BinaryObjectScanner.Protection/ThreePLock.cs

using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Wrappers;

namespace BinaryObjectScanner.Protection
{
    /// <remarks>
    /// PiD only looks for the `.ldr` section, from testing
    /// There don't seem to be any other signs that this is 3P-Lock anywhere in the example files
    /// No website has been found for 3P-Lock yet
    /// </remarks>
    public class ThreePLock : IPortableExecutableCheck
    {
        /// <inheritdoc/>
        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
        {
            // Get the sections from the executable, if possible
            var sections = pex?.SectionTable;
            if (sections == null)
                return null;

            //This produced false positives in some DirectX 9.0c installer files
            //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"

            // Get the .ldr and .ldt sections, if they exist
            if (pex.ContainsSection(".ldr", exact: true) && pex.ContainsSection(".ldt", exact: true))
                return $"3P-Lock Copy Protection";

            return null;
        }
    }
}
-												Move most interfaces to separate library

											
										
										
											2023-03-09 11:52:28 -05:00
+								using BinaryObjectScanner.Interfaces;
-												BOS.* -> BOS.*

											
										
										
											2023-03-07 16:59:14 -05:00
+								using BinaryObjectScanner.Wrappers;
-												Use content matching helper, part 4

											
										
										
											2021-03-21 22:19:38 -07:00
-												Move protection scans to their own library

This change also removes a couple of things from `BurnOutSharp.Tools.Utilities` that are no longer needed there. Linear executables are included in the scanning classes. Update the guides accordingly.

											
										
										
											2023-03-09 23:19:27 -05:00
+								namespace BinaryObjectScanner.Protection
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								{
-												Cleanup and notes for 3P-Lock

											
										
										
											2022-12-20 11:26:22 -08:00
+								    /// <remarks>
 								    /// PiD only looks for the `.ldr` section, from testing
 								    /// There don't seem to be any other signs that this is 3P-Lock anywhere in the example files
 								    /// No website has been found for 3P-Lock yet
 								    /// </remarks>
-												Better naming

											
										
										
											2022-05-01 17:17:15 -07:00
+								    public class ThreePLock : IPortableExecutableCheck
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    {
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								        /// <inheritdoc/>
-												Better naming

											
										
										
											2022-05-01 17:17:15 -07:00
+								        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								        {
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								            // Get the sections from the executable, if possible
 								            var sections = pex?.SectionTable;
 								            if (sections == null)
 								                return null;
-												Use content matching helper, part 4

											
										
										
											2021-03-21 22:19:38 -07:00
-												Cleanup and bugfixes; additional notes

											
										
										
											2021-09-10 15:32:37 -07:00
+								            //This produced false positives in some DirectX 9.0c installer files
 								            //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
-												Cleanup and notes for 3P-Lock

											
										
										
											2022-12-20 11:26:22 -08:00
+								            // Get the .ldr and .ldt sections, if they exist
 								            if (pex.ContainsSection(".ldr", exact: true) && pex.ContainsSection(".ldt", exact: true))
 								                return $"3P-Lock Copy Protection";
-												Location, Location, Location (#11)

* Add index to all content checks

* Get mostly onto byte arrays

* Migrate as much as possible to byte array

* Minor cleanup

* Cleanup comments, fix search

* Safer CABs and auto-log on test

* Comments and better SecuROM

* Cleanup, Wise Detection, archives

* Minor fixes

* Add externals, cleanup README

* Add WiseUnpacker

* Add Wise extraction

* Better separation of special file format handling

* Consistent licencing

* Add to README

* Fix StartsWith

* Fix Valve scanning

* Fix build

* Remove old TODO

* Fix BFPK extraction

* More free decompression formats

* Fix EVORE

* Fix LibCrypt detection

* Fix EVORE deletion
											
										
										
											2020-09-10 21:10:32 -07:00
-												Convert 3PLock to section based

											
										
										
											2021-09-07 21:02:52 -07:00
+								            return null;
-												ContentMatchSets are now expected in IContentCheck

											
										
										
											2021-08-25 19:37:32 -07:00
+								        }
-												Separate protections into their own classes

											
										
										
											2019-09-27 23:52:24 -07:00
+								    }
 								}