2021-07-18 09:44:23 -07:00
|
|
|
|
using System.Collections.Concurrent;
|
|
|
|
|
|
using System.Collections.Generic;
|
2023-03-09 11:52:28 -05:00
|
|
|
|
using BinaryObjectScanner.Interfaces;
|
2023-03-07 16:59:14 -05:00
|
|
|
|
using BinaryObjectScanner.Matching;
|
|
|
|
|
|
using BinaryObjectScanner.Wrappers;
|
2019-09-27 23:52:24 -07:00
|
|
|
|
|
2023-03-09 23:19:27 -05:00
|
|
|
|
namespace BinaryObjectScanner.Protection
|
2019-09-27 23:52:24 -07:00
|
|
|
|
{
|
2022-05-01 17:23:00 -07:00
|
|
|
|
public class Steam : IPathCheck, IPortableExecutableCheck
|
2019-09-27 23:52:24 -07:00
|
|
|
|
{
|
2022-03-14 12:16:38 -07:00
|
|
|
|
/// <inheritdoc/>
|
2022-05-01 17:17:15 -07:00
|
|
|
|
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
2022-03-14 12:16:38 -07:00
|
|
|
|
{
|
|
|
|
|
|
// Get the sections from the executable, if possible
|
|
|
|
|
|
var sections = pex?.SectionTable;
|
|
|
|
|
|
if (sections == null)
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
2022-04-02 16:12:23 -07:00
|
|
|
|
string name = pex.FileDescription;
|
2022-03-14 12:16:38 -07:00
|
|
|
|
if (!string.IsNullOrEmpty(name) && name.Contains("Steam Autorun Setup"))
|
|
|
|
|
|
return "Steam";
|
|
|
|
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client API"))
|
|
|
|
|
|
return "Steam";
|
2022-03-15 22:23:23 -07:00
|
|
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Engine"))
|
2023-03-09 23:19:27 -05:00
|
|
|
|
return $"Steam Client Engine {pex.GetInternalVersion()}";
|
2022-03-14 12:16:38 -07:00
|
|
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Service"))
|
|
|
|
|
|
return "Steam";
|
|
|
|
|
|
|
2022-04-02 16:12:23 -07:00
|
|
|
|
name = pex.ProductName;
|
2022-03-14 12:16:38 -07:00
|
|
|
|
if (!string.IsNullOrEmpty(name) && name.Contains("Steam Autorun Setup"))
|
|
|
|
|
|
return "Steam";
|
|
|
|
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client API"))
|
|
|
|
|
|
return "Steam";
|
|
|
|
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Service"))
|
|
|
|
|
|
return "Steam";
|
|
|
|
|
|
|
2022-06-22 10:03:14 -07:00
|
|
|
|
/// TODO: Add entry point checks
|
|
|
|
|
|
/// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Steam.2.sg
|
|
|
|
|
|
|
2022-03-14 12:16:38 -07:00
|
|
|
|
return null;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-02-26 00:32:09 -08:00
|
|
|
|
/// <inheritdoc/>
|
2021-07-18 09:44:23 -07:00
|
|
|
|
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
2019-09-27 23:52:24 -07:00
|
|
|
|
{
|
2021-03-23 10:36:14 -07:00
|
|
|
|
var matchers = new List<PathMatchSet>
|
2019-09-27 23:52:24 -07:00
|
|
|
|
{
|
2022-06-30 17:18:12 -06:00
|
|
|
|
// These checks are grouped together due to the names being generic on their own (Redump entry 91450).
|
|
|
|
|
|
new PathMatchSet(new List<PathMatch>
|
|
|
|
|
|
{
|
|
|
|
|
|
// TODO: Identify based on "Steam(TM)" being present in "Description" but not in "File Description".
|
|
|
|
|
|
new PathMatch("steam.exe", useEndsWith: true),
|
|
|
|
|
|
|
|
|
|
|
|
new PathMatch("steam.ini", useEndsWith: true),
|
|
|
|
|
|
|
|
|
|
|
|
// TODO: Identify file using MSI property parsing.
|
|
|
|
|
|
new PathMatch("steam.msi", useEndsWith: true),
|
|
|
|
|
|
}, "Steam"),
|
|
|
|
|
|
|
2022-02-04 15:19:24 -08:00
|
|
|
|
new PathMatchSet(new PathMatch("steam_api.dll", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("steam_api64.dll", useEndsWith: true), "Steam"),
|
2022-06-30 17:18:12 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("steam_install_agreement.rtf", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.bom", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.exe", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.info", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.ini", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.msi", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.pax.gz", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.pkg", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.sizes", useEndsWith: true), "Steam"),
|
2021-04-03 22:25:22 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Czech.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_English.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_French.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_German.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Italian.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Polish.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Russian.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Spanish.msi", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller.dmg", useEndsWith: true), "Steam"),
|
2021-04-03 22:25:22 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamService.exe", useEndsWith: true), "Steam"),
|
2022-03-14 08:54:58 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamSetup.exe", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("steamxboxutil64.exe", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
};
|
|
|
|
|
|
|
2021-03-23 13:35:12 -07:00
|
|
|
|
return MatchUtil.GetAllMatches(files, matchers, any: true);
|
2021-03-19 15:41:49 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// <inheritdoc/>
|
|
|
|
|
|
public string CheckFilePath(string path)
|
|
|
|
|
|
{
|
2021-03-23 10:36:14 -07:00
|
|
|
|
var matchers = new List<PathMatchSet>
|
2019-09-27 23:52:24 -07:00
|
|
|
|
{
|
2022-02-04 15:19:24 -08:00
|
|
|
|
new PathMatchSet(new PathMatch("steam_api.dll", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("steam_api64.dll", useEndsWith: true), "Steam"),
|
2022-06-30 17:18:12 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("steam_install_agreement.rtf", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.bom", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.exe", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.info", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.ini", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.msi", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.pax.gz", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.pkg", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall.sizes", useEndsWith: true), "Steam"),
|
2021-04-03 22:25:22 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Czech.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_English.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_French.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_German.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Italian.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Polish.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Russian.msi", useEndsWith: true), "Steam"),
|
|
|
|
|
|
new PathMatchSet(new PathMatch("SteamInstall_Spanish.msi", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller.dmg", useEndsWith: true), "Steam"),
|
2021-04-03 22:25:22 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamService.exe", useEndsWith: true), "Steam"),
|
2021-08-31 23:22:47 -06:00
|
|
|
|
new PathMatchSet(new PathMatch("SteamSetup.exe", useEndsWith: true), "Steam"),
|
2022-03-14 08:54:58 -07:00
|
|
|
|
new PathMatchSet(new PathMatch("steamxboxutil64.exe", useEndsWith: true), "Steam"),
|
2021-03-23 10:36:14 -07:00
|
|
|
|
};
|
2019-09-27 23:52:24 -07:00
|
|
|
|
|
2021-03-23 10:36:14 -07:00
|
|
|
|
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
2019-09-27 23:52:24 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
