- offset = bfd_h_get_32 (abfd, ext_offset);
- if (bfd_seek (abfd, offset, SEEK_SET) != 0
- || bfd_read (ext_signature, 1, 4, abfd) != 4)
+
+ /* There are really two magic numbers involved; the magic number
+ that says this is a NT executable (PEI) and the magic number
+ that determines the architecture. The former is DOSMAGIC,
+ stored in the e_magic field. The latter is stored in the
+ f_magic field. If the NT magic number isn't valid, the
+ architecture magic number could be mimicked by some other
+ field (specifically, the number of relocs in section 3). Since
+ this routine can only be called correctly for a PEI file, check
+ the e_magic number here, and, if it doesn't match, clobber the
+ f_magic number so that we don't get a false match. */
+ if (bfd_h_get_16 (abfd, (bfd_byte *) dos_hdr.e_magic) != DOSMAGIC)
+ {
+ bfd_set_error (bfd_error_wrong_format);
+ return NULL;
+ }
+
+ offset = bfd_h_get_32 (abfd, (bfd_byte *) dos_hdr.e_lfanew);
+ if (bfd_seek (abfd, (file_ptr) offset, SEEK_SET) != 0
+ || bfd_read (&image_hdr, 1, sizeof (image_hdr), abfd)
+ != sizeof (image_hdr))