public override Program Load(Address addrLoad)
{
// First load the file as a PE Executable. This gives us a (writeable) image and
// the packed entry point.
var pe = CreatePeImageLoader();
var program = pe.Load(pe.PreferredBaseAddress);
var rr = pe.Relocate(pe.PreferredBaseAddress);
this.Image = program.Image;
this.ImageMap = program.ImageMap;
this.Architecture = (IntelArchitecture)program.Architecture;
var win32 = new Win32Emulator(program.Image, program.Platform, program.ImportReferences);
var state = (X86State)program.Architecture.CreateProcessorState();
var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.Image, win32);
this.debugger = new Debugger(emu);
this.scriptInterpreter = new OllyLang();
this.scriptInterpreter.Host = new Host(this);
this.scriptInterpreter.Debugger = this.debugger;
emu.InstructionPointer = rr.EntryPoints[0].Address;
emu.WriteRegister(Registers.esp, (uint)Image.BaseAddress.ToLinear() + 0x1000 - 4u);
emu.BeforeStart += emu_BeforeStart;
emu.ExceptionRaised += emu_ExceptionRaised;
// Load the script.
LoadScript(Argument, scriptInterpreter.script);
emu.Start();
foreach (var ic in win32.InterceptedCalls)
{
program.InterceptedCalls.Add(Address.Ptr32(ic.Key), ic.Value);
}
return program;
}
private void Given_Code(Action<X86Assembler> coder)
{
var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List<EntryPoint>());
coder(asm);
var program = asm.GetImage();
this.image = program.Image;
Given_Platform();
var win32 = new Win32Emulator(image, platform, importReferences);
emu = new X86Emulator(arch, program.Image, win32);
emu.InstructionPointer = program.Image.BaseAddress;
emu.WriteRegister(Registers.esp, (uint)program.Image.BaseAddress.ToLinear() + 0x0FFC);
emu.ExceptionRaised += delegate { throw new Exception(); };
}
private void Given_Code(Action<X86Assembler> coder)
{
var asm = new X86Assembler(sc, new DefaultPlatform(sc, arch), Address.Ptr32(0x00100000), new List<ImageSymbol>());
coder(asm);
var program = asm.GetImage();
this.segmentMap = program.SegmentMap;
Given_Platform();
var win32 = new Win32Emulator(program.SegmentMap, platform, importReferences);
emu = new X86Emulator(arch, program.SegmentMap, win32);
emu.InstructionPointer = program.ImageMap.BaseAddress;
emu.WriteRegister(Registers.esp, (uint)program.ImageMap.BaseAddress.ToLinear() + 0x0FFC);
emu.ExceptionRaised += delegate { throw new Exception(); };
}
private void emulatorToolStripMenuItem_Click(object sender, EventArgs e)
{
var sc = new ServiceContainer();
var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open);
var size = fs.Length;
var abImage = new byte[size];
fs.Read(abImage, 0, (int) size);
var exe = new ExeImageLoader(sc, "foolexe", abImage);
var peLdr = new PeImageLoader(sc, "foo.exe" ,abImage, exe.e_lfanew);
var addr = peLdr.PreferredBaseAddress;
var program = peLdr.Load(addr);
var rr = peLdr.Relocate(program, addr);
var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences);
var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.SegmentMap, win32);
emu.InstructionPointer = rr.EntryPoints[0].Address;
emu.ExceptionRaised += delegate { throw new Exception(); };
emu.WriteRegister(Registers.esp, (uint) peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC);
emu.Start();
}
public Debugger(X86Emulator emu)
{
this.emu = emu;
}