From 214e8d41c7d59e55dda7e7f4238e6591a80f2b13 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Sat, 11 Sep 2021 16:47:25 -0700 Subject: [PATCH] Pre-read 3 most commonly-used section data This also adds comprehensive notes around the sections used in various protections, how they're used, and what we can do with them. It also adds a couple of various notes based on the findings from the protection audit --- .../Microsoft/PortableExecutable.cs | 195 +++++-- BurnOutSharp/PackerType/AdvancedInstaller.cs | 27 +- BurnOutSharp/PackerType/InnoSetup.cs | 52 +- BurnOutSharp/PackerType/InstallerVISE.cs | 16 +- BurnOutSharp/PackerType/MicrosoftCABSFX.cs | 32 +- BurnOutSharp/PackerType/NSIS.cs | 22 +- BurnOutSharp/PackerType/PECompact.cs | 2 +- BurnOutSharp/PackerType/WinRARSFX.cs | 9 +- BurnOutSharp/PackerType/WinZipSFX.cs | 517 ++++++++---------- BurnOutSharp/PackerType/WiseInstaller.cs | 25 +- BurnOutSharp/ProtectionType/CDCheck.cs | 20 +- BurnOutSharp/ProtectionType/CDCops.cs | 1 + BurnOutSharp/ProtectionType/CDLock.cs | 25 +- .../ProtectionType/CactusDataShield.cs | 15 +- BurnOutSharp/ProtectionType/DVDCops.cs | 1 + BurnOutSharp/ProtectionType/ElectronicArts.cs | 62 +-- BurnOutSharp/ProtectionType/GFWL.cs | 13 +- BurnOutSharp/ProtectionType/ImpulseReactor.cs | 14 +- BurnOutSharp/ProtectionType/LaserLok.cs | 38 +- BurnOutSharp/ProtectionType/MediaMaxCD3.cs | 48 +- BurnOutSharp/ProtectionType/ProtectDisc.cs | 11 +- BurnOutSharp/ProtectionType/SafeDisc.cs | 30 +- BurnOutSharp/ProtectionType/SecuROM.cs | 37 +- BurnOutSharp/ProtectionType/SmartE.cs | 20 +- BurnOutSharp/ProtectionType/Sysiphus.cs | 20 +- BurnOutSharp/ProtectionType/WTMCDProtect.cs | 39 +- BurnOutSharp/ProtectionType/XCP.cs | 36 +- BurnOutSharp/Tools/Extensions.cs | 11 + 28 files changed, 626 insertions(+), 712 deletions(-) diff --git a/BurnOutSharp/ExecutableType/Microsoft/PortableExecutable.cs b/BurnOutSharp/ExecutableType/Microsoft/PortableExecutable.cs index 95cf5c8d..e9fef5a4 100644 --- a/BurnOutSharp/ExecutableType/Microsoft/PortableExecutable.cs +++ b/BurnOutSharp/ExecutableType/Microsoft/PortableExecutable.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Text; using BurnOutSharp.ExecutableType.Microsoft.Headers; using BurnOutSharp.ExecutableType.Microsoft.Sections; +using BurnOutSharp.Tools; namespace BurnOutSharp.ExecutableType.Microsoft { @@ -57,38 +58,86 @@ namespace BurnOutSharp.ExecutableType.Microsoft /// /// The export data section, named .edata, contains information about symbols that other images can access through dynamic linking. /// Exported symbols are generally found in DLLs, but DLLs can also import symbols. - // + /// public ExportDataSection ExportTable; /// /// All image files that import symbols, including virtually all executable (EXE) files, have an .idata section. - // + /// public ImportDataSection ImportTable; /// /// Resources are indexed by a multiple-level binary-sorted tree structure. - // The general design can incorporate 2**31 levels. - // By convention, however, Windows uses three levels - // + /// The general design can incorporate 2**31 levels. + /// By convention, however, Windows uses three levels + /// public ResourceSection ResourceSection; - #endregion - // TODO: Add more and more parts of a standard PE executable, not just the header // TODO: Add data directory table information here instead of in IMAGE_OPTIONAL_HEADER + #endregion + + #region Raw Section Data + // https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#special-sections - // TODO: Here is a list of standard sections that are used in various protections: - // - .bss 1 protection Uninitialized data (free format) + // Here is a list of standard sections that are used in various protections: + // - .bss *1 protection Uninitialized data (free format) // - .data 14 protections Initialized data (free format) - // - .edata 1 protection Export tables + // - .edata *1 protection Export tables // - .idata 2 protections Import tables // - .rdata 11 protections Read-only initialized data - // - .rsrc 1 protection Resource directory [Mostly taken care of, last protection needs research] + // - .rsrc *1 protection Resource directory [Mostly taken care of, last protection needs research] // - .text 6 protections Executable code (free format) - // - .tls 1 protection Thread-local storage (object only) - // Concentrate on adding these to the parsing first, based on how many protections use each - // if and only if it is reasonable to have it parsed into something + // - .tls *1 protection Thread-local storage (object only) + // + // Here is a list of non-standard sections whose contents are read by various protections: + // - CODE *1 protection WTM CD Protect + // - .grand 2 protections? CD-Cops / DVD-Cops(?) + // - .init *1 protection SolidShield + // - .NOS0 *1 protection UPX (NOS Variant) + // - .NOS1 *1 protection UPX (NOS Variant) + // - .pec2 *1 protection PE Compact [Unconfirmed] + // - .txt2 *1 protection SafeDisc + // - .UPX0 *1 protection UPX + // - .UPX1 *1 protection UPX + // + // Here is a list of non-standard sections whose existence are checked by various protections: + // - .brick 1 protection StarForce + // - .cenega 1 protection Cenega ProtectDVD + // - .icd* 1 protection CodeLock + // - .ldr 1 protection 3PLock + // - .ldt 1 protection 3PLock + // - .nicode 1 protection Armadillo + // - .pec1 1 protection PE Compact + // - .securom 1 protection SecuROM + // - .sforce 1 protection StarForce + // - .stxt371 1 protection SafeDisc + // - .stxt774 1 protection SafeDisc + // - .vob.pcd 1 protection VOB ProtectCD + // - _winzip_ 1 protection WinZip SFX + // + // * => Only used by 1 protection so it may be read in by that protection specifically + + /// + /// .data/DATA - Initialized data (free format) + // + public byte[] DataSectionRaw; + + /// + /// .rdata - Read-only initialized data + // + public byte[] ResourceDataSectionRaw; + + /// + /// .text - Executable code (free format) + /// + /// TODO: To accomodate SecuROM, can this also include a bit of data before the section as well? + public byte[] TextSectionRaw; + + #endregion + + #region Helpers /// /// Determine if a section is contained within the section table @@ -166,6 +215,62 @@ namespace BurnOutSharp.ExecutableType.Microsoft return SectionTable.Select(s => Encoding.ASCII.GetString(s.Name)).ToArray(); } + /// + /// Get the raw bytes from a section, if possible + /// + public byte[] ReadRawSection(Stream stream, string sectionName, bool first = true) + { + var section = first ? GetFirstSection(sectionName, true) : GetLastSection(sectionName, true); + if (section == null) + return null; + + stream.Seek((int)section.PointerToRawData, SeekOrigin.Begin); + return stream.ReadBytes((int)section.VirtualSize); + } + + /// + /// Get the raw bytes from a section, if possible + /// + public byte[] ReadRawSection(byte[] content, ref int offset, string sectionName, bool first = true) + { + var section = first ? GetFirstSection(sectionName, true) : GetLastSection(sectionName, true); + if (section == null) + return null; + + offset = (int)section.PointerToRawData; + return content.ReadBytes(ref offset, (int)section.VirtualSize); + } + + /// + /// Convert a virtual address to a physical one + /// + /// Virtual address to convert + /// Array of sections to check against + /// Physical address, 0 on error + public static uint ConvertVirtualAddress(uint virtualAddress, SectionHeader[] sections) + { + // Loop through all of the sections + for (int i = 0; i < sections.Length; i++) + { + // If the section is invalid, just skip it + if (sections[i] == null) + continue; + + // If the section "starts" at 0, just skip it + if (sections[i].PointerToRawData == 0) + continue; + + // Attempt to derive the physical address from the current section + var section = sections[i]; + if (virtualAddress >= section.VirtualAddress && virtualAddress <= section.VirtualAddress + section.VirtualSize) + return section.PointerToRawData + virtualAddress - section.VirtualAddress; + } + + return 0; + } + + #endregion + public static PortableExecutable Deserialize(Stream stream) { PortableExecutable pex = new PortableExecutable(); @@ -197,6 +302,8 @@ namespace BurnOutSharp.ExecutableType.Microsoft pex.SectionTable[i] = SectionHeader.Deserialize(stream); } + #region Structured Tables + // // Export Table // var table = pex.GetLastSection(".edata", true); // if (table != null && table.VirtualSize > 0) @@ -220,6 +327,21 @@ namespace BurnOutSharp.ExecutableType.Microsoft stream.Seek((int)table.PointerToRawData, SeekOrigin.Begin); pex.ResourceSection = ResourceSection.Deserialize(stream, pex.SectionTable); } + + #endregion + + #region Freeform Sections + + // Data Section + pex.DataSectionRaw = pex.ReadRawSection(stream, ".data", true) ?? pex.ReadRawSection(stream, "DATA", true); + + // Resource Data Section + pex.ResourceDataSectionRaw = pex.ReadRawSection(stream, ".rdata", true); + + // Text Section + pex.TextSectionRaw = pex.ReadRawSection(stream, ".text", true); + + #endregion } catch (Exception ex) { @@ -262,6 +384,8 @@ namespace BurnOutSharp.ExecutableType.Microsoft pex.SectionTable[i] = SectionHeader.Deserialize(content, ref offset); } + #region Structured Tables + // // Export Table // var table = pex.GetLastSection(".edata", true); // if (table != null && table.VirtualSize > 0) @@ -285,6 +409,21 @@ namespace BurnOutSharp.ExecutableType.Microsoft int tableAddress = (int)table.PointerToRawData; pex.ResourceSection = ResourceSection.Deserialize(content, ref tableAddress, pex.SectionTable); } + + #endregion + + #region Freeform Sections + + // Data Section + pex.DataSectionRaw = pex.ReadRawSection(content, ref offset, ".data", true) ?? pex.ReadRawSection(content, ref offset, "DATA", true); + + // Resource Data Section + pex.ResourceDataSectionRaw = pex.ReadRawSection(content, ref offset, ".rdata", true); + + // Text Section + pex.TextSectionRaw = pex.ReadRawSection(content, ref offset, ".text", true); + + #endregion } catch (Exception ex) { @@ -294,33 +433,5 @@ namespace BurnOutSharp.ExecutableType.Microsoft return pex; } - - /// - /// Convert a virtual address to a physical one - /// - /// Virtual address to convert - /// Array of sections to check against - /// Physical address, 0 on error - public static uint ConvertVirtualAddress(uint virtualAddress, SectionHeader[] sections) - { - // Loop through all of the sections - for (int i = 0; i < sections.Length; i++) - { - // If the section is invalid, just skip it - if (sections[i] == null) - continue; - - // If the section "starts" at 0, just skip it - if (sections[i].PointerToRawData == 0) - continue; - - // Attempt to derive the physical address from the current section - var section = sections[i]; - if (virtualAddress >= section.VirtualAddress && virtualAddress <= section.VirtualAddress + section.VirtualSize) - return section.PointerToRawData + virtualAddress - section.VirtualAddress; - } - - return 0; - } } } \ No newline at end of file diff --git a/BurnOutSharp/PackerType/AdvancedInstaller.cs b/BurnOutSharp/PackerType/AdvancedInstaller.cs index 1475ed3a..7bdc3f05 100644 --- a/BurnOutSharp/PackerType/AdvancedInstaller.cs +++ b/BurnOutSharp/PackerType/AdvancedInstaller.cs @@ -1,6 +1,4 @@ using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -18,27 +16,22 @@ namespace BurnOutSharp.PackerType return null; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // Software\Caphyon\Advanced Installer - new ContentMatchSet(new ContentMatch( - new byte?[] - { - 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E, - 0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65, - 0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, - 0x6C, 0x65, 0x72 - }, start: sectionAddr, end: sectionEnd), - "Caphyon Advanced Installer"), + new ContentMatchSet(new byte?[] + { + 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, + 0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E, + 0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65, + 0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, + 0x6C, 0x65, 0x72 + }, "Caphyon Advanced Installer"), }; - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + return MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); } return null; diff --git a/BurnOutSharp/PackerType/InnoSetup.cs b/BurnOutSharp/PackerType/InnoSetup.cs index 36d07bad..0ae62d76 100644 --- a/BurnOutSharp/PackerType/InnoSetup.cs +++ b/BurnOutSharp/PackerType/InnoSetup.cs @@ -23,29 +23,20 @@ namespace BurnOutSharp.PackerType return null; // Get the DATA/.data section, if it exists - var dataSection = sections.FirstOrDefault(s => { - string name = Encoding.ASCII.GetString(s.Name).Trim('\0'); - return name.StartsWith("DATA") || name.StartsWith(".data"); - }); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // Inno Setup Setup Data ( - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x49, 0x6E, 0x6E, 0x6F, 0x20, 0x53, 0x65, 0x74, - 0x75, 0x70, 0x20, 0x53, 0x65, 0x74, 0x75, 0x70, - 0x20, 0x44, 0x61, 0x74, 0x61, 0x20, 0x28 - }, start: sectionAddr, end: sectionEnd), - GetVersion, - "Inno Setup"), + new ContentMatchSet(new byte?[] + { + 0x49, 0x6E, 0x6E, 0x6F, 0x20, 0x53, 0x65, 0x74, + 0x75, 0x70, 0x20, 0x53, 0x65, 0x74, 0x75, 0x70, + 0x20, 0x44, 0x61, 0x74, 0x61, 0x20, 0x28 + }, GetVersion, "Inno Setup"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } @@ -58,7 +49,7 @@ namespace BurnOutSharp.PackerType // Check for "Inno" in the reserved words if (stub.Reserved2[4] == 0x6E49 && stub.Reserved2[5] == 0x6F6E) { - string version = GetOldVersion(file, fileContent, new List { 0x30 }); + string version = GetOldVersion(file, fileContent); if (!string.IsNullOrWhiteSpace(version)) return $"Inno Setup {version}"; @@ -88,18 +79,6 @@ namespace BurnOutSharp.PackerType return null; } - public static string GetOldVersion(string file, byte[] fileContent, List positions) - { - var matchers = new List - { - // "rDlPtS02" + (char)0x87 + "eVx" - new ContentMatchSet(new byte?[] { 0x72, 0x44, 0x6C, 0x50, 0x74, 0x53, 0x30, 0x32, 0x87, 0x65, 0x56, 0x78 }, "1.2.16 or earlier"), - }; - - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, false); - return match ?? "Unknown 1.X"; - } - public static string GetVersion(string file, byte[] fileContent, List positions) { try @@ -124,5 +103,18 @@ namespace BurnOutSharp.PackerType return "(Unknown Version)"; } } + + private static string GetOldVersion(string file, byte[] fileContent) + { + // TODO: Figure out where this lives in the file + var matchers = new List + { + // "rDlPtS02" + (char)0x87 + "eVx" + new ContentMatchSet(new byte?[] { 0x72, 0x44, 0x6C, 0x50, 0x74, 0x53, 0x30, 0x32, 0x87, 0x65, 0x56, 0x78 }, "1.2.16 or earlier"), + }; + + string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, false); + return match ?? "Unknown 1.X"; + } } } diff --git a/BurnOutSharp/PackerType/InstallerVISE.cs b/BurnOutSharp/PackerType/InstallerVISE.cs index 4bc39fca..343d0ab7 100644 --- a/BurnOutSharp/PackerType/InstallerVISE.cs +++ b/BurnOutSharp/PackerType/InstallerVISE.cs @@ -1,8 +1,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -23,23 +21,15 @@ namespace BurnOutSharp.PackerType return null; // Get the DATA/.data section, if it exists - var dataSection = sections.FirstOrDefault(s => { - string name = Encoding.ASCII.GetString(s.Name).Trim('\0'); - return name.StartsWith("DATA") || name.StartsWith(".data"); - }); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // ViseMain - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x56, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, start: sectionAddr, end: sectionEnd), - "Installer VISE"), + new ContentMatchSet(new byte?[] { 0x56, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Installer VISE"), }; - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + return MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); } return null; diff --git a/BurnOutSharp/PackerType/MicrosoftCABSFX.cs b/BurnOutSharp/PackerType/MicrosoftCABSFX.cs index 6cabb02c..1ac02836 100644 --- a/BurnOutSharp/PackerType/MicrosoftCABSFX.cs +++ b/BurnOutSharp/PackerType/MicrosoftCABSFX.cs @@ -2,8 +2,6 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -33,45 +31,35 @@ namespace BurnOutSharp.PackerType return $"Microsoft CAB SFX v{Utilities.GetFileVersion(pex)}".TrimEnd('v'); // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // wextract_cleanup - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x77, 0x65, 0x78, 0x74, 0x72, 0x61, 0x63, 0x74, - 0x5F, 0x63, 0x6C, 0x65, 0x61, 0x6E, 0x75, 0x70, - }, start: sectionAddr, end: sectionEnd), - GetVersion, "Microsoft CAB SFX"), + new ContentMatchSet(new byte?[] + { + 0x77, 0x65, 0x78, 0x74, 0x72, 0x61, 0x63, 0x74, + 0x5F, 0x63, 0x6C, 0x65, 0x61, 0x6E, 0x75, 0x70, + }, GetVersion, "Microsoft CAB SFX"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } // Get the .text section, if it exists - var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); - if (textSection != null) + if (pex.TextSectionRaw != null) { - int sectionAddr = (int)textSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)textSection.VirtualSize; var matchers = new List { /* This detects a different but similar type of SFX that uses Microsoft CAB files. Further research is needed to see if it's just a different version or entirely separate. */ // MSCFu - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x4D, 0x53, 0x43, 0x46, 0x75 }, start: sectionAddr, end: sectionEnd), - GetVersion, "Microsoft CAB SFX"), + new ContentMatchSet(new byte?[] { 0x4D, 0x53, 0x43, 0x46, 0x75 }, GetVersion, "Microsoft CAB SFX"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/PackerType/NSIS.cs b/BurnOutSharp/PackerType/NSIS.cs index 9e0798bb..162c1941 100644 --- a/BurnOutSharp/PackerType/NSIS.cs +++ b/BurnOutSharp/PackerType/NSIS.cs @@ -1,7 +1,4 @@ -using System; using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -23,24 +20,19 @@ namespace BurnOutSharp.PackerType return $"NSIS {description.Substring("Nullsoft Install System".Length).Trim()}"; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // NullsoftInst - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x4E, 0x75, 0x6C, 0x6C, 0x73, 0x6F, 0x66, 0x74, - 0x49, 0x6E, 0x73, 0x74 - }, start: sectionAddr, end: sectionEnd), - "NSIS"), + new ContentMatchSet(new byte?[] + { + 0x4E, 0x75, 0x6C, 0x6C, 0x73, 0x6F, 0x66, 0x74, + 0x49, 0x6E, 0x73, 0x74 + }, "NSIS"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/PackerType/PECompact.cs b/BurnOutSharp/PackerType/PECompact.cs index 9c3c94cc..5435ea6e 100644 --- a/BurnOutSharp/PackerType/PECompact.cs +++ b/BurnOutSharp/PackerType/PECompact.cs @@ -28,7 +28,7 @@ namespace BurnOutSharp.PackerType if (pec1Section != null) return "PE Compact v1.x"; - // Get the PEC2 section, if it exists + // Get the PEC2 section, if it exists -- TODO: Verify this comment since it's pulling the .text section var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); if (textSection != null && textSection.PointerToRelocations == 0x32434550) { diff --git a/BurnOutSharp/PackerType/WinRARSFX.cs b/BurnOutSharp/PackerType/WinRARSFX.cs index 13ebfb64..a73312dd 100644 --- a/BurnOutSharp/PackerType/WinRARSFX.cs +++ b/BurnOutSharp/PackerType/WinRARSFX.cs @@ -2,8 +2,6 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -26,11 +24,8 @@ namespace BurnOutSharp.PackerType return null; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Trim('\0').StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // Software\WinRAR SFX @@ -42,7 +37,7 @@ namespace BurnOutSharp.PackerType }, "WinRAR SFX"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/PackerType/WinZipSFX.cs b/BurnOutSharp/PackerType/WinZipSFX.cs index 001ae9ff..b8de0ef1 100644 --- a/BurnOutSharp/PackerType/WinZipSFX.cs +++ b/BurnOutSharp/PackerType/WinZipSFX.cs @@ -5,7 +5,6 @@ using System.IO; using System.Linq; using System.Text; using BurnOutSharp.ExecutableType.Microsoft; -using BurnOutSharp.ExecutableType.Microsoft.Headers; using BurnOutSharp.Matching; using BurnOutSharp.Tools; using SharpCompress.Archives; @@ -29,10 +28,9 @@ namespace BurnOutSharp.PackerType return null; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - string version = GetSFXSectionDataVersion(rdataSection, file, fileContent, includeDebug); + string version = GetSFXSectionDataVersion(file, pex.ResourceDataSectionRaw, includeDebug); if (!string.IsNullOrWhiteSpace(version)) return $"WinZip SFX {version}"; } @@ -55,46 +53,39 @@ namespace BurnOutSharp.PackerType #region Unknown Version checks // Get the .rdata section, if it exists - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - string version = GetSFXSectionDataUnknownVersion(rdataSection, file, fileContent, includeDebug); + string version = GetSFXSectionDataUnknownVersion(file, pex.ResourceDataSectionRaw, includeDebug); if (!string.IsNullOrWhiteSpace(version)) return $"WinZip SFX {version}"; } // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // WinZip Self-Extractor header corrupt. - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x57, 0x69, 0x6E, 0x5A, 0x69, 0x70, 0x20, 0x53, - 0x65, 0x6C, 0x66, 0x2D, 0x45, 0x78, 0x74, 0x72, - 0x61, 0x63, 0x74, 0x6F, 0x72, 0x20, 0x68, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x20, 0x63, 0x6F, 0x72, - 0x72, 0x75, 0x70, 0x74, 0x2E, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x57, 0x69, 0x6E, 0x5A, 0x69, 0x70, 0x20, 0x53, + 0x65, 0x6C, 0x66, 0x2D, 0x45, 0x78, 0x74, 0x72, + 0x61, 0x63, 0x74, 0x6F, 0x72, 0x20, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x20, 0x63, 0x6F, 0x72, + 0x72, 0x75, 0x70, 0x74, 0x2E, + }, "Unknown Version (32-bit)"), // winzip\shell\open\command - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x77, 0x69, 0x6E, 0x7A, 0x69, 0x70, 0x5C, 0x73, - 0x68, 0x65, 0x6C, 0x6C, 0x5C, 0x6F, 0x70, 0x65, - 0x6E, 0x5C, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E, - 0x64, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x77, 0x69, 0x6E, 0x7A, 0x69, 0x70, 0x5C, 0x73, + 0x68, 0x65, 0x6C, 0x6C, 0x5C, 0x6F, 0x70, 0x65, + 0x6E, 0x5C, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E, + 0x64, + }, "Unknown Version (32-bit)"), }; - string version = MatchUtil.GetFirstMatch(file, fileContent, matchers, false); + string version = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, false); if (!string.IsNullOrWhiteSpace(version)) { // Try to grab the value from the manifest, if possible @@ -939,317 +930,271 @@ namespace BurnOutSharp.PackerType /// Get the version from the .rdata SFX header data /// /// TODO: Research to see if the versions are embedded elsewhere in these files - private string GetSFXSectionDataVersion(SectionHeader section, string file, byte[] fileContent, bool includeDebug) + private string GetSFXSectionDataVersion(string file, byte[] sectionContent, bool includeDebug) { - int sectionAddr = (int)section.PointerToRawData; - int sectionEnd = sectionAddr + (int)section.VirtualSize; var matchers = new List { // .............8�92....�P..............�P..�P..�P..VW95SE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x9C, 0x39, - 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "2.0 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0x9C, 0x39, + 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "2.0 (32-bit)"), // .............]�92....�P..............�P..�P..�P..VW95SRE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x5D, 0x9C, 0x39, - 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, - 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Software Installation 2.0 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x5D, 0x9C, 0x39, + 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, + 0x2E, 0x53, 0x46, 0x58, + }, "Software Installation 2.0 (32-bit)"), // .............���3....�P..............�P..�P..�P..VW95SE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x82, 0x94, - 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "2.1 RC2 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x82, 0x94, + 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "2.1 RC2 (32-bit)"), // .............���3....�P..............�P..�P..�P..VW95SRE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xB0, 0x82, 0x94, - 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, - 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Software Installation 2.1 RC2 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xB0, 0x82, 0x94, + 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, + 0x2E, 0x53, 0x46, 0x58, + }, "Software Installation 2.1 RC2 (32-bit)"), // .............U��3....�P..............�P..�P..�P..VW95SE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xCD, 0xCC, - 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "2.1 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xCD, 0xCC, + 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "2.1 (32-bit)"), // .............{��3....�P..............�P..�P..�P..VW95SRE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x7B, 0xCD, 0xCC, - 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, - 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Software Installation 2.1 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x7B, 0xCD, 0xCC, + 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, + 0x2E, 0x53, 0x46, 0x58, + }, "Software Installation 2.1 (32-bit)"), // .............ñ½;5....ˆ`..............ˆ`..ˆ`..ˆ`..SI32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xF1, 0xBD, 0x3B, - 0x35, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x53, 0x49, 0x33, 0x32, 0x45, 0x2E, 0x53, - 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Software Installation 2.2.1110 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xF1, 0xBD, 0x3B, + 0x35, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x53, 0x49, 0x33, 0x32, 0x45, 0x2E, 0x53, + 0x46, 0x58, + }, "Software Installation 2.2.1110 (32-bit)"), // .............á.^2....ˆP..............ˆP..ˆP..ˆP..VW95LE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xE1, 0x9D, 0x5E, - 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xE1, 0x9D, 0x5E, + 0x32, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "Personal Edition (32-bit)"), // .............ïAÁ3....ˆP..............ˆP..ˆP..ˆP..VW95LE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xEF, 0x41, 0xC1, - 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, - 0x00, 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xEF, 0x41, 0xC1, + 0x33, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x88, 0x50, 0x00, 0x00, 0x88, 0x50, 0x00, + 0x00, 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit (32-bit)"), // .............'..6....ˆ`..............ˆ`..ˆ`..ˆ`..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x0F, 0x01, - 0x36, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, - 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 1260 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x27, 0x0F, 0x01, + 0x36, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, + 0x46, 0x58, + }, "Personal Edition 32-bit Build 1260 (32-bit)"), // .............Ó‘(6....ˆ`..............ˆ`..ˆ`..ˆ`..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0xD3, 0x91, 0x28, - 0x36, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, - 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, - 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 1285 (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xD3, 0x91, 0x28, + 0x36, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x88, 0x60, 0x00, 0x00, 0x88, 0x60, 0x00, + 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, + 0x46, 0x58, + }, "Personal Edition 32-bit Build 1285 (32-bit)"), // ......]ïý8....˜z..............˜z..˜z..˜z..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5D, 0xEF, - 0xFD, 0x38, 0x00, 0x00, 0x00, 0x00, 0x98, 0x7A, - 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x98, 0x7A, - 0x00, 0x00, 0x98, 0x7A, 0x00, 0x00, 0x98, 0x7A, - 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 3063"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5D, 0xEF, + 0xFD, 0x38, 0x00, 0x00, 0x00, 0x00, 0x98, 0x7A, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x98, 0x7A, + 0x00, 0x00, 0x98, 0x7A, 0x00, 0x00, 0x98, 0x7A, + 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit Build 3063"), // ...................½û;....ˆj..............ˆj..ˆj..ˆj..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x1F, 0xBD, 0xFB, 0x3B, 0x00, 0x00, - 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x01, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x88, 0x6A, - 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x50, 0x45, - 0x33, 0x32, 0x45, 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 4325"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x1F, 0xBD, 0xFB, 0x3B, 0x00, 0x00, + 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x88, 0x6A, + 0x00, 0x00, 0x88, 0x6A, 0x00, 0x00, 0x50, 0x45, + 0x33, 0x32, 0x45, 0x2E, 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit Build 4325"), // ................rS*@....Xƒ..............Xƒ..Xƒ..Xƒ..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x72, 0x53, 0x2A, 0x40, 0x00, 0x00, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x58, 0x83, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, - 0x45, 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 6028"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x72, 0x53, 0x2A, 0x40, 0x00, 0x00, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x58, 0x83, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, + 0x45, 0x2E, 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit Build 6028"), // ................±.!A....Xƒ..............Xƒ..Xƒ..Xƒ..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xB1, 0x1A, 0x21, 0x41, 0x00, 0x00, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x58, 0x83, 0x00, 0x00, - 0x58, 0x83, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, - 0x45, 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 6224"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xB1, 0x1A, 0x21, 0x41, 0x00, 0x00, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x58, 0x83, 0x00, 0x00, + 0x58, 0x83, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, + 0x45, 0x2E, 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit Build 6224"), // ................¯D.C....x„..............x„..x„..x„..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xAF, 0x44, 0x0F, 0x43, 0x00, 0x00, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x78, 0x84, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, - 0x45, 0x2E, 0x53, 0x46, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 6604"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xAF, 0x44, 0x0F, 0x43, 0x00, 0x00, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x78, 0x84, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, + 0x45, 0x2E, 0x53, 0x46, + }, "Personal Edition 32-bit Build 6604"), //................·Å\C....x„..............x„..x„..x„..PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xB7, 0xC5, 0x5C, 0x43, 0x00, 0x00, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x78, 0x84, 0x00, 0x00, - 0x78, 0x84, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, - 0x45, 0x2E, 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Personal Edition 32-bit Build 6663"), + new ContentMatchSet(new byte?[] + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xB7, 0xC5, 0x5C, 0x43, 0x00, 0x00, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x78, 0x84, 0x00, 0x00, + 0x78, 0x84, 0x00, 0x00, 0x50, 0x45, 0x33, 0x32, + 0x45, 0x2E, 0x53, 0x46, 0x58, + }, "Personal Edition 32-bit Build 6663"), }; - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + return MatchUtil.GetFirstMatch(file, sectionContent, matchers, includeDebug); } /// /// Get the unknown version from the .rdata SFX header data /// - private string GetSFXSectionDataUnknownVersion(SectionHeader section, string file, byte[] fileContent, bool includeDebug) + private string GetSFXSectionDataUnknownVersion(string file, byte[] sectionContent, bool includeDebug) { - int sectionAddr = (int)section.PointerToRawData; - int sectionEnd = sectionAddr + (int)section.VirtualSize; var matchers = new List { // VW95SE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, 0x53, - 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x56, 0x57, 0x39, 0x35, 0x53, 0x45, 0x2E, 0x53, + 0x46, 0x58, + }, "Unknown Version (32-bit)"), // VW95SRE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, 0x2E, - 0x53, 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version Software Installation (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x56, 0x57, 0x39, 0x35, 0x53, 0x52, 0x45, 0x2E, + 0x53, 0x46, 0x58, + }, "Unknown Version Software Installation (32-bit)"), // VW95LE.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, 0x53, - 0x46, 0x58, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version before build 1285 Personal Edition (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x56, 0x57, 0x39, 0x35, 0x4C, 0x45, 0x2E, 0x53, + 0x46, 0x58, + }, "Unknown Version before build 1285 Personal Edition (32-bit)"), // PE32E.SFX - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, 0x46, - 0x58, - }, start: sectionAddr, end: sectionEnd), - "Unknown Version after 1285 Personal Edition (32-bit)"), + new ContentMatchSet(new byte?[] + { + 0x50, 0x45, 0x33, 0x32, 0x45, 0x2E, 0x53, 0x46, + 0x58, + }, "Unknown Version after 1285 Personal Edition (32-bit)"), }; - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + return MatchUtil.GetFirstMatch(file, sectionContent, matchers, includeDebug); } } } diff --git a/BurnOutSharp/PackerType/WiseInstaller.cs b/BurnOutSharp/PackerType/WiseInstaller.cs index f872af6e..d4eab78e 100644 --- a/BurnOutSharp/PackerType/WiseInstaller.cs +++ b/BurnOutSharp/PackerType/WiseInstaller.cs @@ -3,7 +3,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -43,35 +42,29 @@ namespace BurnOutSharp.PackerType } // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // WiseMain - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, start: sectionAddr, end: sectionEnd), - "Wise Installation Wizard Module"), + new ContentMatchSet(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Wise Installation Wizard Module"), }; + + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); + if (!string.IsNullOrWhiteSpace(match)) + return match; } // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // WiseMain - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, start: sectionAddr, end: sectionEnd), - "Wise Installation Wizard Module"), + new ContentMatchSet(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Wise Installation Wizard Module"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/CDCheck.cs b/BurnOutSharp/ProtectionType/CDCheck.cs index 370a21b2..e8e1f3e0 100644 --- a/BurnOutSharp/ProtectionType/CDCheck.cs +++ b/BurnOutSharp/ProtectionType/CDCheck.cs @@ -1,6 +1,5 @@ using System.Collections.Generic; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -30,24 +29,19 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // MGS CDCheck - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x4D, 0x47, 0x53, 0x20, 0x43, 0x44, 0x43, 0x68, - 0x65, 0x63, 0x6B - }, start: sectionAddr, end: sectionEnd), - "Microsoft Game Studios CD Check"), + new ContentMatchSet(new byte?[] + { + 0x4D, 0x47, 0x53, 0x20, 0x43, 0x44, 0x43, 0x68, + 0x65, 0x63, 0x6B + }, "Microsoft Game Studios CD Check"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/CDCops.cs b/BurnOutSharp/ProtectionType/CDCops.cs index 36435518..ffdcf6e1 100644 --- a/BurnOutSharp/ProtectionType/CDCops.cs +++ b/BurnOutSharp/ProtectionType/CDCops.cs @@ -8,6 +8,7 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { + // TODO: Can this be combined with DVD-Cops? public class CDCops : IContentCheck, IPathCheck { /// diff --git a/BurnOutSharp/ProtectionType/CDLock.cs b/BurnOutSharp/ProtectionType/CDLock.cs index eb2eed66..58e07557 100644 --- a/BurnOutSharp/ProtectionType/CDLock.cs +++ b/BurnOutSharp/ProtectionType/CDLock.cs @@ -1,7 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -18,26 +16,21 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // 2 + (char)0xF2 + (char)0x02 + (char)0x82 + (char)0xC3 + (char)0xBC + (char)0x0B + $ + (char)0x99 + (char)0xAD + 'C + (char)0xE4 + (char)0x9D + st + (char)0x99 + (char)0xFA + 2$ + (char)0x9D + )4 + (char)0xFF + t - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x32, 0xF2, 0x02, 0x82, 0xC3, 0xBC, 0x0B, 0x24, - 0x99, 0xAD, 0x27, 0x43, 0xE4, 0x9D, 0x73, 0x74, - 0x99, 0xFA, 0x32, 0x24, 0x9D, 0x29, 0x34, 0xFF, - 0x74 - }, start: sectionAddr, end: sectionEnd), - "CD-Lock"), + new ContentMatchSet(new byte?[] + { + 0x32, 0xF2, 0x02, 0x82, 0xC3, 0xBC, 0x0B, 0x24, + 0x99, 0xAD, 0x27, 0x43, 0xE4, 0x9D, 0x73, 0x74, + 0x99, 0xFA, 0x32, 0x24, 0x9D, 0x29, 0x34, 0xFF, + 0x74 + }, "CD-Lock"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/CactusDataShield.cs b/BurnOutSharp/ProtectionType/CactusDataShield.cs index 78839fce..cc81d5da 100644 --- a/BurnOutSharp/ProtectionType/CactusDataShield.cs +++ b/BurnOutSharp/ProtectionType/CactusDataShield.cs @@ -34,25 +34,18 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // \*.CDS - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x5C, 0x2A, 0x2E, 0x43, 0x44, 0x53 }, start: sectionAddr, end: sectionEnd), - "Cactus Data Shield 200"), + new ContentMatchSet(new byte?[] { 0x5C, 0x2A, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), // DATA.CDS - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, start: sectionAddr, end: sectionEnd), - "Cactus Data Shield 200"), + new ContentMatchSet(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/DVDCops.cs b/BurnOutSharp/ProtectionType/DVDCops.cs index a23a0b87..4a6740ec 100644 --- a/BurnOutSharp/ProtectionType/DVDCops.cs +++ b/BurnOutSharp/ProtectionType/DVDCops.cs @@ -6,6 +6,7 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { + // TODO: Can this be combined with CD-Cops? public class DVDCops : IContentCheck { /// diff --git a/BurnOutSharp/ProtectionType/ElectronicArts.cs b/BurnOutSharp/ProtectionType/ElectronicArts.cs index ea31b2fc..2e35f702 100644 --- a/BurnOutSharp/ProtectionType/ElectronicArts.cs +++ b/BurnOutSharp/ProtectionType/ElectronicArts.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -59,72 +58,57 @@ namespace BurnOutSharp.ProtectionType return $"EA CdKey Registration Module {Utilities.GetFileVersion(pex)}"; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // EReg Config Form - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x45, 0x52, 0x65, 0x67, 0x20, 0x43, 0x6F, 0x6E, - 0x66, 0x69, 0x67, 0x20, 0x46, 0x6F, 0x72, 0x6D - }, start: sectionAddr, end: sectionEnd), - Utilities.GetFileVersion, "EA CdKey Registration Module"), + new ContentMatchSet(new byte?[] + { + 0x45, 0x52, 0x65, 0x67, 0x20, 0x43, 0x6F, 0x6E, + 0x66, 0x69, 0x67, 0x20, 0x46, 0x6F, 0x72, 0x6D + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // GenericEA + (char)0x00 + (char)0x00 + (char)0x00 + Activation - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, - 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, - 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E - }, start: sectionAddr, end: sectionEnd), - "EA DRM Protection"), + new ContentMatchSet(new byte?[] + { + 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, + 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, + 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E + }, "EA DRM Protection"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } // Get the .text section, if it exists - var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); - if (textSection != null) + if (pex.TextSectionRaw != null) { - int sectionAddr = (int)textSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)textSection.VirtualSize; var matchers = new List { // GenericEA + (char)0x00 + (char)0x00 + (char)0x00 + Activation - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, - 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, - 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E - }, start: sectionAddr, end: sectionEnd), - "EA DRM Protection"), + new ContentMatchSet(new byte?[] + { + 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, + 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, + 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E + }, "EA DRM Protection"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/GFWL.cs b/BurnOutSharp/ProtectionType/GFWL.cs index 72cb8aa0..d23b97ec 100644 --- a/BurnOutSharp/ProtectionType/GFWL.cs +++ b/BurnOutSharp/ProtectionType/GFWL.cs @@ -1,8 +1,6 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -26,20 +24,15 @@ namespace BurnOutSharp.ProtectionType return $"Games for Windows LIVE {Utilities.GetFileVersion(pex)}"; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // xlive.dll - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x78, 0x6C, 0x69, 0x76, 0x65, 0x2E, 0x64, 0x6C, 0x6C }, start: sectionAddr, end: sectionEnd), - "Games for Windows LIVE"), + new ContentMatchSet(new byte?[] { 0x78, 0x6C, 0x69, 0x76, 0x65, 0x2E, 0x64, 0x6C, 0x6C }, "Games for Windows LIVE"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/ImpulseReactor.cs b/BurnOutSharp/ProtectionType/ImpulseReactor.cs index 2634234b..d942cbd7 100644 --- a/BurnOutSharp/ProtectionType/ImpulseReactor.cs +++ b/BurnOutSharp/ProtectionType/ImpulseReactor.cs @@ -1,7 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -21,12 +19,8 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; - // CVPInitializeClient byte?[] check = new byte?[] { @@ -34,7 +28,7 @@ namespace BurnOutSharp.ProtectionType 0x61, 0x6C, 0x69, 0x7A, 0x65, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74 }; - bool containsCheck = fileContent.FirstPosition(check, out int position, start: sectionAddr, end: sectionEnd); + bool containsCheck = pex.ResourceDataSectionRaw.FirstPosition(check, out int position); // A + (char)0x00 + T + (char)0x00 + T + (char)0x00 + L + (char)0x00 + I + (char)0x00 + S + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + E + (char)0x00 + L + (char)0x00 + E + (char)0x00 + M + (char)0x00 + E + (char)0x00 + N + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + N + (char)0x00 + O + (char)0x00 + T + (char)0x00 + A + (char)0x00 + T + (char)0x00 + I + (char)0x00 + O + (char)0x00 + N + (char)0x00 byte?[] check2 = new byte?[] @@ -46,10 +40,10 @@ namespace BurnOutSharp.ProtectionType 0x4E, 0x00, 0x4F, 0x00, 0x54, 0x00, 0x41, 0x00, 0x54, 0x00, 0x49, 0x00, 0x4F, 0x00, 0x4E }; - bool containsCheck2 = fileContent.FirstPosition(check2, out int position2, start: sectionAddr, end: sectionEnd); + bool containsCheck2 = pex.ResourceDataSectionRaw.FirstPosition(check2, out int position2); if (containsCheck && containsCheck2) - return $"Impulse Reactor Core Module {Utilities.GetFileVersion(file, fileContent, new List { position, position2 })}" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); + return $"Impulse Reactor Core Module {Utilities.GetFileVersion(pex)}" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); else if (containsCheck && !containsCheck2) return $"Impulse Reactor" + (includeDebug ? $" (Index {position})" : string.Empty); } diff --git a/BurnOutSharp/ProtectionType/LaserLok.cs b/BurnOutSharp/ProtectionType/LaserLok.cs index 4ffaf3b2..e17462fa 100644 --- a/BurnOutSharp/ProtectionType/LaserLok.cs +++ b/BurnOutSharp/ProtectionType/LaserLok.cs @@ -3,9 +3,7 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; -using BurnOutSharp.ExecutableType.Microsoft.Headers; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -70,12 +68,8 @@ namespace BurnOutSharp.ProtectionType int position2 = -1; // Get the .text section, if it exists - var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); - if (textSection != null) + if (pex.TextSectionRaw != null) { - int sectionAddr = (int)textSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)textSection.VirtualSize; - // GetModuleHandleA + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + GetProcAddress + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + LoadLibraryA + (char)0x00 + (char)0x00 + KERNEL32.dll + (char)0x00 + ëy + (char)0x01 + SNIF/MPVI byte?[] check2 = new byte?[] { @@ -89,15 +83,15 @@ namespace BurnOutSharp.ProtectionType 0x45, 0x4C, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0xEB, 0x79, 0x01, null, null, null, null, }; - containsCheck2 = fileContent.FirstPosition(check2, out position2, start: sectionAddr, end: sectionEnd); + containsCheck2 = pex.TextSectionRaw.FirstPosition(check2, out position2); } if (containsCheck && containsCheck2) - return $"LaserLok {GetVersion(fileContent, position2)} {GetBuild(sections, fileContent, true)}" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); + return $"LaserLok {GetVersion(fileContent, position2)} {GetBuild(pex.TextSectionRaw, true)}" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); else if (containsCheck && !containsCheck2) - return $"LaserLok Marathon {GetBuild(sections, fileContent, false)}" + (includeDebug ? $" (Index {position})" : string.Empty); + return $"LaserLok Marathon {GetBuild(pex.TextSectionRaw, false)}" + (includeDebug ? $" (Index {position})" : string.Empty); else if (!containsCheck && containsCheck2) - return $"LaserLok {GetVersion(fileContent, --position2)} {GetBuild(sections, fileContent, false)}" + (includeDebug ? $" (Index {position2})" : string.Empty); + return $"LaserLok {GetVersion(fileContent, --position2)} {GetBuild(pex.TextSectionRaw, false)}" + (includeDebug ? $" (Index {position2})" : string.Empty); return null; } @@ -143,42 +137,38 @@ namespace BurnOutSharp.ProtectionType return MatchUtil.GetFirstMatch(path, matchers, any: true); } - private static string GetBuild(SectionHeader[] sections, byte[] fileContent, bool versionTwo) + private static string GetBuild(byte[] sectionContent, bool versionTwo) { - var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); - if (textSection == null) + if (sectionContent == null) return "(Build unknown)"; - int sectionAddr = (int)textSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)textSection.VirtualSize; - // Unkown + (char)0x00 + Unkown byte?[] check = new byte?[] { 0x55, 0x6E, 0x6B, 0x6F, 0x77, 0x6E, 0x00, 0x55, 0x6E, 0x6B, 0x6F, 0x77, 0x6E }; - if (!fileContent.FirstPosition(check, out int position, start: sectionAddr, end: sectionEnd)) + if (!sectionContent.FirstPosition(check, out int position)) return "(Build unknown)"; string year, month, day; if (versionTwo) { int index = position + 14; - day = new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + day = new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); index += 3; - month = new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + month = new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); index += 3; - year = "20" + new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + year = "20" + new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); } else { int index = position + 13; - day = new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + day = new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); index += 3; - month = new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + month = new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); index += 3; - year = "20" + new string(new ArraySegment(fileContent, index, 2).Select(b => (char)b).ToArray()); + year = "20" + new string(new ArraySegment(sectionContent, index, 2).Select(b => (char)b).ToArray()); } return $"(Build {year}-{month}-{day})"; diff --git a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs index dd22af88..e55f4160 100644 --- a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs +++ b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs @@ -1,7 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -22,48 +20,38 @@ namespace BurnOutSharp.ProtectionType if (resource != null) return $"MediaMax CD-3"; - // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + // Get the .data section, if it exists + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { - // DllInstallSbcp - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x44, 0x6C, 0x6C, 0x49, 0x6E, 0x73, 0x74, 0x61, - 0x6C, 0x6C, 0x53, 0x62, 0x63, 0x70 - }, start: sectionAddr, end: sectionEnd), - "MediaMax CD-3"), + // CD3 Launch Error + new ContentMatchSet(new byte?[] + { + 0x43, 0x44, 0x33, 0x20, 0x4C, 0x61, 0x75, 0x6E, + 0x63, 0x68, 0x20, 0x45, 0x72, 0x72, 0x6F, 0x72 + }, "MediaMax CD-3"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } - // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + // Get the .rdata section, if it exists + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { - // CD3 Launch Error - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x43, 0x44, 0x33, 0x20, 0x4C, 0x61, 0x75, 0x6E, - 0x63, 0x68, 0x20, 0x45, 0x72, 0x72, 0x6F, 0x72 - }, start: sectionAddr, end: sectionEnd), - "MediaMax CD-3"), + // DllInstallSbcp + new ContentMatchSet(new byte?[] + { + 0x44, 0x6C, 0x6C, 0x49, 0x6E, 0x73, 0x74, 0x61, + 0x6C, 0x6C, 0x53, 0x62, 0x63, 0x70 + }, "MediaMax CD-3"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/ProtectDisc.cs b/BurnOutSharp/ProtectionType/ProtectDisc.cs index d4d5ad53..78ec29d5 100644 --- a/BurnOutSharp/ProtectionType/ProtectDisc.cs +++ b/BurnOutSharp/ProtectionType/ProtectDisc.cs @@ -38,20 +38,15 @@ namespace BurnOutSharp.ProtectionType } // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // DCP-BOV + (char)0x00 + (char)0x00 - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x44, 0x43, 0x50, 0x2D, 0x42, 0x4F, 0x56, 0x00, 0x00 }, start: sectionAddr, end: sectionEnd), - GetVersion3till6, "VOB ProtectCD/DVD"), + new ContentMatchSet(new byte?[] { 0x44, 0x43, 0x50, 0x2D, 0x42, 0x4F, 0x56, 0x00, 0x00 }, GetVersion3till6, "VOB ProtectCD/DVD"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/SafeDisc.cs b/BurnOutSharp/ProtectionType/SafeDisc.cs index 8e9ee32b..b69467d6 100644 --- a/BurnOutSharp/ProtectionType/SafeDisc.cs +++ b/BurnOutSharp/ProtectionType/SafeDisc.cs @@ -1,5 +1,4 @@ -using System; -using System.Collections.Concurrent; +using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; @@ -48,7 +47,7 @@ namespace BurnOutSharp.ProtectionType if (sections == null) return null; - // Get the .text section, if it exists + // Get the .text section, if it exists -- TODO: Figure out how to capture this automatically var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); if (textSection != null) { @@ -109,30 +108,23 @@ namespace BurnOutSharp.ProtectionType } // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // BoG_ *90.0&!! Yy> - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x42, 0x6F, 0x47, 0x5F, 0x20, 0x2A, 0x39, 0x30, - 0x2E, 0x30, 0x26, 0x21, 0x21, 0x20, 0x20, 0x59, - 0x79, 0x3E - }, start: sectionAddr, end: sectionEnd), - GetVersion, "SafeDisc"), + new ContentMatchSet(new byte?[] + { + 0x42, 0x6F, 0x47, 0x5F, 0x20, 0x2A, 0x39, 0x30, + 0x2E, 0x30, 0x26, 0x21, 0x21, 0x20, 0x20, 0x59, + 0x79, 0x3E + }, GetVersion, "SafeDisc"), // (char)0x00 + (char)0x00 + BoG_ - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x00, 0x00, 0x42, 0x6F, 0x47, 0x5F }, start: sectionAddr, end: sectionEnd), - Get320to4xVersion, "SafeDisc"), + new ContentMatchSet(new byte?[] { 0x00, 0x00, 0x42, 0x6F, 0x47, 0x5F }, Get320to4xVersion, "SafeDisc"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/SecuROM.cs b/BurnOutSharp/ProtectionType/SecuROM.cs index 48b9dd90..a556426f 100644 --- a/BurnOutSharp/ProtectionType/SecuROM.cs +++ b/BurnOutSharp/ProtectionType/SecuROM.cs @@ -70,42 +70,35 @@ namespace BurnOutSharp.ProtectionType } // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // drm_pagui_doit -- shortened from "_and_play.dll + (char)0x00 + drm_pagui_doit" - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x64, 0x72, 0x6D, 0x5F, 0x70, 0x61, 0x67, 0x75, - 0x69, 0x5F, 0x64, 0x6F, 0x69, 0x74 - }, start: sectionAddr, end: sectionEnd), - Utilities.GetFileVersion, "SecuROM Product Activation"), + new ContentMatchSet(new byte?[] + { + 0x64, 0x72, 0x6D, 0x5F, 0x70, 0x61, 0x67, 0x75, + 0x69, 0x5F, 0x64, 0x6F, 0x69, 0x74 + }, Utilities.GetFileVersion, "SecuROM Product Activation"), // TODO: Re-enable this one if the above undermatches somehow // // S + (char)0x00 + e + (char)0x00 + c + (char)0x00 + u + (char)0x00 + R + (char)0x00 + O + (char)0x00 + M + (char)0x00 + + (char)0x00 + P + (char)0x00 + A + (char)0x00 - // new ContentMatchSet( - // new ContentMatch(new byte?[] - // { - // 0x53, 0x00, 0x65, 0x00, 0x63, 0x00, 0x75, 0x00, - // 0x52, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x20, 0x00, - // 0x50, 0x00, 0x41, 0x00 - // }, start: sectionAddr, end: sectionEnd), - // Utilities.GetFileVersion, "SecuROM Product Activation"), + // new ContentMatchSet(new byte?[] + // { + // 0x53, 0x00, 0x65, 0x00, 0x63, 0x00, 0x75, 0x00, + // 0x52, 0x00, 0x4F, 0x00, 0x4D, 0x00, 0x20, 0x00, + // 0x50, 0x00, 0x41, 0x00 + // }, Utilities.GetFileVersion, "SecuROM Product Activation"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } // Get the .cms_d and .cms_t sections, if they exist -- TODO: Confirm if both are needed or either/or is fine - var cmsdSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".cms_d")); - var cmstSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".cms_t")); + var cmsdSection = pex.GetFirstSection(".cmd_d", true); + var cmstSection = pex.GetFirstSection(".cms_t", true); if (cmsdSection != null || cmstSection != null) return $"SecuROM 1-3"; diff --git a/BurnOutSharp/ProtectionType/SmartE.cs b/BurnOutSharp/ProtectionType/SmartE.cs index 4faa84be..5632da58 100644 --- a/BurnOutSharp/ProtectionType/SmartE.cs +++ b/BurnOutSharp/ProtectionType/SmartE.cs @@ -32,8 +32,7 @@ namespace BurnOutSharp.ProtectionType return match; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - match = GetMatchForSection(rdataSection, file, fileContent, includeDebug); + match = GetMatchForSection(file, pex.ResourceDataSectionRaw, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; @@ -93,5 +92,22 @@ namespace BurnOutSharp.ProtectionType return MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); } + + /// + /// Check a section for the SmartE string(s) + /// + private string GetMatchForSection(string file, byte[] sectionContent, bool includeDebug) + { + if (sectionContent == null) + return null; + + var matchers = new List + { + // BITARTS + new ContentMatchSet(new byte?[] { 0x42, 0x49, 0x54, 0x41, 0x52, 0x54, 0x53 }, "SmartE"), + }; + + return MatchUtil.GetFirstMatch(file, sectionContent, matchers, includeDebug); + } } } diff --git a/BurnOutSharp/ProtectionType/Sysiphus.cs b/BurnOutSharp/ProtectionType/Sysiphus.cs index 71d000a9..1ddd7c64 100644 --- a/BurnOutSharp/ProtectionType/Sysiphus.cs +++ b/BurnOutSharp/ProtectionType/Sysiphus.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -18,24 +17,19 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .data section, if it exists - var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data")); - if (dataSection != null) + if (pex.DataSectionRaw != null) { - int sectionAddr = (int)dataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)dataSection.VirtualSize; var matchers = new List { // V SUHPISYS - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, - 0x59, 0x53 - }, start: sectionAddr, end: sectionEnd), - GetVersion, "Sysiphus"), + new ContentMatchSet(new byte?[] + { + 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, + 0x59, 0x53 + }, GetVersion, "Sysiphus"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/WTMCDProtect.cs b/BurnOutSharp/ProtectionType/WTMCDProtect.cs index 73f77f25..84887b84 100644 --- a/BurnOutSharp/ProtectionType/WTMCDProtect.cs +++ b/BurnOutSharp/ProtectionType/WTMCDProtect.cs @@ -41,37 +41,30 @@ namespace BurnOutSharp.ProtectionType } // Get the .text section, if it exists - var textSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".text")); - if (textSection != null) + if (pex.TextSectionRaw != null) { - int sectionAddr = (int)textSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)textSection.VirtualSize; var matchers = new List { // WTM DIGITAL Photo Protect - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x57, 0x54, 0x4D, 0x20, 0x44, 0x49, 0x47, 0x49, - 0x54, 0x41, 0x4C, 0x20, 0x50, 0x68, 0x6F, 0x74, - 0x6F, 0x20, 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, - 0x74 - }, start: sectionAddr, end: sectionEnd), - "WTM Protection Viewer"), + new ContentMatchSet(new byte?[] + { + 0x57, 0x54, 0x4D, 0x20, 0x44, 0x49, 0x47, 0x49, + 0x54, 0x41, 0x4C, 0x20, 0x50, 0x68, 0x6F, 0x74, + 0x6F, 0x20, 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, + 0x74 + }, "WTM Protection Viewer"), // WTM Copy Protection Viewer - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x57, 0x54, 0x4D, 0x20, 0x43, 0x6F, 0x70, 0x79, - 0x20, 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, - 0x69, 0x6F, 0x6E, 0x20, 0x56, 0x69, 0x65, 0x77, - 0x65, 0x72 - }, start: sectionAddr, end: sectionEnd), - "WTM Protection Viewer"), + new ContentMatchSet(new byte?[] + { + 0x57, 0x54, 0x4D, 0x20, 0x43, 0x6F, 0x70, 0x79, + 0x20, 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, + 0x69, 0x6F, 0x6E, 0x20, 0x56, 0x69, 0x65, 0x77, + 0x65, 0x72 + }, "WTM Protection Viewer"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs index 84ebc20e..ef5a63ee 100644 --- a/BurnOutSharp/ProtectionType/XCP.cs +++ b/BurnOutSharp/ProtectionType/XCP.cs @@ -3,7 +3,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; -using System.Text; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.FileType; using BurnOutSharp.Matching; @@ -36,38 +35,29 @@ namespace BurnOutSharp.ProtectionType return null; // Get the .rdata section, if it exists - var rdataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rdata")); - if (rdataSection != null) + if (pex.ResourceDataSectionRaw != null) { - int sectionAddr = (int)rdataSection.PointerToRawData; - int sectionEnd = sectionAddr + (int)rdataSection.VirtualSize; var matchers = new List { // XCP.DAT - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x58, 0x43, 0x50, 0x2E, 0x44, 0x41, 0x54 }, start: sectionAddr, end: sectionEnd), - "XCP"), + new ContentMatchSet(new byte?[] { 0x58, 0x43, 0x50, 0x2E, 0x44, 0x41, 0x54 }, "XCP"), // XCPPlugins.dll - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x58, 0x43, 0x50, 0x50, 0x6C, 0x75, 0x67, 0x69, - 0x6E, 0x73, 0x2E, 0x64, 0x6C, 0x6C - }, start: sectionAddr, end: sectionEnd), - "XCP"), + new ContentMatchSet(new byte?[] + { + 0x58, 0x43, 0x50, 0x50, 0x6C, 0x75, 0x67, 0x69, + 0x6E, 0x73, 0x2E, 0x64, 0x6C, 0x6C + }, "XCP"), // XCPPhoenix.dll - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x58, 0x43, 0x50, 0x50, 0x68, 0x6F, 0x65, 0x6E, - 0x69, 0x78, 0x2E, 0x64, 0x6C, 0x6C - }, start: sectionAddr, end: sectionEnd), - "XCP"), + new ContentMatchSet(new byte?[] + { + 0x58, 0x43, 0x50, 0x50, 0x68, 0x6F, 0x65, 0x6E, + 0x69, 0x78, 0x2E, 0x64, 0x6C, 0x6C + }, "XCP"), }; - string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); + string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug); if (!string.IsNullOrWhiteSpace(match)) return match; } diff --git a/BurnOutSharp/Tools/Extensions.cs b/BurnOutSharp/Tools/Extensions.cs index 5d9cce91..748de871 100644 --- a/BurnOutSharp/Tools/Extensions.cs +++ b/BurnOutSharp/Tools/Extensions.cs @@ -19,6 +19,17 @@ namespace BurnOutSharp.Tools return content[offset++]; } + /// + /// Read a byte array and increment the pointer to an array + /// + public static byte[] ReadBytes(this byte[] content, ref int offset, int count) + { + byte[] buffer = new byte[count]; + Array.Copy(content, offset, buffer, 0, count); + offset += count; + return buffer; + } + /// /// Read a char and increment the pointer to an array ///