BinaryObjectScanner.Protection/SmartE.cs

using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Matching;
using BinaryObjectScanner.Wrappers;

namespace BinaryObjectScanner.Protection
{
    public class SmartE : IPathCheck, IPortableExecutableCheck
    {
        /// <inheritdoc/>
        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
        {
            // Get the sections from the executable, if possible
            var sections = pex?.SectionTable;
            if (sections == null)
                return null;

            // Get the last section strings, if they exist
            List<string> strs = pex.GetSectionStrings(sections.Length - 1);
            if (strs != null)
            {
                if (strs.Any(s => s.Contains("BITARTS")))
                    return "SmartE";
            }

            return null;
        }

        /// <inheritdoc/>
        public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
        {
            var matchers = new List<PathMatchSet>
            {
                new PathMatchSet(new List<PathMatch>
                {
                    new FilePathMatch("00001.TMP"),
                    new FilePathMatch("00002.TMP")
                 }, "SmartE"),
            };

            return MatchUtil.GetAllMatches(files, matchers, any: true);
        }

        /// <inheritdoc/>
        public string CheckFilePath(string path)
        {
            var matchers = new List<PathMatchSet>
            {
                new PathMatchSet(new FilePathMatch("00001.TMP"), "SmartE"),
                new PathMatchSet(new FilePathMatch("00002.TMP"), "SmartE"),
            };

            return MatchUtil.GetFirstMatch(path, matchers, any: true);
        }
    }
}
-												Concurrent protection scans per file (#52)

* Move to ConcurrentDictionary

* Convert to ConcurrentQueue
											
										
										
											2021-07-18 09:44:23 -07:00
+								using System.Collections.Concurrent;
 								using System.Collections.Generic;
-												Convert SmartE to string finding

											
										
										
											2022-12-09 21:40:25 -08:00
+								using System.Linq;
-												Move most interfaces to separate library

											
										
										
											2023-03-09 11:52:28 -05:00
+								using BinaryObjectScanner.Interfaces;
-												BOS.* -> BOS.*

											
										
										
											2023-03-07 16:59:14 -05:00
+								using BinaryObjectScanner.Matching;
 								using BinaryObjectScanner.Wrappers;
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
-												Move protection scans to their own library

This change also removes a couple of things from `BurnOutSharp.Tools.Utilities` that are no longer needed there. Linear executables are included in the scanning classes. Update the guides accordingly.

											
										
										
											2023-03-09 23:19:27 -05:00
+								namespace BinaryObjectScanner.Protection
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								{
-												Reorder inherited interfaces

											
										
										
											2022-05-01 17:23:00 -07:00
+								    public class SmartE : IPathCheck, IPortableExecutableCheck
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    {
-												ContentMatchSets are now expected in IContentCheck

											
										
										
											2021-08-25 19:37:32 -07:00
+								        /// <inheritdoc/>
-												Better naming

											
										
										
											2022-05-01 17:17:15 -07:00
+								        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
-												Convert SmartE to section based

											
										
										
											2021-09-03 13:26:52 -07:00
+								        {
 								            // Get the sections from the executable, if possible
 								            var sections = pex?.SectionTable;
 								            if (sections == null)
 								                return null;
-												Convert SmartE to string finding

											
										
										
											2022-12-09 21:40:25 -08:00
+								            // Get the last section strings, if they exist
 								            List<string> strs = pex.GetSectionStrings(sections.Length - 1);
 								            if (strs != null)
-												Make SmartE checks even simpler

											
										
										
											2022-12-05 10:21:15 -08:00
+								            {
-												Convert SmartE to string finding

											
										
										
											2022-12-09 21:40:25 -08:00
+								                if (strs.Any(s => s.Contains("BITARTS")))
 								                    return "SmartE";
-												Make SmartE checks even simpler

											
										
										
											2022-12-05 10:21:15 -08:00
+								            }
-												Convert SmartE to section based

											
										
										
											2021-09-03 13:26:52 -07:00
 								            return null;
 								        }
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
-												Add IPathCheck interface

											
										
										
											2021-02-26 00:32:09 -08:00
+								        /// <inheritdoc/>
-												Concurrent protection scans per file (#52)

* Move to ConcurrentDictionary

* Convert to ConcurrentQueue
											
										
										
											2021-07-18 09:44:23 -07:00
+								        public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								        {
-												Final batch of first pass for path check conversions

											
										
										
											2021-03-23 10:36:14 -07:00
+								            var matchers = new List<PathMatchSet>
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								            {
-												Convert SmartE to section based

											
										
										
											2021-09-03 13:26:52 -07:00
+								                new PathMatchSet(new List<PathMatch>
 								                {
-												Add and use `FilePathMatch` (fixes #262)

											
										
										
											2023-08-26 22:51:55 -04:00
+								                    new FilePathMatch("00001.TMP"),
 								                    new FilePathMatch("00002.TMP")
-												Convert SmartE to section based

											
										
										
											2021-09-03 13:26:52 -07:00
+								                 }, "SmartE"),
-												Final batch of first pass for path check conversions

											
										
										
											2021-03-23 10:36:14 -07:00
+								            };
-												Reduce boilerplate for directory checks

											
										
										
											2021-03-23 13:35:12 -07:00
+								            return MatchUtil.GetAllMatches(files, matchers, any: true);
-												Split IPathCheck method

											
										
										
											2021-03-19 15:41:49 -07:00
+								        }
 								        /// <inheritdoc/>
 								        public string CheckFilePath(string path)
 								        {
-												Final batch of first pass for path check conversions

											
										
										
											2021-03-23 10:36:14 -07:00
+								            var matchers = new List<PathMatchSet>
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								            {
-												Add and use `FilePathMatch` (fixes #262)

											
										
										
											2023-08-26 22:51:55 -04:00
+								                new PathMatchSet(new FilePathMatch("00001.TMP"), "SmartE"),
 								                new PathMatchSet(new FilePathMatch("00002.TMP"), "SmartE"),
-												Final batch of first pass for path check conversions

											
										
										
											2021-03-23 10:36:14 -07:00
+								            };
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
-												Final batch of first pass for path check conversions

											
										
										
											2021-03-23 10:36:14 -07:00
+								            return MatchUtil.GetFirstMatch(path, matchers, any: true);
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								        }
 								    }
 								}