private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service
// whether it can determine if the image is packed, and if so
// provide us with an image loader that knows how to do unpacking.
var loaderSvc = services.RequireService <IUnpackerService>();
uint?e_lfanew = LoadLfaToNewHeader();
if (e_lfanew.HasValue)
{
// It seems this file could have a new header.
if (IsPortableExecutable(e_lfanew.Value))
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew.Value);
uint peEntryPointOffset = peLdr.ReadEntryPointRva();
return(loaderSvc.FindUnpackerBySignature(peLdr, peEntryPointOffset));
}
else if (IsNewExecutable(e_lfanew.Value))
{
// http://support.microsoft.com/kb/65122
var neLdr = new NeImageLoader(services, Filename, base.RawImage, e_lfanew.Value);
return(neLdr);
}
}
// Fall back to loading real-mode MS-DOS program.
var msdosLoader = new MsdosImageLoader(this);
var msdosEntryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
return(loaderSvc.FindUnpackerBySignature(msdosLoader, (uint)msdosEntryPointOffset));
}
private void emulatorToolStripMenuItem_Click(object sender, EventArgs e)
{
var sc = new ServiceContainer();
var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open);
var size = fs.Length;
var abImage = new byte[size];
fs.Read(abImage, 0, (int) size);
var exe = new ExeImageLoader(sc, "foolexe", abImage);
var peLdr = new PeImageLoader(sc, "foo.exe" ,abImage, exe.e_lfanew);
var addr = peLdr.PreferredBaseAddress;
var program = peLdr.Load(addr);
var rr = peLdr.Relocate(program, addr);
var win32 = new Win32Emulator(program.Image, program.Platform, program.ImportReferences);
var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.Image, win32);
emu.InstructionPointer = rr.EntryPoints[0].Address;
emu.ExceptionRaised += delegate { throw new Exception(); };
emu.WriteRegister(Registers.esp, (uint) peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC);
emu.Start();
}
private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service whether
// it can determine if the image is packed, and if so provide us with an
// image loader that knows how to do unpacking.
var loaderSvc = services.RequireService <IUnpackerService>();
if (IsPortableExecutable)
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew);
uint entryPointOffset = peLdr.ReadEntryPointRva();
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, entryPointOffset);
if (unpacker != null)
{
return(unpacker);
}
return(peLdr);
}
else if (IsNewExecutable)
{
// http://support.microsoft.com/kb/65122
var neLdr = new NeImageLoader(services, Filename, base.RawImage, e_lfanew);
return(neLdr);
}
else
{
var entryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, (uint)entryPointOffset);
if (unpacker != null)
{
return(unpacker);
}
return(new MsdosImageLoader(services, Filename, this));
}
}
private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service whether
// it can determine if the image is packed, and if so provide us with an
// image loader that knows how to do unpacking.
var loaderSvc = services.RequireService<IUnpackerService>();
if (IsPortableExecutable)
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew);
uint entryPointOffset = peLdr.ReadEntryPointRva();
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, entryPointOffset);
if (unpacker != null)
return unpacker;
return peLdr;
}
else if (IsNewExecutable)
{
// http://support.microsoft.com/kb/65122
throw new NotImplementedException("NE executable loading not implemented.");
}
else
{
var entryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, (uint) entryPointOffset);
if (unpacker != null)
return unpacker;
return new MsdosImageLoader(services, Filename, this);
}
}
private void Given_PeLoader()
{
peldr = new PeImageLoader(sc, "test.exe", fileImage, RvaPeHdr);
}
public virtual PeImageLoader CreatePeImageLoader()
{
ExeImageLoader mz = new ExeImageLoader(Services, Filename, RawImage);
PeImageLoader pe = new PeImageLoader(Services, Filename, RawImage, mz.e_lfanew);
return pe;
}
public Pe64Loader(PeImageLoader outer) : base(outer) {}
public SizeSpecificLoader(PeImageLoader outer)
{
this.outer = outer;
}
public Pe64Loader(PeImageLoader outer) : base(outer)
{
}
public SizeSpecificLoader(PeImageLoader outer)
{
this.outer = outer;
}
