BinaryObjectScanner.Protection/CDSHiELDSE.cs

using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Wrappers;

namespace BinaryObjectScanner.Protection
{
    public class CDSHiELDSE : IPortableExecutableCheck
    {
        /// <inheritdoc/>
        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
        {
            // Get the sections from the executable, if possible
            var sections = pex?.SectionTable;
            if (sections == null)
                return null;

            // TODO: Indicates Hypertech Crack Proof as well?
            //// Get the import directory table
            //if (pex.ImportTable?.ImportDirectoryTable != null)
            //{
            //    bool match = pex.ImportTable.ImportDirectoryTable.Any(idte => idte.Name == "KeRnEl32.dLl");
            //    if (match)
            //        return "CDSHiELD SE";
            //}

            // Get the code/CODE section strings, if they exist
            List<string> strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
            if (strs != null)
            {
                if (strs.Any(s => s.Contains("~0017.tmp")))
                    return "CDSHiELD SE";
            }

            return null;
        }
    }
}
-												Use content matching helper, part 1

											
										
										
											2021-03-21 14:30:37 -07:00
+								using System.Collections.Generic;
-												Add note to CDSHiELD SE

											
										
										
											2022-12-08 14:53:59 -08:00
+								using System.Linq;
-												Move most interfaces to separate library

											
										
										
											2023-03-09 11:52:28 -05:00
+								using BinaryObjectScanner.Interfaces;
-												BOS.* -> BOS.*

											
										
										
											2023-03-07 16:59:14 -05:00
+								using BinaryObjectScanner.Wrappers;
-												Use content matching helper, part 1

											
										
										
											2021-03-21 14:30:37 -07:00
-												Move protection scans to their own library

This change also removes a couple of things from `BurnOutSharp.Tools.Utilities` that are no longer needed there. Linear executables are included in the scanning classes. Update the guides accordingly.

											
										
										
											2023-03-09 23:19:27 -05:00
+								namespace BinaryObjectScanner.Protection
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								{
-												Better naming

											
										
										
											2022-05-01 17:17:15 -07:00
+								    public class CDSHiELDSE : IPortableExecutableCheck
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    {
-												Add IContentCheck interface

											
										
										
											2021-02-26 01:26:49 -08:00
+								        /// <inheritdoc/>
-												Better naming

											
										
										
											2022-05-01 17:17:15 -07:00
+								        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								        {
-												Convert CDSHiELD SE to section-based

											
										
										
											2021-09-15 11:01:51 -07:00
+								            // Get the sections from the executable, if possible
 								            var sections = pex?.SectionTable;
 								            if (sections == null)
 								                return null;
-												Add note to CDSHiELD SE

											
										
										
											2022-12-08 14:53:59 -08:00
+								            // TODO: Indicates Hypertech Crack Proof as well?
 								            //// Get the import directory table
 								            //if (pex.ImportTable?.ImportDirectoryTable != null)
 								            //{
 								            //    bool match = pex.ImportTable.ImportDirectoryTable.Any(idte => idte.Name == "KeRnEl32.dLl");
 								            //    if (match)
 								            //        return "CDSHiELD SE";
 								            //}
-												Convert CDSHiELD SE to string finding

											
										
										
											2022-12-09 13:41:09 -08:00
+								            // Get the code/CODE section strings, if they exist
 								            List<string> strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
 								            if (strs != null)
-												Fix static matcher issues (fixes #51)

Note: This may result in slower, but more accurate, scans

											
										
										
											2021-07-17 23:40:16 -07:00
+								            {
-												Convert CDSHiELD SE to string finding

											
										
										
											2022-12-09 13:41:09 -08:00
+								                if (strs.Any(s => s.Contains("~0017.tmp")))
 								                    return "CDSHiELD SE";
-												Convert CDSHiELD SE to section-based

											
										
										
											2021-09-15 11:01:51 -07:00
+								            }
 								            return null;
-												Cleanup and bugfixes; additional notes

											
										
										
											2021-09-10 15:32:37 -07:00
+								        }
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    }
 								}