Exemplo n.º 1
0
 public virtual PeImageLoader CreatePeImageLoader()
 {
     ExeImageLoader mz = new ExeImageLoader(Services, Filename, RawImage);
     PeImageLoader pe = new PeImageLoader(Services, Filename, RawImage, mz.e_lfanew);
     return pe;
 }
Exemplo n.º 2
0
        private ImageLoader CreateDeferredLoader()
        {
            // The image may have been packed. We ask the unpacker service whether
            // it can determine if the image is packed, and if so provide us with an
            // image loader that knows how to do unpacking.

            var loaderSvc = services.RequireService<IUnpackerService>();
            if (IsPortableExecutable)
            {
                var peLdr = new PeImageLoader(services, Filename, base.RawImage, e_lfanew);
                uint entryPointOffset = peLdr.ReadEntryPointRva();

                var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, entryPointOffset);
                if (unpacker != null)
                    return unpacker;
                return peLdr;
            }
            else if (IsNewExecutable)
            {
                // http://support.microsoft.com/kb/65122
                throw new NotImplementedException("NE executable loading not implemented.");
            }
            else
            {
                var entryPointOffset = (((e_cparHeader + e_cs) << 4) + e_ip) & 0xFFFFF;
                var unpacker = loaderSvc.FindUnpackerBySignature(Filename, base.RawImage, (uint) entryPointOffset);
                if (unpacker != null)
                    return unpacker;
                return new MsdosImageLoader(services, Filename, this);
            }
        }
Exemplo n.º 3
0
 public Pe64Loader(PeImageLoader outer) : base(outer) {}
Exemplo n.º 4
0
 public SizeSpecificLoader(PeImageLoader outer)
 {
     this.outer = outer;
 }
Exemplo n.º 5
0
 private void Given_PeLoader()
 {
     peldr = new PeImageLoader(null, "test.exe", fileImage, RvaPeHdr);
 }
Exemplo n.º 6
0
 private void emulatorToolStripMenuItem_Click(object sender, EventArgs e)
 {
     var sc = new ServiceContainer();
     var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open);
     var size = fs.Length;
     var abImage = new byte[size];
     fs.Read(abImage, 0, (int) size);
     var exe = new ExeImageLoader(sc, "foolexe", abImage);
     var peLdr = new PeImageLoader(sc, "foo.exe" ,abImage, exe.e_lfanew); 
     var addr = peLdr.PreferredBaseAddress;
     var program = peLdr.Load(addr);
     var rr = peLdr.Relocate(addr);
     var win32 = new Win32Emulator(program.Image, program.Platform, program.ImportReferences);
     var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.Image, win32);
     emu.InstructionPointer = rr.EntryPoints[0].Address;
     emu.ExceptionRaised += delegate { throw new Exception(); };
     emu.WriteRegister(Registers.esp, (uint) peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC);
     emu.Start();
 }