private void emulatorToolStripMenuItem_Click(object sender, EventArgs e) { var sc = new ServiceContainer(); var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open); var size = fs.Length; var abImage = new byte[size]; fs.Read(abImage, 0, (int) size); var exe = new ExeImageLoader(sc, "foolexe", abImage); var peLdr = new PeImageLoader(sc, "foo.exe" ,abImage, exe.e_lfanew); var addr = peLdr.PreferredBaseAddress; var program = peLdr.Load(addr); var rr = peLdr.Relocate(program, addr); var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences); var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.SegmentMap, win32); emu.InstructionPointer = rr.EntryPoints[0].Address; emu.ExceptionRaised += delegate { throw new Exception(); }; emu.WriteRegister(Registers.esp, (uint) peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC); emu.Start(); }
public override Program Load(Address addrLoad) { // First load the file as a PE Executable. This gives us a (writeable) image and // the packed entry point. var pe = CreatePeImageLoader(); var program = pe.Load(pe.PreferredBaseAddress); var rr = pe.Relocate(program, pe.PreferredBaseAddress); this.Image = program.Image; this.ImageMap = program.ImageMap; this.Architecture = (IntelArchitecture)program.Architecture; var win32 = new Win32Emulator(program.Image, program.Platform, program.ImportReferences); var state = (X86State)program.Architecture.CreateProcessorState(); var emu = new X86Emulator((IntelArchitecture) program.Architecture, program.Image, win32); this.debugger = new Debugger(emu); this.scriptInterpreter = new OllyLang(); this.scriptInterpreter.Host = new Host(this); this.scriptInterpreter.Debugger = this.debugger; emu.InstructionPointer = rr.EntryPoints[0].Address; emu.WriteRegister(Registers.esp, (uint)Image.BaseAddress.ToLinear() + 0x1000 - 4u); emu.BeforeStart += emu_BeforeStart; emu.ExceptionRaised += emu_ExceptionRaised; // Load the script. LoadScript(Argument, scriptInterpreter.script); emu.Start(); foreach (var ic in win32.InterceptedCalls) { program.InterceptedCalls.Add(Address.Ptr32(ic.Key), ic.Value); } return program; }