BurnOutSharp/ProtectionType/ThreePLock.cs

using System.Linq;
using System.Text;
using BurnOutSharp.ExecutableType.Microsoft;

namespace BurnOutSharp.ProtectionType
{
    public class ThreePLock : IContentCheck
    {
        /// <inheritdoc/>
        public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
        {
            // Get the sections from the executable, if possible
            var sections = pex?.SectionTable;
            if (sections == null)
                return null;

            //This produced false positives in some DirectX 9.0c installer files
            //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"

            // Get the .ldr and .ldt sections, if they exist -- TODO: Confirm if both are needed or either/or is fine
            var cmsdSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldr"));
            var cmstSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldt"));
            if (cmsdSection != null || cmstSection != null)
                return $"3PLock";

            return null;
        }
    }
}
-												Cleanup and bugfixes; additional notes

											
										
										
											2021-09-10 15:32:37 -07:00
+								using System.Linq;
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								using System.Text;
 								using BurnOutSharp.ExecutableType.Microsoft;
-												Use content matching helper, part 4

											
										
										
											2021-03-21 22:19:38 -07:00
 								namespace BurnOutSharp.ProtectionType
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								{
-												Add IContentCheck interface

											
										
										
											2021-02-26 01:26:49 -08:00
+								    public class ThreePLock : IContentCheck
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    {
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								        /// <inheritdoc/>
-												Only deserialze a file once per round of checks

											
										
										
											2021-09-10 16:10:15 -07:00
+								        public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								        {
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								            // Get the sections from the executable, if possible
 								            var sections = pex?.SectionTable;
 								            if (sections == null)
 								                return null;
-												Use content matching helper, part 4

											
										
										
											2021-03-21 22:19:38 -07:00
-												Cleanup and bugfixes; additional notes

											
										
										
											2021-09-10 15:32:37 -07:00
+								            //This produced false positives in some DirectX 9.0c installer files
 								            //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								            // Get the .ldr and .ldt sections, if they exist -- TODO: Confirm if both are needed or either/or is fine
 								            var cmsdSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldr"));
 								            var cmstSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldt"));
 								            if (cmsdSection != null || cmstSection != null)
 								                return $"3PLock";
-												Location, Location, Location (#11)

* Add index to all content checks

* Get mostly onto byte arrays

* Migrate as much as possible to byte array

* Minor cleanup

* Cleanup comments, fix search

* Safer CABs and auto-log on test

* Comments and better SecuROM

* Cleanup, Wise Detection, archives

* Minor fixes

* Add externals, cleanup README

* Add WiseUnpacker

* Add Wise extraction

* Better separation of special file format handling

* Consistent licencing

* Add to README

* Fix StartsWith

* Fix Valve scanning

* Fix build

* Remove old TODO

* Fix BFPK extraction

* More free decompression formats

* Fix EVORE

* Fix LibCrypt detection

* Fix EVORE deletion
											
										
										
											2020-09-10 21:10:32 -07:00
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								            return null;
-												ContentMatchSets are now expected in IContentCheck

											
										
										
											2021-08-25 19:37:32 -07:00
+								        }
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    }
 								}