Fixing MzLoader false positives (relates to NationalSecurityAgency#1054)

Author: ryanmkurtz

Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/mz/DOSHeader.java

@@ -23,6 +23,9 @@
 import ghidra.app.util.bin.format.Writeable;
 import ghidra.app.util.bin.format.ne.InvalidWindowsHeaderException;
 import ghidra.app.util.bin.format.ne.WindowsHeader;
+import ghidra.app.util.bin.format.pe.InvalidNTHeaderException;
+import ghidra.app.util.bin.format.pe.NTHeader;
+import ghidra.app.util.bin.format.pe.PortableExecutable.SectionLayout;
 import ghidra.program.model.data.*;
 import ghidra.util.DataConverter;
 import ghidra.util.exception.DuplicateNameException;
@@ -271,6 +274,27 @@ public boolean hasNewExeHeader() {
         }
         return false;
     }
+
+	/**
+	 * Returns true if a PE header exists.
+	 * @return true if a PE header exists
+	 */
+	public boolean hasPeHeader() {
+		if (e_lfanew >= 0 && e_lfanew <= 0x1000000) {
+			try {
+				NTHeader ntHeader =
+					NTHeader.createNTHeader(reader, e_lfanew, SectionLayout.FILE, false, false);
+				if (ntHeader != null && ntHeader.getOptionalHeader() != null) {
+					return true;
+				}
+			}
+			catch (InvalidNTHeaderException | IOException e) {
+				// Fall through and return false
+			}
+		}
+		return false;
+	}
+
     /**
      * Returns true if the DOS magic number is correct
      * @return true if the DOS magic number is correct

Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MzLoader.java

@@ -71,7 +71,7 @@ public Collection<LoadSpec> findSupportedLoadSpecs(ByteProvider provider) throws
 		}
 		OldStyleExecutable ose = new OldStyleExecutable(RethrowContinuesFactory.INSTANCE, provider);
 		DOSHeader dos = ose.getDOSHeader();
-		if (dos.isDosSignature() && !dos.hasNewExeHeader()) {
+		if (dos.isDosSignature() && !dos.hasNewExeHeader() && !dos.hasPeHeader()) {
 			List<QueryResult> results =
 				QueryOpinionService.query(getName(), "" + dos.e_magic(), null);
 			for (QueryResult result : results) {