From 32695ee6ddb11a52fa6f8eaea34c536aaf7be33b Mon Sep 17 00:00:00 2001 From: SilasLaspada Date: Sat, 2 Apr 2022 00:23:32 -0600 Subject: [PATCH] Add support for detecting AutoPlay Media Studio (#116) * Add support for detecting AutoPlay Media Studio * Comment out too vague AutoPlay Media Studio check * Tweak comment --- .../PackerType/AutoPlayMediaStudio.cs | 72 +++++++++++++++++++ README.md | 1 + 2 files changed, 73 insertions(+) create mode 100644 BurnOutSharp/PackerType/AutoPlayMediaStudio.cs diff --git a/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs b/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs new file mode 100644 index 00000000..cbff3d04 --- /dev/null +++ b/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs @@ -0,0 +1,72 @@ +using System; +using System.Collections.Concurrent; +using System.IO; +using BurnOutSharp.ExecutableType.Microsoft.PE; +using BurnOutSharp.Tools; + +namespace BurnOutSharp.PackerType +{ + // Created by IndigoRose (creators of Setup Factory), primarily to be used to create autorun menus for various media. + // Official website: https://www.autoplay.org/ + public class AutoPlayMediaStudio : IPEContentCheck, IScannable + { + /// + public bool ShouldScan(byte[] magic) => true; + + /// + public string CheckPEContents(string file, PortableExecutable pex, bool includeDebug) + { + // Get the sections from the executable, if possible + var sections = pex?.SectionTable; + if (sections == null) + return null; + + // Known to detect versions 5.0.0.3 - 8.1.0.0 + string name = Utilities.GetProductName(pex); + if (!string.IsNullOrWhiteSpace(name) && name.StartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase)) + return $"AutoPlay Media Studio {GetVersion(pex)}"; + + // Currently too vague, may be re-enabled in the future + /* + name = Utilities.GetLegalCopyright(pex); + if (!string.IsNullOrWhiteSpace(name) && name.StartsWith("Runtime Engine", StringComparison.OrdinalIgnoreCase)) + return $"AutoPlay Media Studio {GetVersion(pex)}"; + */ + + return null; + } + + /// + public ConcurrentDictionary> Scan(Scanner scanner, string file) + { + if (!File.Exists(file)) + return null; + + using (var fs = File.OpenRead(file)) + { + return Scan(scanner, fs, file); + } + } + + /// + public ConcurrentDictionary> Scan(Scanner scanner, Stream stream, string file) + { + return null; + } + + private string GetVersion(PortableExecutable pex) + { + // Check the product version explicitly + string version = Utilities.GetProductVersion(pex); + if (!string.IsNullOrEmpty(version)) + return version; + + // Check the internal versions + version = Utilities.GetInternalVersion(pex); + if (!string.IsNullOrEmpty(version)) + return version; + + return "(Unknown Version)"; + } + } +} diff --git a/README.md b/README.md index 2ccd5539..0e008186 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,7 @@ Below is a list of executable packers detected by BurnOutSharp. The three column | --------------- | ------------- | ---------- | ----------- | | Advanced Installer / Caphyon Advanced Installer | Yes | No | No | | Armadillo | Yes | No | No | +| AutoPlay Media Studio | Yes | No | No | | CExe | Yes | No | No | | dotFuscator | Yes | No | No | | EXE Stealth | Yes | No | No |