public override AnalysisApplicability CanAnalyze(BinaryAnalyzerContext context, out string reasonForNotAnalyzing)
{
PE portableExecutable = context.PE;
AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget;
reasonForNotAnalyzing = MetadataConditions.ImageIsKernelModeBinary;
if (portableExecutable.IsKernelMode)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsXBoxBinary;
if (portableExecutable.IsXBox)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsPreVersion7WindowsCEBinary;
if (OSVersions.IsWindowsCEPriorToV7(portableExecutable))
{
return(result);
}
return(AnalysisApplicability.ApplicableToSpecifiedTarget);
}
public override AnalysisApplicability CanAnalyzePE(PEBinary target, PropertiesDictionary policy, out string reasonForNotAnalyzing)
{
PE portableExecutable = target.PE;
AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget;
reasonForNotAnalyzing = MetadataConditions.ImageIsKernelModeBinary;
if (portableExecutable.IsKernelMode)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsXBoxBinary;
if (portableExecutable.IsXBox)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsPreVersion7WindowsCEBinary;
if (OSVersions.IsWindowsCEPriorToV7(portableExecutable))
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsBootBinary;
if (portableExecutable.IsBoot)
{
return(result);
}
reasonForNotAnalyzing = null;
return(AnalysisApplicability.ApplicableToSpecifiedTarget);
}
public override AnalysisApplicability CanAnalyze(BinaryAnalyzerContext context, out string reasonForNotAnalyzing)
{
PE portableExecutable = context.PE;
AnalysisApplicability result = AnalysisApplicability.NotApplicableToSpecifiedTarget;
reasonForNotAnalyzing = MetadataConditions.ImageIs64BitBinary;
if (context.PE.PEHeaders.PEHeader.Magic == PEMagic.PE32Plus)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsKernelModeBinary;
if (portableExecutable.IsKernelMode)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsXBoxBinary;
if (portableExecutable.IsXBox)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsResourceOnlyBinary;
if (portableExecutable.IsResourceOnly)
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsPreVersion7WindowsCEBinary;
if (OSVersions.IsWindowsCEPriorToV7(portableExecutable))
{
return(result);
}
reasonForNotAnalyzing = MetadataConditions.ImageIsBootBinary;
if (portableExecutable.IsBoot)
{
return(result);
}
reasonForNotAnalyzing = null;
return(AnalysisApplicability.ApplicableToSpecifiedTarget);
}
