private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service
// whether it can determine if the image is packed, and if so
// provide us with an image loader that knows how to do unpacking.
var loaderSvc = services.RequireService <IUnpackerService>();
uint?e_lfanew = LoadLfaToNewHeader();
if (e_lfanew.HasValue)
{
// It seems this file could have a new header.
if (IsPortableExecutable(e_lfanew.Value))
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew.Value);
uint peEntryPointOffset = peLdr.ReadEntryPointRva();
return(loaderSvc.FindUnpackerBySignature(peLdr, peEntryPointOffset));
}
else if (IsNewExecutable(e_lfanew.Value))
{
// http://support.microsoft.com/kb/65122
var neLdr = new NeImageLoader(services, Filename, base.RawImage, e_lfanew.Value);
return(neLdr);
}
}
// Fall back to loading real-mode MS-DOS program.
var msdosLoader = new MsdosImageLoader(this);
var msdosEntryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
return(loaderSvc.FindUnpackerBySignature(msdosLoader, (uint)msdosEntryPointOffset));
}
private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service whether
// it can determine if the image is packed, and if so provide us with an
// image loader that knows how to do unpacking.
var loaderSvc = services.RequireService <IUnpackerService>();
if (IsPortableExecutable)
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew);
uint entryPointOffset = peLdr.ReadEntryPointRva();
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, entryPointOffset);
if (unpacker != null)
{
return(unpacker);
}
return(peLdr);
}
else if (IsNewExecutable)
{
// http://support.microsoft.com/kb/65122
var neLdr = new NeImageLoader(services, Filename, base.RawImage, e_lfanew);
return(neLdr);
}
else
{
var entryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, (uint)entryPointOffset);
if (unpacker != null)
{
return(unpacker);
}
return(new MsdosImageLoader(services, Filename, this));
}
}
private ImageLoader CreateDeferredLoader()
{
// The image may have been packed. We ask the unpacker service whether
// it can determine if the image is packed, and if so provide us with an
// image loader that knows how to do unpacking.
var loaderSvc = services.RequireService<IUnpackerService>();
if (IsPortableExecutable)
{
var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew);
uint entryPointOffset = peLdr.ReadEntryPointRva();
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, entryPointOffset);
if (unpacker != null)
return unpacker;
return peLdr;
}
else if (IsNewExecutable)
{
// http://support.microsoft.com/kb/65122
var neLdr = new NeImageLoader(services, Filename, base.RawImage, e_lfanew);
return neLdr;
}
else
{
var entryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, (uint) entryPointOffset);
if (unpacker != null)
return unpacker;
return new MsdosImageLoader(services, Filename, this);
}
}