//------------------------------------------------------------------------
inline bool pe_loader_t::read_header(linput_t *li, off_t _peoff, bool silent)
{
peoff = _peoff;
qlseek(li, peoff);
memset(&pe64, 0, sizeof(pe64));
qlseek(li, peoff);
size_t size = qlread(li, &pe64, sizeof(pe64));
size_t minsize = pe64.magic == MAGIC_P32_PLUS
? qoffsetof(peheader64_t, subsys)
: qoffsetof(peheader_t, subsys);
bool ok = size > minsize
&& size <= sizeof(pe64)
&& (pe64.signature == PEEXE_ID || pe64.signature == BPEEXE_ID || pe64.signature == PLEXE_ID)
&& pe64_to_pe(pe, pe64, silent);
if ( ok )
//initialize imagebase for loading
set_imagebase((ea_t)pe.imagebase());
return ok;
}
//--------------------------------------------------------------------------
// Get PE header
// In: ea=DLL imagebase, nh=buffer to keep the answer
// child==true:ea is an address in the child process
// child==false:ea is an address in the the debugger itself
// Returns: offset to the headers, BADADDR means failure
ea_t win32_debmod_t::get_pe_header(ea_t ea, peheader_t *nh)
{
uint32 offset = 0;
uint32 magic;
if ( _read_memory(ea, &magic, sizeof(magic)) != sizeof(magic) )
return BADADDR;
if ( ushort(magic) == MC2('M','Z') )
{
if ( _read_memory(ea+PE_PTROFF, &offset, sizeof(offset)) != sizeof(offset) )
return BADADDR;
}
peheader64_t pe64;
if ( _read_memory(ea+offset, &pe64, sizeof(pe64)) != sizeof(pe64) )
return BADADDR;
if ( !pe64_to_pe(*nh, pe64, true, true) )
return BADADDR;
if ( nh->signature != PEEXE_ID )
return BADADDR;
#ifdef __X64__
if ( debapp_attrs.addrsize == 8 && !pe64.is_pe_plus() )
debapp_attrs.addrsize = 4;
#endif
return offset;
}