From 27ef24636ca1430b173d2e350637ea0451fc5c2c Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Mon, 4 Nov 2024 23:37:23 -0500 Subject: [PATCH] Use typed check methods as well --- BinaryObjectScanner/FileType/Executable.cs | 162 ++++----------------- BinaryObjectScanner/Scanner.cs | 8 +- 2 files changed, 33 insertions(+), 137 deletions(-) diff --git a/BinaryObjectScanner/FileType/Executable.cs b/BinaryObjectScanner/FileType/Executable.cs index 107ce486..50c6d21a 100644 --- a/BinaryObjectScanner/FileType/Executable.cs +++ b/BinaryObjectScanner/FileType/Executable.cs @@ -143,34 +143,29 @@ namespace BinaryObjectScanner.FileType // Only use generic content checks if we're in debug mode if (includeDebug) { - var subProtections = RunContentChecks(file, stream, includeDebug); - if (subProtections != null) - protections.AddRange(subProtections.Values); + var contentProtections = RunContentChecks(file, stream, includeDebug); + protections.AddRange(contentProtections.Values); } if (wrapper is MSDOS mz) { - var subProtections = RunMSDOSExecutableChecks(file, stream, mz, includeDebug); - if (subProtections != null) - protections.AddRange(subProtections.Values); + var subProtections = RunExecutableChecks(file, mz, MSDOSExecutableCheckClasses, includeDebug); + protections.AddRange(subProtections.Values); } else if (wrapper is LinearExecutable lex) { - var subProtections = RunLinearExecutableChecks(file, stream, lex, includeDebug); - if (subProtections != null) - protections.AddRange(subProtections.Values); + var subProtections = RunExecutableChecks(file, lex, LinearExecutableCheckClasses, includeDebug); + protections.AddRange(subProtections.Values); } else if (wrapper is NewExecutable nex) { - var subProtections = RunNewExecutableChecks(file, stream, nex, includeDebug); - if (subProtections != null) - protections.AddRange(subProtections.Values); + var subProtections = RunExecutableChecks(file, nex, NewExecutableCheckClasses, includeDebug); + protections.AddRange(subProtections.Values); } else if (wrapper is PortableExecutable pex) { - var subProtections = RunPortableExecutableChecks(file, stream, pex, includeDebug); - if (subProtections != null) - protections.AddRange(subProtections.Values); + var subProtections = RunExecutableChecks(file, pex, PortableExecutableCheckClasses, includeDebug); + protections.AddRange(subProtections.Values); } return string.Join(";", [.. protections]); @@ -184,14 +179,17 @@ namespace BinaryObjectScanner.FileType /// Name of the source file of the stream, for tracking /// Stream to scan the contents of /// True to include debug data, false otherwise - /// Set of protections in file, null on error - public IDictionary? RunContentChecks(string? file, Stream stream, bool includeDebug) + /// Set of protections in file, empty on error + public IDictionary RunContentChecks(string? file, Stream stream, bool includeDebug) { + // Create the output dictionary + var protections = new CheckDictionary(); + // If we have an invalid file if (string.IsNullOrEmpty(file)) - return null; + return protections; else if (!File.Exists(file)) - return null; + return protections; // Read the file contents byte[] fileContent = []; @@ -199,17 +197,14 @@ namespace BinaryObjectScanner.FileType { fileContent = stream.ReadBytes((int)stream.Length); if (fileContent == null) - return null; + return protections; } catch (Exception ex) { if (includeDebug) Console.WriteLine(ex); - return null; + return protections; } - // Create the output dictionary - var protections = new CheckDictionary(); - // Iterate through all checks ContentCheckClasses.IterateWithAction(checkClass => { @@ -233,124 +228,25 @@ namespace BinaryObjectScanner.FileType } /// - /// Handle a single file based on all linear executable check implementations + /// Handle a single file based on all executable check implementations /// /// Name of the source file of the executable, for tracking - /// Executable to scan + /// Executable to scan + /// Set of checks to use /// True to include debug data, false otherwise - /// Set of protections in file, null on error - public IDictionary, string> RunLinearExecutableChecks(string file, Stream stream, LinearExecutable lex, bool includeDebug) + /// Set of protections in file, empty on error + public IDictionary RunExecutableChecks(string file, T exe, List checks, bool includeDebug) + where T : WrapperBase + where U : IExecutableCheck { // Create the output dictionary - var protections = new CheckDictionary>(); + var protections = new CheckDictionary(); // Iterate through all checks - LinearExecutableCheckClasses.IterateWithAction(checkClass => + checks.IterateWithAction(checkClass => { // Get the protection for the class, if possible - var protection = checkClass.CheckExecutable(file, lex, includeDebug); - if (string.IsNullOrEmpty(protection)) - return; - - // If we are filtering on game engines - if (CheckIfGameEngine(checkClass) && !IncludeGameEngines) - return; - - // If we are filtering on packers - if (CheckIfPacker(checkClass) && !IncludePackers) - return; - - protections.Append(checkClass, protection); - }); - - return protections; - } - - /// - /// Handle a single file based on all MS-DOS executable check implementations - /// - /// Name of the source file of the executable, for tracking - /// Executable to scan - /// True to include debug data, false otherwise - /// Set of protections in file, null on error - public IDictionary, string> RunMSDOSExecutableChecks(string file, Stream stream, MSDOS mz, bool includeDebug) - { - // Create the output dictionary - var protections = new CheckDictionary>(); - - // Iterate through all checks - MSDOSExecutableCheckClasses.IterateWithAction(checkClass => - { - // Get the protection for the class, if possible - var protection = checkClass.CheckExecutable(file, mz, includeDebug); - if (string.IsNullOrEmpty(protection)) - return; - - // If we are filtering on game engines - if (CheckIfGameEngine(checkClass) && !IncludeGameEngines) - return; - - // If we are filtering on packers - if (CheckIfPacker(checkClass) && !IncludePackers) - return; - - protections.Append(checkClass, protection); - }); - - return protections; - } - - /// - /// Handle a single file based on all new executable check implementations - /// - /// Name of the source file of the executable, for tracking - /// Executable to scan - /// True to include debug data, false otherwise - /// Set of protections in file, null on error - public IDictionary, string> RunNewExecutableChecks(string file, Stream stream, NewExecutable nex, bool includeDebug) - { - // Create the output dictionary - var protections = new CheckDictionary>(); - - // Iterate through all checks - NewExecutableCheckClasses.IterateWithAction(checkClass => - { - // Get the protection for the class, if possible - var protection = checkClass.CheckExecutable(file, nex, includeDebug); - if (string.IsNullOrEmpty(protection)) - return; - - // If we are filtering on game engines - if (CheckIfGameEngine(checkClass) && !IncludeGameEngines) - return; - - // If we are filtering on packers - if (CheckIfPacker(checkClass) && !IncludePackers) - return; - - protections.Append(checkClass, protection); - }); - - return protections; - } - - /// - /// Handle a single file based on all portable executable check implementations - /// - /// Name of the source file of the executable, for tracking - /// Executable to scan - /// True to include debug data, false otherwise - /// Set of protections in file, null on error - public IDictionary, string> RunPortableExecutableChecks(string file, Stream stream, PortableExecutable pex, bool includeDebug) - { - // Create the output dictionary - var protections = new CheckDictionary>(); - - // Iterate through all checks - PortableExecutableCheckClasses.IterateWithAction(checkClass => - { - // Get the protection for the class, if possible - var protection = checkClass.CheckExecutable(file, pex, includeDebug); + var protection = checkClass.CheckExecutable(file, exe, includeDebug); if (string.IsNullOrEmpty(protection)) return; diff --git a/BinaryObjectScanner/Scanner.cs b/BinaryObjectScanner/Scanner.cs index 730aa658..ccb5a992 100644 --- a/BinaryObjectScanner/Scanner.cs +++ b/BinaryObjectScanner/Scanner.cs @@ -403,7 +403,7 @@ namespace BinaryObjectScanner if (wrapper is MSDOS mz) { - var subProtections = executable.RunMSDOSExecutableChecks(fileName, stream, mz, _options.IncludeDebug); + var subProtections = executable.RunExecutableChecks(fileName, mz, Executable.MSDOSExecutableCheckClasses, _options.IncludeDebug); if (subProtections == null) return protections; @@ -417,7 +417,7 @@ namespace BinaryObjectScanner } else if (wrapper is LinearExecutable lex) { - var subProtections = executable.RunLinearExecutableChecks(fileName, stream, lex, _options.IncludeDebug); + var subProtections = executable.RunExecutableChecks(fileName, lex, Executable.LinearExecutableCheckClasses, _options.IncludeDebug); if (subProtections == null) return protections; @@ -431,7 +431,7 @@ namespace BinaryObjectScanner } else if (wrapper is NewExecutable nex) { - var subProtections = executable.RunNewExecutableChecks(fileName, stream, nex, _options.IncludeDebug); + var subProtections = executable.RunExecutableChecks(fileName, nex, Executable.NewExecutableCheckClasses, _options.IncludeDebug); if (subProtections == null) return protections; @@ -445,7 +445,7 @@ namespace BinaryObjectScanner } else if (wrapper is PortableExecutable pex) { - var subProtections = executable.RunPortableExecutableChecks(fileName, stream, pex, _options.IncludeDebug); + var subProtections = executable.RunExecutableChecks(fileName, pex, Executable.PortableExecutableCheckClasses, _options.IncludeDebug); if (subProtections == null) return protections;