File tree Expand file tree Collapse file tree 1 file changed +26
-1
lines changed Expand file tree Collapse file tree 1 file changed +26
-1
lines changed Original file line number Diff line number Diff line change 22
22
#include " label.hpp"
23
23
#include " regions.hpp"
24
24
25
+ #include " le.hpp"
26
+
25
27
void
26
28
KnownFile::check (Analyser &anal, LinearExecutable *le)
27
29
{
28
- anal.known_type = KnownFile::KNOWN_SWARS_FINAL_MAIN;
30
+ const LinearExecutable::Header *header = le->get_header ();
31
+
32
+ anal.known_type = KnownFile::NOT_KNOWN;
33
+
34
+ if (header->eip_offset == 0xd581c &&
35
+ header->esp_offset == 0x9ffe0 &&
36
+ header->last_page_size == 0x34a &&
37
+ header->fixup_section_size == 0x5d9ca &&
38
+ header->loader_section_size == 0x5df3f &&
39
+ header->object_count == 4 )
40
+ {
41
+ if (le->get_object_header (0 )->virtual_size == 0x12d030 &&
42
+ le->get_object_header (0 )->base_address == 0x10000 &&
43
+ le->get_object_header (1 )->virtual_size == 0x96 &&
44
+ le->get_object_header (1 )->base_address == 0x140000 &&
45
+ le->get_object_header (2 )->virtual_size == 0x9ffe0 &&
46
+ le->get_object_header (2 )->base_address == 0x150000 &&
47
+ le->get_object_header (3 )->virtual_size == 0x1b58 &&
48
+ le->get_object_header (3 )->base_address == 0x1f0000 )
49
+ {
50
+ anal.known_type = KnownFile::KNOWN_SWARS_FINAL_MAIN;
51
+ return ;
52
+ }
53
+ }
29
54
}
30
55
31
56
void
You can’t perform that action at this time.
0 commit comments