pe: canUnpack moved to PeFile

2014-02-19 23:27:41 +01:00
parent 8e52894763
commit e49b65723f
7 changed files with 81 additions and 142 deletions
@@ -858,72 +858,6 @@ void PackW32Pe::pack(OutputFile *fo)
        throwNotCompressible();
 }

-
-/*************************************************************************
-// unpack
-**************************************************************************/
-
-int PackW32Pe::canUnpack()
-{
-    if (!readFileHeader() || ih.cpu < 0x14c || ih.cpu > 0x150)
-        return false;
-
-    unsigned objs = ih.objects;
-    isection = new pe_section_t[objs];
-    fi->seek(pe_offset+sizeof(ih),SEEK_SET);
-    fi->readx(isection,sizeof(pe_section_t)*objs);
-    if (ih.objects < 3)
-        return -1;
-    bool is_packed = (ih.objects == 3 &&
-                      (IDSIZE(15) || ih.entry > isection[1].vaddr));
-    bool found_ph = false;
-    if (memcmp(isection[0].name,"UPX",3) == 0)
-    {
-        // current version
-        fi->seek(isection[1].rawdataptr - 64, SEEK_SET);
-        found_ph = readPackHeader(1024);
-        if (!found_ph)
-        {
-            // old versions
-            fi->seek(isection[2].rawdataptr, SEEK_SET);
-            found_ph = readPackHeader(1024);
-        }
-    }
-    if (is_packed && found_ph)
-        return true;
-    if (!is_packed && !found_ph)
-        return -1;
-    if (is_packed && ih.entry < isection[2].vaddr)
-    {
-        unsigned char buf[256];
-        bool x = false;
-
-        memset(buf, 0, sizeof(buf));
-        try {
-            fi->seek(ih.entry - isection[1].vaddr + isection[1].rawdataptr, SEEK_SET);
-            fi->read(buf, sizeof(buf));
-
-            static const unsigned char magic[] = "\x8b\x1e\x83\xee\xfc\x11\xdb";
-            // mov ebx, [esi];    sub esi, -4;    adc ebx,ebx
-
-            int offset = find(buf, sizeof(buf), magic, 7);
-            if (offset >= 0 && find(buf + offset + 1, sizeof(buf) - offset - 1, magic, 7) >= 0)
-                x = true;
-        } catch (...) {
-            //x = true;
-        }
-        if (x)
-            throwCantUnpack("file is modified/hacked/protected; take care!!!");
-        else
-            throwCantUnpack("file is possibly modified/hacked/protected; take care!");
-        return false;   // not reached
-    }
-
-    // FIXME: what should we say here ?
-    //throwCantUnpack("file is possibly modified/hacked/protected; take care!");
-    return false;
-}
-
 /*
 extra info added to help uncompression: