SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-04-23 06:34:03 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Linq is friend, not food

Browse Source
This commit is contained in:
Matt Nadareski
2024-11-12 23:17:48 -05:00
parent 984ad1f642
commit 1e3aac6748
60 changed files with 263 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BinaryObjectScanner/Protection/ActiveMARK.cs
View File

@@ -82,8 +82,8 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetLastSectionStrings(".data");
if (strs != null)
{
if (strs.Any(s => s.Contains("MPRMMGVA"))
&& strs.Any(s => s.Contains("This application cannot run with an active debugger in memory.")))
if (strs.Exists(s => s.Contains("MPRMMGVA"))
&& strs.Exists(s => s.Contains("This application cannot run with an active debugger in memory.")))
{
return "ActiveMARK 6.x";
}
@@ -103,7 +103,7 @@ namespace BinaryObjectScanner.Protection
// Get the overlay data, if it exists
if (pex.OverlayStrings != null)
{
if (pex.OverlayStrings.Any(s => s.Contains("TMSAMVOH")))
if (pex.OverlayStrings.Exists(s => s.Contains("TMSAMVOH")))
return "ActiveMARK";
}
@@ -111,7 +111,7 @@ namespace BinaryObjectScanner.Protection
strs = pex.GetLastSectionStrings(".bss");
if (strs != null)
{
if (strs.Any(s => s.Contains("TMSAMVOF")))
if (strs.Exists(s => s.Contains("TMSAMVOF")))
return "ActiveMARK";
}

15
BinaryObjectScanner/Protection/AlphaROM.cs
View File

@@ -1,5 +1,4 @@
using System.Linq;
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Protection
@@ -57,10 +56,10 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA");
if (strs != null)
{
if (strs.Any(s => s.Contains("\\SETTEC")))
if (strs.Exists(s => s.Contains("\\SETTEC")))
return "Alpha-ROM";
if (strs.Any(s => s.Contains("SETTEC0000")))
if (strs.Exists(s => s.Contains("SETTEC0000")))
return "Alpha-ROM";
}
@@ -68,13 +67,13 @@ namespace BinaryObjectScanner.Protection
strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
if (strs.Any(s => s.Contains("This Game is Japan Only")))
if (strs.Exists(s => s.Contains("This Game is Japan Only")))
return "Alpha-ROM";
// Found in "Filechk.exe" in Redump entry 115358.
if (strs.Any(s => s.Contains("AlphaCheck.exe")))
if (strs.Exists(s => s.Contains("AlphaCheck.exe")))
return "Alpha-ROM";
// Found in "Uninstall.exe" in Redump entry 115358.
if (strs.Any(s => s.Contains("AlphaCheck.dat")))
if (strs.Exists(s => s.Contains("AlphaCheck.dat")))
return "Alpha-ROM";
}
@@ -82,7 +81,7 @@ namespace BinaryObjectScanner.Protection
if (pex.OverlayStrings != null)
{
// Found in Redump entry 84122.
if (pex.OverlayStrings.Any(s => s.Contains("SETTEC0000")))
if (pex.OverlayStrings.Exists(s => s.Contains("SETTEC0000")))
return "Alpha-ROM";
}

6
BinaryObjectScanner/Protection/Armadillo.cs
View File

@@ -1,4 +1,4 @@
using System.Linq;
using System;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
@@ -36,13 +36,13 @@ namespace BinaryObjectScanner.Protection
// Loop through all "extension" sections -- usually .data1 or .text1
if (pex.SectionNames != null)
{
foreach (var sectionName in pex.SectionNames.Where(s => s != null && s.EndsWith("1")))
foreach (var sectionName in Array.FindAll(pex.SectionNames, s => s != null && s.EndsWith("1")))
{
// Get the section strings, if they exist
var strs = pex.GetFirstSectionStrings(sectionName);
if (strs != null)
{
if (strs.Any(s => s.Contains("ARMDEBUG")))
if (strs.Exists(s => s.Contains("ARMDEBUG")))
return "Armadillo";
}
}

10
BinaryObjectScanner/Protection/ByteShield.cs
View File

@@ -95,7 +95,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "LineRider2.exe" in Redump entry 6236
if (strs.Any(s => s?.Contains("ByteShield") == true))
if (strs.Exists(s => s?.Contains("ByteShield") == true))
return "ByteShield";
}
@@ -104,15 +104,15 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "ByteShield.dll" in Redump entry 6236
if (strs.Any(s => s?.Contains("Byte|Shield") == true))
if (strs.Exists(s => s?.Contains("Byte|Shield") == true))
return "ByteShield Component Module";
// Found in "ByteShield.dll" in Redump entry 6236
else if (strs.Any(s => s?.Contains("Byteshield0") == true))
else if (strs.Exists(s => s?.Contains("Byteshield0") == true))
return "ByteShield Component Module";
// Found in "ByteShield.dll" in Redump entry 6236
else if (strs.Any(s => s?.Contains("ByteShieldLoader") == true))
else if (strs.Exists(s => s?.Contains("ByteShieldLoader") == true))
return "ByteShield Component Module";
}
@@ -122,7 +122,7 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Figure out if this specifically indicates if the file is encrypted
// Found in "LineRider2.bbz" in Redump entry 6236
if (strs.Any(s => s?.Contains("ByteShield") == true))
if (strs.Exists(s => s?.Contains("ByteShield") == true))
return "ByteShield";
}

2
BinaryObjectScanner/Protection/CDDVDCops.cs
View File

@@ -231,7 +231,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] versionBytes = new byte[4];
Array.Copy(fileContent, positions[0] + 15, versionBytes, 0, 4);
char[] version = versionBytes.Select(b => (char)b).ToArray();
char[] version = Array.ConvertAll(versionBytes, b => (char)b);
#else
char[] version = new ArraySegment<byte>(fileContent, positions[0] + 15, 4).Select(b => (char)b).ToArray();
#endif

3
BinaryObjectScanner/Protection/CDGuard.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -46,7 +45,7 @@ namespace BinaryObjectScanner.Protection
if (pex.Model.ImportTable?.ImportDirectoryTable != null)
{
// Found in "Randevu.exe" in Redump entry 97142.
bool match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name != null && idte.Name.Equals("cdguard.dll", StringComparison.OrdinalIgnoreCase));
bool match = Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("cdguard.dll", StringComparison.OrdinalIgnoreCase));
if (match)
return "CD-Guard Copy Protection System";
}

5
BinaryObjectScanner/Protection/CDSHiELDSE.cs
View File

@@ -1,5 +1,4 @@
using System.Linq;
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Protection
@@ -27,7 +26,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
if (strs != null)
{
if (strs.Any(s => s.Contains("~0017.tmp")))
if (strs.Exists(s => s.Contains("~0017.tmp")))
return "CDSHiELD SE";
}

8
BinaryObjectScanner/Protection/CactusDataShield.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Content;
@@ -18,14 +17,13 @@ namespace BinaryObjectScanner.Protection
var contentMatchSets = new List<ContentMatchSet>
{
// CDSPlayer
new(new byte?[] { 0x43, 0x44, 0x53, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72 }, "Cactus Data Shield 200"),
new([0x43, 0x44, 0x53, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72], "Cactus Data Shield 200"),
// yucca.cds
new(new byte?[] { 0x79, 0x75, 0x63, 0x63, 0x61, 0x2E, 0x63, 0x64, 0x73 }, "Cactus Data Shield 200"),
new([0x79, 0x75, 0x63, 0x63, 0x61, 0x2E, 0x63, 0x64, 0x73], "Cactus Data Shield 200"),
};
if (contentMatchSets != null && contentMatchSets.Any())
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;

7
BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -40,13 +39,13 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".text");
if (strs != null)
{
if (strs.Any(s => s.Contains("CODE-LOCK.OCX")))
if (strs.Exists(s => s.Contains("CODE-LOCK.OCX")))
return "ChosenBytes Code-Lock";
if (strs.Any(s => s.Contains("Code-Lock.ocx")))
if (strs.Exists(s => s.Contains("Code-Lock.ocx")))
return "ChosenBytes Code-Lock";
if (strs.Any(s => s.Contains("CodeLock.Secure")))
if (strs.Exists(s => s.Contains("CodeLock.Secure")))
return "ChosenBytes Code-Lock";
}

4
BinaryObjectScanner/Protection/CopyLok.cs
View File

@@ -1,4 +1,4 @@
using System.Linq;
using System;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
@@ -33,7 +33,7 @@ namespace BinaryObjectScanner.Protection
// If there are more than 2 icd-prefixed sections, then we have a match
// Though this is the same name that SafeDisc uses for protected executables, this seems to be a coincidence.
// Found in Redump entries 31557, 31674, 31675, 31708, 38239, 44210, and 53929.
int icdSectionCount = pex.SectionNames?.Count(s => s.StartsWith("icd")) ?? 0;
int icdSectionCount = Array.FindAll(pex.SectionNames ?? [], s => s.StartsWith("icd")).Length;
if (icdSectionCount >= 2)
return "CopyLok / CodeLok";

4
BinaryObjectScanner/Protection/CopyX.cs
View File

@@ -77,7 +77,7 @@ namespace BinaryObjectScanner.Protection
// TODO: This might need to check every single section. Unsure until more samples are acquired.
// TODO: TKKG also has an NE 3.1x executable with a reference. This can be added later.
// Samples: Redump ID 108150
if (pex.OverlayStrings.Any(s => s.Contains("optgraph.dll")))
if (pex.OverlayStrings.Exists(s => s.Contains("optgraph.dll")))
return "copy-X [Check disc for physical ring]";
}
@@ -85,7 +85,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Samples: Redump ID 82475, German Emergency 2 Deluxe, Redump ID 48393
if (strs.Any(s => s.Contains("optgraph.dll")))
if (strs.Exists(s => s.Contains("optgraph.dll")))
return "copy-X [Check disc for physical ring]";
}

7
BinaryObjectScanner/Protection/CrypKey.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -29,15 +28,15 @@ namespace BinaryObjectScanner.Protection
// Full string:
// *CrypKey Instant 2.0 security i(32 - bit) *
// *Copyright(c) 1996 Kenonic Controls Ltd. *
if (strs.Any(s => s.Contains("CrypKey Instant 2.0 security")))
if (strs.Exists(s => s.Contains("CrypKey Instant 2.0 security")))
return "CrypKey Instant 2.0";
// Generic check to catch unknown CrypKey Instant versions.
if (strs.Any(s => s.Contains("CrypKey Instant")))
if (strs.Exists(s => s.Contains("CrypKey Instant")))
return "CrypKey Instant (Unknown version - Please report to us on GitHub)";
// Generic check to catch unknown CrypKey products.
if (strs.Any(s => s.Contains("CrypKey")))
if (strs.Exists(s => s.Contains("CrypKey")))
return "CrypKey (Unknown version - Please report to us on GitHub)";
}

6
BinaryObjectScanner/Protection/ElectronicArts.cs
View File

@@ -36,7 +36,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA");
if (strs != null)
{
if (strs.Any(s => s.Contains("EReg Config Form")))
if (strs.Exists(s => s.Contains("EReg Config Form")))
return "EA CdKey Registration Module";
}
@@ -44,7 +44,7 @@ namespace BinaryObjectScanner.Protection
strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
if (strs.Any(s => s.Contains("GenericEA")) && strs.Any(s => s.Contains("Activation")))
if (strs.Exists(s => s.Contains("GenericEA")) && strs.Exists(s => s.Contains("Activation")))
return "EA DRM Protection";
}
@@ -52,7 +52,7 @@ namespace BinaryObjectScanner.Protection
strs = pex.GetFirstSectionStrings(".text");
if (strs != null)
{
if (strs.Any(s => s.Contains("GenericEA")) && strs.Any(s => s.Contains("Activation")))
if (strs.Exists(s => s.Contains("GenericEA")) && strs.Exists(s => s.Contains("Activation")))
return "EA DRM Protection";
}

9
BinaryObjectScanner/Protection/Engine32.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -28,8 +27,8 @@ namespace BinaryObjectScanner.Protection
// Detects Engine32 within the game executables that contain it.
if (pex.Model.ImportTable?.ImportDirectoryTable != null && pex.Model.ImportTable?.HintNameTable != null)
{
bool importDirectoryTableMatch = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name != null && idte.Name.Equals("ENGINE32.DLL", StringComparison.OrdinalIgnoreCase));
bool hintNameTableMatch = pex.Model.ImportTable?.HintNameTable.Any(ihne => ihne?.Name == "InitEngine") ?? false;
bool importDirectoryTableMatch = Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("ENGINE32.DLL", StringComparison.OrdinalIgnoreCase));
bool hintNameTableMatch = Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], ihne => ihne?.Name == "InitEngine");
// The Hint/Name Table Entry "DeinitEngine" is present in every tested sample, aside from TOCA Race Driver 2 (Redump entries 104593-104596).
@@ -40,8 +39,8 @@ namespace BinaryObjectScanner.Protection
// Detects Engine32 within the file "engine32.dll".
if (pex.Model.ExportTable?.ExportNameTable?.Strings != null)
{
bool exportNameTableMatch1 = pex.Model.ExportTable.ExportNameTable.Strings.Any(s => s == "engine32.dll");
bool exportNameTableMatch2 = pex.Model.ExportTable.ExportNameTable.Strings.Any(s => s == "DeinitEngine");
bool exportNameTableMatch1 = Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "engine32.dll");
bool exportNameTableMatch2 = Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "DeinitEngine");
if (exportNameTableMatch1 && exportNameTableMatch2)
return "Engine32";

4
BinaryObjectScanner/Protection/GFWL.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -27,8 +26,7 @@ namespace BinaryObjectScanner.Protection
// Get the import directory table
if (pex.Model.ImportTable?.ImportDirectoryTable != null)
{
bool match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name == "xlive.dll");
if (match)
if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "xlive.dll"))
return "Games for Windows LIVE";
}

3
BinaryObjectScanner/Protection/Gefest.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -30,7 +29,7 @@ namespace BinaryObjectScanner.Protection
// Get the header padding strings, if it exists
if (pex.HeaderPaddingStrings != null)
{
var match = pex.HeaderPaddingStrings.FirstOrDefault(s => s.Contains("Gefest Protection System"));
var match = pex.HeaderPaddingStrings.Find(s => s.Contains("Gefest Protection System"));
if (match != null)
return $"Gefest Protection System {GetVersion(match)}";
}

3
BinaryObjectScanner/Protection/HexaLock.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -60,7 +59,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "The Sudoku Challenge Collection.exe" in "The Sudoku Challenge! Collection" by Play at Joe's.
if (strs.Any(s => s.Contains("mfint.dll")))
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}

12
BinaryObjectScanner/Protection/ImpulseReactor.cs
View File

@@ -1,6 +1,6 @@
using System.Collections.Generic;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -33,16 +33,16 @@ namespace BinaryObjectScanner.Protection
return $"Stardock Product Activation {pex.GetInternalVersion()}";
// TODO: Check for CVP* instead?
bool containsCheck = pex.Model.ExportTable?.ExportNameTable?.Strings?.Any(s => s?.StartsWith("CVPInitializeClient") ?? false) ?? false;
bool containsCheck = Array.Exists(pex.Model.ExportTable?.ExportNameTable?.Strings ?? [], s => s?.StartsWith("CVPInitializeClient") ?? false);
bool containsCheck2 = false;
// Get the .rdata section strings, if they exist
var strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
containsCheck2 = strs.Any(s => s.EndsWith("ATTLIST"))
&& strs.Any(s => s.Equals("ELEMENT"))
&& strs.Any(s => s.StartsWith("NOTATION"));
containsCheck2 = strs.Exists(s => s.EndsWith("ATTLIST"))
&& strs.Exists(s => s.Equals("ELEMENT"))
&& strs.Exists(s => s.StartsWith("NOTATION"));
}
if (containsCheck && containsCheck2)

7
BinaryObjectScanner/Protection/JoWood.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Content;
@@ -24,8 +23,8 @@ namespace BinaryObjectScanner.Protection
// Get the .ext section, if it exists
if (pex.ContainsSection(".ext ", exact: true))
{
bool importTableMatches = (pex.Model.ImportTable?.ImportDirectoryTable?.Any(idte => idte?.Name == "kernel32.dll") ?? false)
&& (pex.Model.ImportTable?.HintNameTable?.Any(s => s?.Name == "VirtualProtect") ?? false);
bool importTableMatches = Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "kernel32.dll")
&& Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], s => s?.Name == "VirtualProtect");
// Get the .dcrtext section, if it exists
if (pex.ContainsSection(".dcrtext") && importTableMatches)
@@ -77,7 +76,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] versionBytes = new byte[8];
Array.Copy(fileContent, position + 67, versionBytes, 0, 8);
char[] version = versionBytes.Select(b => (char)b).ToArray();
char[] version = Array.ConvertAll(versionBytes, b => (char)b);
#else
char[] version = new ArraySegment<byte>(fileContent, position + 67, 8).Select(b => (char)b).ToArray();
#endif

3
BinaryObjectScanner/Protection/KalypsoLauncher.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -49,7 +48,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "TFT.exe" in Redump entry 95617.
if (strs.Any(s => s.Contains("@KalypsoLauncherXml")))
if (strs.Exists(s => s.Contains("@KalypsoLauncherXml")))
return "Kalypso Launcher";
}

3
BinaryObjectScanner/Protection/LabelGate.cs
View File

@@ -1,7 +1,6 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -41,7 +40,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "START.EXE" (Redump entry 95010 and product ID SVWC-7185).
if (strs.Any(s => s.Contains("LGCD2_LAUNCH")))
if (strs.Exists(s => s.Contains("LGCD2_LAUNCH")))
return "LabelGate CD2";
}

25
BinaryObjectScanner/Protection/LaserLok.cs
View File

@@ -1,7 +1,6 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -68,10 +67,10 @@ namespace BinaryObjectScanner.Protection
bool containsCheck = pex.StubExecutableData?.FirstPosition(check, out position) ?? false;
// Check the executable tables
bool containsCheck2 = (pex.Model.ImportTable?.HintNameTable?.Any(hnte => hnte?.Name == "GetModuleHandleA") ?? false)
&& (pex.Model.ImportTable?.HintNameTable?.Any(hnte => hnte?.Name == "GetProcAddress") ?? false)
&& (pex.Model.ImportTable?.HintNameTable?.Any(hnte => hnte?.Name == "LoadLibraryA") ?? false)
&& (pex.Model.ImportTable?.ImportDirectoryTable?.Any(idte => idte?.Name == "KERNEL32.dll") ?? false);
bool containsCheck2 = Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetModuleHandleA")
&& Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetProcAddress")
&& Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "LoadLibraryA")
&& Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "KERNEL32.dll");
int position2 = -1;
@@ -172,13 +171,13 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] temp = new byte[2];
Array.Copy(sectionContent, index, temp, 0, 2);
day = new string(temp.Select(b => (char)b).ToArray());
day = new string(Array.ConvertAll(temp, b => (char)b));
index += 3;
Array.Copy(sectionContent, index, temp, 0, 2);
month = new string(temp.Select(b => (char)b).ToArray());
month = new string(Array.ConvertAll(temp, b => (char)b));
index += 3;
Array.Copy(sectionContent, index, temp, 0, 2);
year = "20" + new string(temp.Select(b => (char)b).ToArray());
year = "20" + new string(Array.ConvertAll(temp, b => (char)b));
#else
day = new string(new ArraySegment<byte>(sectionContent, index, 2).Select(b => (char)b).ToArray());
index += 3;
@@ -193,13 +192,13 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] temp = new byte[2];
Array.Copy(sectionContent, index, temp, 0, 2);
day = new string(temp.Select(b => (char)b).ToArray());
day = new string(Array.ConvertAll(temp, b => (char)b));
index += 3;
Array.Copy(sectionContent, index, temp, 0, 2);
month = new string(temp.Select(b => (char)b).ToArray());
month = new string(Array.ConvertAll(temp, b => (char)b));
index += 3;
Array.Copy(sectionContent, index, temp, 0, 2);
year = "20" + new string(temp.Select(b => (char)b).ToArray());
year = "20" + new string(Array.ConvertAll(temp, b => (char)b));
#else
day = new string(new ArraySegment<byte>(sectionContent, index, 2).Select(b => (char)b).ToArray());
index += 3;
@@ -221,7 +220,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] temp = new byte[4];
Array.Copy(sectionContent, position + 76, temp, 0, 4);
return new string(temp.Select(b => (char)b).ToArray());
return new string(Array.ConvertAll(temp, b => (char)b));
#else
return new string(new ArraySegment<byte>(sectionContent, position + 76, 4).Select(b => (char)b).ToArray());
#endif
@@ -242,7 +241,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
byte[] temp = new byte[7];
Array.Copy(fileContent, 71, temp, 0, 7);
char[] version = temp.Select(b => (char)b).ToArray();
char[] version = Array.ConvertAll(temp, b => (char)b);
#else
char[] version = new ArraySegment<byte>(fileContent, 71, 7).Select(b => (char)b).ToArray();
#endif

2
BinaryObjectScanner/Protection/Macrovision.CDilla.cs
View File

@@ -138,7 +138,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "DJMixStation\DJMixStation.exe" in IA item "ejay_nestle_trial".
if (strs.Any(s => s.Contains("SOFTWARE\\C-Dilla\\RTS")))
if (strs.Exists(s => s.Contains("SOFTWARE\\C-Dilla\\RTS")))
return "C-Dilla License Management System";
}

4
BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs
View File

@@ -42,10 +42,10 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA");
if (strs != null)
{
if (strs.Any(s => s.Contains("\\*.CDS")))
if (strs.Exists(s => s.Contains("\\*.CDS")))
return "Cactus Data Shield 200";
if (strs.Any(s => s.Contains("DATA.CDS")))
if (strs.Exists(s => s.Contains("DATA.CDS")))
return "Cactus Data Shield 200";
}

3
BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
using SabreTools.Serialization.Wrappers;
@@ -61,7 +60,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "FLEXLM.CPL", "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403".
if (strs.Any(s => s.Contains("FLEXlm License Manager")))
if (strs.Exists(s => s.Contains("FLEXlm License Manager")))
return "FlexLM";
}

15
BinaryObjectScanner/Protection/Macrovision.SafeCast.cs
View File

@@ -46,11 +46,9 @@ namespace BinaryObjectScanner.Protection
// Check for the CDAC01AA name string.
if (nex.Model.ResidentNameTable != null)
{
bool cdac01aaNameFound = nex.Model.ResidentNameTable
.Select(rnte => rnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(rnte.NameString))
.Any(s => s.Contains("CDAC01AA"));
if (cdac01aaNameFound)
var residentNames = Array.ConvertAll(nex.Model.ResidentNameTable,
rnte => rnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(rnte.NameString));
if (Array.Exists(residentNames, s => s.Contains("CDAC01AA")))
return "SafeCast";
}
@@ -84,8 +82,11 @@ namespace BinaryObjectScanner.Protection
// Get the import directory table, if it exists
if (pex.Model.ImportTable?.ImportDirectoryTable != null)
{
if (pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name != null && idte.Name.Equals("CdaC14BA.dll", StringComparison.OrdinalIgnoreCase)))
if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable,
idte => idte?.Name != null && idte.Name.Equals("CdaC14BA.dll", StringComparison.OrdinalIgnoreCase)))
{
return "SafeCast";
}
}
// Get the dialog box resources
@@ -99,7 +100,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "DJMixStation\DJMixStation.exe" in IA item "ejay_nestle_trial".
if (strs.Any(s => s.Contains("SOFTWARE\\C-Dilla\\SafeCast")))
if (strs.Exists(s => s.Contains("SOFTWARE\\C-Dilla\\SafeCast")))
return "SafeCast";
}

14
BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
View File

@@ -50,13 +50,11 @@ namespace BinaryObjectScanner.Protection
return null;
// Found in Redump entry 57986.
bool hintNameTableMatch = pex.Model.ImportTable?.HintNameTable?.Any(ihne => ihne?.Name == "LTDLL_Authenticate") ?? false;
if (hintNameTableMatch)
if (Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], ihne => ihne?.Name == "LTDLL_Authenticate"))
return "SafeDisc Lite";
// Found in Redump entry 57986.
bool importTableMatch = pex.Model.ImportTable?.ImportDirectoryTable?.Any(idte => idte?.Name == "ltdll.dll") ?? false;
if (importTableMatch)
if (Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "ltdll.dll"))
return "SafeDisc Lite";
// Get the .data/DATA section strings, if they exist
@@ -64,15 +62,15 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in Redump entries 14928, 25579, 32751.
if (strs.Any(s => s.Contains("LTDLL_Initialise")))
if (strs.Exists(s => s.Contains("LTDLL_Initialise")))
return "SafeDisc Lite";
if (strs.Any(s => s.Contains("LTDLL_Authenticate")))
if (strs.Exists(s => s.Contains("LTDLL_Authenticate")))
return "SafeDisc Lite";
if (strs.Any(s => s.Contains("LTDLL_Unwrap")))
if (strs.Exists(s => s.Contains("LTDLL_Unwrap")))
return "SafeDisc Lite";
// Present in "Setup.exe" from the earlier "safedisc.exe" driver update provided by Macrovision.
if (strs.Any(s => s.Contains("Failed to get the DRVMGT.DLL Setup API address")))
if (strs.Exists(s => s.Contains("Failed to get the DRVMGT.DLL Setup API address")))
return "Macrovision SecDrv Update Installer";
}

12
BinaryObjectScanner/Protection/Macrovision.cs
View File

@@ -440,11 +440,11 @@ namespace BinaryObjectScanner.Protection
if (sectionStrings != null)
{
// If we don't have the "BoG_" string, the section isn't protected.
if (!sectionStrings.Any(s => s.Contains("BoG_")))
if (!sectionStrings.Exists(s => s.Contains("BoG_")))
return null;
// If we have the "BoG_" string but not the full "BoG_ *90.0&!! Yy>" string, the section has had the portion of the section that included the version number removed or obfuscated (Redump entry 40337).
if (!sectionStrings.Any(s => s.Contains("BoG_ *90.0&!! Yy>")))
if (!sectionStrings.Exists(s => s.Contains("BoG_ *90.0&!! Yy>")))
return newVersion ? "Macrovision Protected Application [Version Expunged]" : null;
}
@@ -631,13 +631,13 @@ namespace BinaryObjectScanner.Protection
if (resultsList.Contains("Macrovision Protected Application"))
{
if (resultsList.Contains("Macrovision Protected Application [Version Expunged]"))
resultsList = resultsList.Where(r => r != "Macrovision Protected Application").ToList();
resultsList = resultsList.FindAll(r => r != "Macrovision Protected Application");
else if (resultsList.Contains("Macrovision Protected Application (Entry point not present in the stxt371 section. Executable is either unprotected or nonfunctional)"))
resultsList = resultsList.Where(r => r != "Macrovision Protected Application").ToList();
resultsList = resultsList.FindAll(r => r != "Macrovision Protected Application");
else if (resultsList.Contains("Macrovision Protected Application (Generic detection - Report to us on GitHub)"))
resultsList = resultsList.Where(r => r != "Macrovision Protected Application").ToList();
resultsList = resultsList.FindAll(r => r != "Macrovision Protected Application");
else if (resultsList.Contains("Macrovision Protected Application (Report this to us on GitHub)"))
resultsList = resultsList.Where(r => r != "Macrovision Protected Application").ToList();
resultsList = resultsList.FindAll(r => r != "Macrovision Protected Application");
}
// Get distinct and order

4
BinaryObjectScanner/Protection/MediaMax.cs
View File

@@ -48,14 +48,14 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA");
if (strs != null)
{
if (strs.Any(s => s.Contains("CD3 Launch Error")))
if (strs.Exists(s => s.Contains("CD3 Launch Error")))
return "MediaMax CD-3";
}
// Get the export name table
if (pex.Model.ExportTable?.ExportNameTable?.Strings != null)
{
if (pex.Model.ExportTable.ExportNameTable.Strings.Any(s => s == "DllInstallSbcp"))
if (Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "DllInstallSbcp"))
return "MediaMax CD-3";
}

6
BinaryObjectScanner/Protection/ProtectDisc.cs
View File

@@ -61,7 +61,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetSectionStrings(sections.Length - 2);
if (strs != null)
{
var str = strs.FirstOrDefault(s => s.Contains("VOB ProtectCD"));
var str = strs.Find(s => s.Contains("VOB ProtectCD"));
if (str != null)
return $"VOB ProtectCD {GetOldVersion(str)}";
}
@@ -177,7 +177,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
temp = new byte[6];
Array.Copy(fileContent, index, temp, 0, 6);
if (new string(temp.Select(b => (char)b).ToArray()) == "Henrik")
if (new string(Array.ConvertAll(temp, b => (char)b)) == "Henrik")
#else
if (new string(new ArraySegment<byte>(fileContent, index, 6).Select(b => (char)b).ToArray()) == "Henrik")
#endif
@@ -206,7 +206,7 @@ namespace BinaryObjectScanner.Protection
#if NET20 || NET35 || NET40
temp = new byte[6];
Array.Copy(fileContent, index, temp, 0, 6);
char[] arrBuild = temp.Select(b => (char)b).ToArray();
char[] arrBuild = Array.ConvertAll(temp, b => (char)b);
#else
char[] arrBuild = new ArraySegment<byte>(fileContent, index, 6).Select(b => (char)b).ToArray();
#endif

28
BinaryObjectScanner/Protection/RainbowSentinel.cs
View File

@@ -209,11 +209,11 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "ADESKSYS.DLL"/"WINADMIN.EXE"/"WINQUERY.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\netsetup\SUPPORT\IPX".
if (strs.Any(s => s.Contains("Rainbow SentinelSuperPro")))
if (strs.Exists(s => s.Contains("Rainbow SentinelSuperPro")))
return "Rainbow Sentinel SuperPro";
// Found in "SETUPAXP.EXE", "SETUPMPS.EXE", and "SETUPPPC.EXE" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("Sentinel Driver Setup Program")))
if (strs.Exists(s => s.Contains("Sentinel Driver Setup Program")))
return "Rainbow Sentinel";
}
@@ -222,23 +222,23 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "SP32W.DLL" in IA item "pcwkcd-1296".
if (strs.Any(s => s.Contains("SentinelPro WIN32 DLL")))
if (strs.Exists(s => s.Contains("SentinelPro WIN32 DLL")))
return "Rainbow SentinelPro";
// Found in "NKWIN32.DLL" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("NetSentinel-C Windows NT Driver DLL")))
if (strs.Exists(s => s.Contains("NetSentinel-C Windows NT Driver DLL")))
return "Rainbow NetSentinel-C Windows NT Driver";
// Found in "NSLMS32.DLL" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("NetSentinel 32-Bit Windows DLL")))
if (strs.Exists(s => s.Contains("NetSentinel 32-Bit Windows DLL")))
return "Rainbow NetSentinel Win32 Driver";
// Found in "W32EDITD.EXE" and "W32EDITO.EXE" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("NetSentinel-C Editor for Windows")))
if (strs.Exists(s => s.Contains("NetSentinel-C Editor for Windows")))
return "NetSentinel-C Editor for Win32";
// Generic case to catch undetected versions.
if (strs.Any(s => s.Contains("SentinelPro")))
if (strs.Exists(s => s.Contains("SentinelPro")))
return "Rainbow SentinelPro (Unknown Version - Please report to us on GitHub)";
}
@@ -247,7 +247,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "WINMON.exe" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("NetSentinel Monitor")))
if (strs.Exists(s => s.Contains("NetSentinel Monitor")))
return "Rainbow NetSentinel Monitor";
}
@@ -257,28 +257,28 @@ namespace BinaryObjectScanner.Protection
{
// Found in "ACLT.HWL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\W95LOCK".
// Found in "ACAD.HWL" in BA entry "Autodesk AutoCAD r14 (1997)" and IA item "auto-cad-r14-cdrom".
if (strs.Any(s => s.Contains("\\\\.\\SENTINEL.VXD")))
if (strs.Exists(s => s.Contains("\\\\.\\SENTINEL.VXD")))
return "Rainbow Sentinel";
// Found in "ADESKSYS.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\netsetup\SUPPORT\IPX".
// TODO: Investigate "Elan License Manager" mentioned here.
if (strs.Any(s => s.Contains("Rainbow SentinelSuperPro")))
if (strs.Exists(s => s.Contains("Rainbow SentinelSuperPro")))
return "Rainbow Sentinel SuperPro";
// Found in "F1321_dorapro.exe" in IA item "chip-cds-2001-08".
if (strs.Any(s => s.Contains("modSentinelSuperPro")))
if (strs.Exists(s => s.Contains("modSentinelSuperPro")))
return "Rainbow Sentinel SuperPro";
// Found in "F1321_dorapro.exe" in IA item "chip-cds-2001-08".
if (strs.Any(s => s.Contains("clsSentinelSuperPro")))
if (strs.Exists(s => s.Contains("clsSentinelSuperPro")))
return "Rainbow Sentinel SuperPro";
// Found in "SENTSTRT.EXE" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("Sentinel Driver Startup Program")))
if (strs.Exists(s => s.Contains("Sentinel Driver Startup Program")))
return "Rainbow Sentinel";
// Found in "SETUPX86.EXE" in IA item "czchip199707cd".
if (strs.Any(s => s.Contains("Sentinel Windows NT Driver Setup")))
if (strs.Exists(s => s.Contains("Sentinel Windows NT Driver Setup")))
return "Rainbow Sentinel";
}

3
BinaryObjectScanner/Protection/RealArcade.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -29,7 +28,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "rebound.exe" in the installation directory for "Rebound" in IA item "Nova_RealArcadeCD_USA".
if (strs.Any(s => s.Contains("RngInterstitialDLL")))
if (strs.Exists(s => s.Contains("RngInterstitialDLL")))
return "RealArcade";
}

8
BinaryObjectScanner/Protection/Roxxe.cs
View File

@@ -27,7 +27,7 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Found in "Owar.exe" in IA item "game4u-22-cd".
if (strs.Any(s => s.Contains("TRCHANGER.INI")))
if (strs.Exists(s => s.Contains("TRCHANGER.INI")))
return "Roxxe";
}
@@ -38,14 +38,14 @@ namespace BinaryObjectScanner.Protection
{
// Found in "Owar.exe" in IA items "game4u-22-cd" and "original-war".
// These checks are less reliable, as they are still found in a version of the game that appears to have patched out Roxxe (the version present in IA item "original-war").
if (strs.Any(s => s.Contains("PRRT01")))
if (strs.Exists(s => s.Contains("PRRT01")))
return "Roxxe (Possibly remnants)";
if (strs.Any(s => s.Contains("CommonPRRT")))
if (strs.Exists(s => s.Contains("CommonPRRT")))
return "Roxxe (Possibly remnants)";
// Currently overmatches, will likely be a viable check when better Delphi executable parsing is available.
// if (strs.Any(s => s.Contains("roxe")))
// if (strs.Exists(s => s.Contains("roxe")))
// return "Roxxe (Possibly remnants)";
}

7
BinaryObjectScanner/Protection/SecuROM.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
@@ -63,7 +62,7 @@ namespace BinaryObjectScanner.Protection
// Search after the last section
if (pex.OverlayStrings != null)
{
if (pex.OverlayStrings.Any(s => s == "AddD"))
if (pex.OverlayStrings.Exists(s => s == "AddD"))
return $"SecuROM {GetV4Version(pex)}";
}
@@ -102,9 +101,9 @@ namespace BinaryObjectScanner.Protection
if (strs != null)
{
// Both have the identifier found within `.rdata` but the version is within `.data`
if (strs.Any(s => s.Contains("/secuexp")))
if (strs.Exists(s => s.Contains("/secuexp")))
return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)";
else if (strs.Any(s => s.Contains("SecuExp.exe")))
else if (strs.Exists(s => s.Contains("SecuExp.exe")))
return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)";
}

3
BinaryObjectScanner/Protection/SmartE.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -21,7 +20,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetSectionStrings(sections.Length - 1);
if (strs != null)
{
if (strs.Any(s => s.Contains("BITARTS")))
if (strs.Exists(s => s.Contains("BITARTS")))
return "SmartE";
}

4
BinaryObjectScanner/Protection/SoftLock.cs
View File

@@ -69,10 +69,10 @@ namespace BinaryObjectScanner.Protection
// Get strings from .section, if possible
var strings = pex.GetFirstSectionStrings(".section");
if (strings != null && strings.Any())
if (strings != null && strings.Count > 0)
{
// Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP"
if (strings.Any(s => s?.Contains("SOFTLOCKPROTECTION") == true))
if (strings.Exists(s => s?.Contains("SOFTLOCKPROTECTION") == true))
return "SoftLock";
}

11
BinaryObjectScanner/Protection/SolidShield.cs
View File

@@ -84,7 +84,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetSectionStrings(i);
if (strs != null)
{
var str = strs.FirstOrDefault(s => s.Contains("Solidshield "));
var str = strs.Find(s => s.Contains("Solidshield "));
if (str != null)
return $"SolidShield EXE Wrapper {str.Substring("Solidshield ".Length)}";
}
@@ -93,16 +93,13 @@ namespace BinaryObjectScanner.Protection
// Get the import directory table, if it exists
if (pex.Model.ImportTable?.ImportDirectoryTable != null)
{
bool match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name == "dvm.dll");
if (match)
if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "dvm.dll"))
return "SolidShield EXE Wrapper v1";
match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name == "activation.x86.dll");
if (match)
if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x86.dll"))
return "SolidShield EXE Wrapper v2";
match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte?.Name == "activation.x64.dll");
if (match)
if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x64.dll"))
return "SolidShield EXE Wrapper v2";
}

3
BinaryObjectScanner/Protection/StarForce.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -83,7 +82,7 @@ namespace BinaryObjectScanner.Protection
if (pex.Model.ExportTable?.ExportNameTable?.Strings != null)
{
// TODO: Should we just check for "PSA_*" instead of a single entry?
if (pex.Model.ExportTable.ExportNameTable.Strings.Any(s => s == "PSA_GetDiscLabel"))
if (Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "PSA_GetDiscLabel"))
return $"StarForce {pex.GetInternalVersion()}";
}

7
BinaryObjectScanner/Protection/Sysiphus.cs
View File

@@ -1,5 +1,4 @@
using System;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
@@ -19,7 +18,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA");
if (strs != null)
{
var str = strs.FirstOrDefault(s => s.Contains("V SUHPISYS"));
var str = strs.Find(s => s.Contains("V SUHPISYS"));
if (str != null)
return $"Sysiphus {GetVersion(str)}";
}
@@ -30,7 +29,9 @@ namespace BinaryObjectScanner.Protection
private static string GetVersion(string matchedString)
{
// The string is reversed
matchedString = new string(matchedString.Reverse().ToArray()).Trim();
var matchedChars = matchedString.ToCharArray();
Array.Reverse(matchedChars);
matchedString = new string(matchedChars).Trim();
// Check for the DVD extra string
bool isDVD = matchedString.StartsWith("DVD");

3
BinaryObjectScanner/Protection/Themida.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Serialization.Wrappers;
@@ -39,7 +38,7 @@ namespace BinaryObjectScanner.Protection
{
// Found in "uDigital Theatre.exe" in http://downloads.fyxm.net/ArcSoft-TotalMedia-23085.html (https://web.archive.org/web/20221114042838/http://files.fyxm.net/23/23085/totalmediatheatre3platinum_retail_tbyb_all.exe).
// TODO: Investigate "uDRMCheck.dll" in the same product to see if it's related to Themida, or if it's a different form of DRM.
if (strs.Any(s => s.Contains("Themida")))
if (strs.Exists(s => s.Contains("Themida")))
return "Themida";
}

7
BinaryObjectScanner/Protection/WTMCDProtect.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -34,7 +33,7 @@ namespace BinaryObjectScanner.Protection
var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
if (strs != null)
{
if (strs.Any(s => s.Contains("wtmdum.imp")))
if (strs.Exists(s => s.Contains("wtmdum.imp")))
return "WTM CD Protect";
}
@@ -42,9 +41,9 @@ namespace BinaryObjectScanner.Protection
strs = pex.GetFirstSectionStrings(".text");
if (strs != null)
{
if (strs.Any(s => s.Contains("WTM DIGITAL Photo Protect")))
if (strs.Exists(s => s.Contains("WTM DIGITAL Photo Protect")))
return "WTM Protection Viewer";
else if (strs.Any(s => s.Contains("WTM Copy Protection Viewer")))
else if (strs.Exists(s => s.Contains("WTM Copy Protection Viewer")))
return "WTM Protection Viewer";
}

8
BinaryObjectScanner/Protection/XCP.cs
View File

@@ -23,16 +23,16 @@ namespace BinaryObjectScanner.Protection
List<string>? strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
if (strs.Any(s => s.Contains("XCP.DAT")))
if (strs.Exists(s => s.Contains("XCP.DAT")))
return "XCP";
if (strs.Any(s => s.Contains("xcpdrive")))
if (strs.Exists(s => s.Contains("xcpdrive")))
return "XCP";
if (strs.Any(s => s.Contains("XCPPlugins.dll")))
if (strs.Exists(s => s.Contains("XCPPlugins.dll")))
return "XCP";
if (strs.Any(s => s.Contains("XCPPhoenix.dll")))
if (strs.Exists(s => s.Contains("XCPPhoenix.dll")))
return "XCP";
}