Automatic File Format Detection
c3rb3ru5d3d53c opened this issue ยท 7 comments
Automatically detect file format and if it is supported or not.
The mode should be auto
- VB6 Detection in here as well
auto.cpp auto.h
Good reference for "quick" PE compiler type checking.
https://github.com/danielplohmann/smda/blob/master/smda/intel/LanguageAnalyzer.py
Using file one gets the following (example):
$ file /tmp/pe/*
/tmp/pe/pe.delphi.projecthook.x86: PE32 executable (GUI) Intel 80386, for MS Windows
/tmp/pe/pe.emotet.x86: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
/tmp/pe/pe.trickbot.x86: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
/tmp/pe/pe.trickbot.x86_64: PE32+ executable (GUI) x86-64, for MS Windows
/tmp/pe/pe.x86: PE32 executable (GUI) Intel 80386, for MS Windows
/tmp/pe/pe.x86_64: PE32+ executable (GUI) x86-64, for MS Windows
This usually has some problems with DLL vs EXE.
Added Function to detect file type & architecture.
Added Function to detect file limitations which are currently Arch != x86/AMD64 for both ELF and PE files & VB6 PE files.
Added function to detect .NET/CIL executables.
Updated CLI to set mode property to optional and use auto by default.
The PR has been merged to the staging branch, we have the CIL decompiler and will need that to work with the mode auto now, as it cannot return the same type of Decompiler as we can have multiple decompiler types ๐
Yeah, I'm going to refactor it slightly to return an error code and we'll pass the decompiler out via a param. I believe we can change it slightly that all decompilers implement a base class and we use that base as the return type. This should make it generic so that as new decompilers are added calling code doesn't need to change.
This seems to be working quite well now, @idiom you still want to keep this issue open or we wish to close for now?