public override Program Load(Address addrLoad)
{
// First load the file as a PE Executable. This gives us a (writeable) image and
// the packed entry point.
var pe = CreatePeImageLoader();
var program = pe.Load(pe.PreferredBaseAddress);
var rr = pe.Relocate(program, pe.PreferredBaseAddress);
this.ImageMap = program.SegmentMap;
this.Architecture = (IntelArchitecture)program.Architecture;
var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences);
var state = (X86State)program.Architecture.CreateProcessorState();
var emu = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32);
this.debugger = new Debugger(emu);
this.scriptInterpreter = new OllyLang(Services);
this.scriptInterpreter.Host = new Host(this, program.SegmentMap);
this.scriptInterpreter.Debugger = this.debugger;
emu.InstructionPointer = rr.EntryPoints[0].Address;
emu.BeforeStart += emu_BeforeStart;
emu.ExceptionRaised += emu_ExceptionRaised;
var stackSeg = InitializeStack(emu);
LoadScript(Argument, scriptInterpreter.script);
emu.Start();
TearDownStack(stackSeg);
foreach (var ic in win32.InterceptedCalls)
{
program.InterceptedCalls.Add(Address.Ptr32(ic.Key), ic.Value);
}
return(program);
}
private void Given_Win32Code(Action <X86Assembler> coder)
{
var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <ImageSymbol>());
coder(asm);
var program = asm.GetImage();
this.segmentMap = program.SegmentMap;
Given_Platform();
var win32 = new Win32Emulator(program.SegmentMap, platform, importReferences);
emu = (X86Emulator)arch.CreateEmulator(program.SegmentMap, win32);
emu.InstructionPointer = program.ImageMap.BaseAddress;
emu.WriteRegister(Registers.esp, (uint)program.ImageMap.BaseAddress.ToLinear() + 0x0FFC);
emu.ExceptionRaised += delegate { throw new Exception(); };
}
private void Given_Code(Action <X86Assembler> coder)
{
var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <EntryPoint>());
coder(asm);
var program = asm.GetImage();
this.image = program.Image;
Given_Platform();
var win32 = new Win32Emulator(image, platform, importReferences);
emu = new X86Emulator(arch, program.Image, win32);
emu.InstructionPointer = program.Image.BaseAddress;
emu.WriteRegister(Registers.esp, (uint)program.Image.BaseAddress.ToLinear() + 0x0FFC);
emu.ExceptionRaised += delegate { throw new Exception(); };
}
private void emulatorToolStripMenuItem_Click(object sender, EventArgs e)
{
var sc = new ServiceContainer();
var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open);
var size = fs.Length;
var abImage = new byte[size];
fs.Read(abImage, 0, (int)size);
var exe = new ExeImageLoader(sc, "foolexe", abImage);
var peLdr = new PeImageLoader(sc, "foo.exe", abImage, exe.e_lfanew);
var addr = peLdr.PreferredBaseAddress;
var program = peLdr.Load(addr);
var rr = peLdr.Relocate(program, addr);
var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences);
var emu = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32);
emu.InstructionPointer = rr.EntryPoints[0].Address;
emu.ExceptionRaised += delegate { throw new Exception(); };
emu.WriteRegister(Registers.esp, (uint)peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC);
emu.Start();
}
