.Runtime.Remoting 2.0.0.0
Found reference System.Runtime.Serialization 4.0.0.0
Found reference System.ServiceModel 4.0.0.0
Found reference System.ServiceModel.Discovery 4.0.0.0
Found reference System.Threading.Tasks.Dataflow 4.5.24.0
System.InvalidOperationException: Sequence contains more than one element
at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)
at AsmSpy.Core.DependencyAnalyzer.ResolveNonFileReferences(DependencyAnalyzerResult result, ILogger logger)
at AsmSpy.Core.DependencyAnalyzer.Analyze(IEnumerable`1 files, AppDomain appDomainWithBindingRedirects, ILogger logger, VisualizerOptions options, String rootFileName)
at AsmSpy.CommandLine.Program.<>c__DisplayClass0_2.<Main>b__5(AppDomain appDomain)
at AsmSpy.Core.ResultExtensions.<>c__DisplayClass1_0`2.<Map>b__0(A x)
at AsmSpy.Core.ResultExtensions.Bind[A,B](Result`1 a, Func`2 func)
at AsmSpy.Core.ResultExtensions.Map[A,B](Result`1 a, Func`2 func)
at AsmSpy.CommandLine.Program.<>c__DisplayClass0_1.<Main>b__1(ValueTuple`2 x)
at AsmSpy.Core.ResultExtensions.Bind[A,B](Result`1 a, Func`2 func)
at AsmSpy.CommandLine.Program.<>c__DisplayClass0_0.<Main>b__0()
Sorry, that I can't post the assemblies, but that's enterprise code. It's a .NET Framework 4.6.1 application with including a WPF ui.
AsmSpy Version: 1.3.131
Hey, thanks for a great tool.
What do you typically do when the tool reports assemblies from GAC? I see two types of assemblies reported: system (which you can hide w/ -n switch) and non-system.
I guess I could try to install the non-system ones from NuGet instead, which will make it easier to deploy and to configure a new dev box (I won't have to install some SDKs).
Am I right that there is nothing you can do about the system ones and they are outputted just for the sake of completeness?
As it stands now, the reference versions are incorrect:
It says that the 3 Fms libraries are referencing log4net 1.0.0.0
, and SuperSocket is referencing log4net 1.6.6.0
. This is incorrect - the version being shown is the version of the referencing assembly, not the referenced assembly.
In a very old build of AsmSpy I found, the versions are displayed correctly:
I assume this is a bug. If it's intended - it's very confusing, especially because it explicitly says "by".
As a side note, I'm not sure whether or not splitting the dependencies into 2 separate entries for 2 separate versions is a good decision, it seemed much clearer in the old version when they were clumped together.
UPDATE: Stared fixing it. Will have a pull request soon
Fixed both grouping of assemblies, as well as version numbers. The colors make sense now also. Very easy to distinguish different versions of same assembly now. The colored line with assembly information is there just to show the culture
and PublicKeyToken
. It can be removed, I just thought that knowing the PublicKeyToken
could be useful.
UPDATE 3: Made a pull request
Sorry for creating this issue - but I feel I have to ๐ณ
I've done a few small changes meanwhile on AsmSpy and every time I change something I'm unsure if those changes might affect someone in a negativ way or even bring a breaking change in.
I tried my best testing everything manually as good as possible, but ultimately I (and probably others) mostly test if changes they need themselves work as expected. I.e. I'm not using the exports and thus am not testing those too much.
I guess the only solution to this is to have a solid UnitTest suite which covers atleast the major things.
Even a small integration test suite might do wonders, like testing validating the whole output or checking the overall exit code of the tool.
(I'm not having the time right now to work on this, but thought it might be a good thing to have it looked. Possibly some other community member can work on this?)
Trying to download AsmSpy from the .zip file link in the readme gives this error:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>3FBF23EBEEBF43B4</RequestId>
<HostId>
kVcmAvNEFGKux9pr0Hr1IbPuAyQSvag+gD2f44cTam3KDFR0u8f4Vtil7Rn2KWCfZrP00La87g0=
</HostId>
</Error>
I tried AspSpy with a customer app that was reporting startup errors because of a missing assembly binding redirect. The tool reported a load error for the app executable, but did not report why. From my understanding, finding out why binding/startup errors occur is the main reason why this tool exists.
Hi. How can I make AsmSpy show only "Source: NotFound" problems (as coloured red)? I tried --silent
but that shows yellow "Source: GAC" problems too.
Hi there.
Been looking at the code, and did some changes in my fork where I split out the console specific out into a new project. The idea is to enable the option to add other engines as reporting output - it could be msbuild task, Teamcity task or something similar.
Reason for this is that I think the base code is exactly what I'm looking for, but I need to report while building in Visual studio based on a whitelist (I will add that later)
Also added a new switch to enable filtering on the referenced assemblies in the console reporting.
You can look here -and if you like it I can do a PR
https://github.com/michaelthyregod/AsmSpy
Also consider to maket it 2 nuget packages and upload these to nuget.org - since it is a cool simple little tool with lots of usage scenarios if possible to reference it.
Should you be interrested I can also add build output task with ilMerge that merges the base assembly into the console output exe file - so it is still only 1 exe file as output.
In FileInfoExtensions.IsAssembly
there is a check for minimum lenth: if (fileInfo.Length < 4096)
. For symbolic links the Length property returns 0 (and this seems to be by design). This causes symbolic links to valid assemblies to be skipped during analysis.
Right now there are options (in my case specifically referencedStartsWith
) which are are only considered when generating the output.
This has two major drawbacks:
My specific problem:
There is the option failOnMissing
which makes sure that AsmSpy exits with a negativ exit code when assembly problems could be identified.
This exit-code is generated based on the analyzation-result.
However the analyzer does not honor referencedStartsWith
and has all references available - even those which should be ignored. This ultimately ends in a situation, where the visualizer shows no problems but the tool exits with exit-code -1
.
I'd happily provide a PR on whatever we identify as a solution for this, which is probably one of the following:
referencedStartsWith
on it's own (meaning it pretty much does the same as all the visualizers do already)AssemblySource
is extended with an Ignored
value which can than be evaluated by others.I think the same might also be true for the SkipSystem
option.
The OnlyConflicts
on the other hand is something I'd keep on the visualizer, because this option actually only configures, how the result should look like - it does not change the behavior in itself.
Comments, ideas? :-)
// Edit: My personal preference is 2)
For an executable that references a custom strong-named assembly that is only available in an incorrect version, report the reference.
Zip file was found here: https://ci.appveyor.com/project/rahulpnath/asmspy/branch/master/artifacts
The zip file version crashes (stack trace) when it cannot find the expected version of a dependent assembly in the folder specified. The Chocolatey (and source) versions handle this as expected. IMO there is no reason to debug this since it has already been fixed. Just update the zip file.
Exe details:
(I renamed my copy so that I could run them side by side.)
The Chocolatey version details:
and
Also the readme.md sample output does not show the latest improvements in the output.
Can we have a quick definition of the logging colours, maybe in the README.md?
i.e.:
It looks a bit confusing at the moment (except green..).
I'm trying to use AsmSpy against a working application. I get Failed to Load Assembly on every dll.
C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\ClinicalWorkflow\ClinicalModel\Web
\bin>asmspy .
Check assemblies in:
C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\ClinicalWorkflow\ClinicalModel\Web
\bin
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\ActiveDirectoryAuthentication.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\ClinicalModel.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\LegacyDataManager.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\LegacyWcfServiceContracts.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\MaintenanceWeb.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\MemoryCache.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Newtonsoft.Json.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\NLog.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.DataAccess.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Legacy.CoreService.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Legacy.ExamService.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.ADUtilitiesLegacy.exe'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.AuthorizationContract.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.Cryptography.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.TicketingDataAccess.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.Web.Configuration.dll'
Failed to load assembly: 'C:\Users\robert.bratton\Downloads\FFIReporting-3.5.0.918-BETA USE ONLY\www\production\Clinical
Workflow\ClinicalModel\Web\bin\Poiesis.ClinicalModel.Security.WebAppModule.dll'
Detailing only conflicting assembly references.
Here are the DLLs in the folder:
ActiveDirectoryAuthentication.dll
ClinicalModel.dll
LegacyDataManager.dll
LegacyWcfServiceContracts.dll
MaintenanceWeb.dll
MemoryCache.dll
Newtonsoft.Json.dll
NLog.dll
Poiesis.ClinicalModel.DataAccess.dll
Poiesis.ClinicalModel.Legacy.CoreService.dll
Poiesis.ClinicalModel.Legacy.ExamService.dll
Poiesis.ClinicalModel.Security.AuthorizationContract.dll
Poiesis.ClinicalModel.Security.Cryptography.dll
Poiesis.ClinicalModel.Security.TicketingDataAccess.dll
Poiesis.ClinicalModel.Security.Web.Configuration.dll
Poiesis.ClinicalModel.Security.WebAppModule.dll
AsmSpy does not yield useful results when run in a binaries folder of a .NET Core deployment. Is this use case on your backlog? Ideally it will incorporate the runtime's shared assemblies and exclude assemblies in the GAC.
having an end project with loads of references makes it hard to debug in console. Is there a way to log to file?
We are using AsmSpy as part of our build process to make sure we didn't miss out adding important references.
One thing we often run into is version mismatches which we actually fixed using bindingRedirects, but AsmSpy is still reporting them.
Is it possible to extend AsmSpy to honor bindingRedirects?
Would be nice if there was an option to output the report as structured data such as XML. That way it would be easier to post-process the report.
If this is something that you would find useful, I would be happy to contribute a pull request for this.
Hi,
this time before sending any code changes I wanted to discuss the situation and get a clear view.
When an assembly is not StrongNamed and exists in another version than is requested by another assembly, the assembly is still loaded in .NET.
assemblyBindings
do not apply, as this is only available for strong named assemblies.
So, while a project might actually have problems running (because of incompatible version combinations), from a assembly loading perspective, everything is "fine".
End of last year there was the following commit: f60398a
While the main intention of the commit was to introduce a ConsoleTreeVisualizer it also contains changes for AlternativeFoundVersion
. These alternative versions are actually reported as warnings while the assemblies are "searched". However later on in the process, the normal ConsoleVisualizer
doesn't care about those version mismatches and just reports a missing assembly.
So long story short: I think, AsmSpy should actually only report warnings for version mismatches (if we are not talking StrongNamed assemblies).
However this would be kind of a breaking change to the current implementation?
My recommandations would be:
Regards,
Philipp
This would make it possible to analyze/print which assemblies could not be bound.
Can you add an option where I can pass a single DLL file instead of a complete directory?
Use case is having a large project with a lot of DLLs and I already know what DLL has a problem (e.g. missing dependency).
As of today, Windows Defender detects Trojan:Win32/Spursint.F!cl
in the .zip, and prevents unpacking the zip file.
I downloaded asmpsy.1.3.131.zip
from the page linked in the readme.
I would like to build a dependency graph of our application, and the system assemblies are cluttering it.
When visualizing the graph in the command line, the --nonsystem option is respected, but when exporting to DGML it is ignored.
Hi,
There's no zip archive on https://ci.appveyor.com/project/rahulpnath/asmspy/branch/master/artifacts
Possibly, because of AppVeyor's 6 months retention policy
Hi,
I have a lot of assemblies referenced and the command prompt only shows the first X lines. How about output to file? This should work:
AsmSpy D:\Source\sutekishop\Suteki.Shop\Suteki.Shop\bin sometxtfile.txt
but doesn't (http://pcsupport.about.com/od/commandlinereference/a/redirect-command-output-to-file.htm).
Also, I have spaces in my path to the bin file. I'm guessing you replaced spaces with a dot right? Looking to your example path: AsmSpy D:\Source\sutekishop\Suteki.Shop\Suteki.Shop\bin
, and the same path style in the command prompt which you get to see after you failed how to use it, also contains dots over spaces: AsmSpy C:\Source\My.Solution\My.Project\bin\Debug
I'm asking this because I was trying out the 'all' switch which i got from the readme file: https://github.com/mikehadlow/AsmSpy.
The switch didn't work, it just keeps telling me how to use it.
Can you tell me how to fix this? FIPS is enabled on my PC (I cannot disable it).
13>Wix project file has been built: C:\GitResource\ILSpy\ILSpy.Installer\ILSpy.wxs
13>
13>candle.exe : error CNDL0308: The Federal Information Processing Standard (FIPS) appears to be enabled on the machine. You must either disable FIPS or use FIPS-compliant security algorithms to generate IDs by passing the -fips command-line switch or by setting true in your .wixproj project.
Self explanatory title
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.