diff --git a/BinaryObjectScanner/Protection/CopyX.cs b/BinaryObjectScanner/Protection/CopyX.cs
index b02fae14..008ba3da 100644
--- a/BinaryObjectScanner/Protection/CopyX.cs
+++ b/BinaryObjectScanner/Protection/CopyX.cs
@@ -25,52 +25,60 @@ namespace BinaryObjectScanner.Protection
// I am assuming based on 0 evidence that the former is Light and the latter is Professional.
// Because I have no evidence, I am just returning copy-X for now. I have pre-emptively begun seperating the two,
// just for when a designation can be applied for sure.
-
+
// Overall:
// Whenever I say "at the end of" or "at the start of" pertaining to the filesystem, I mean alphabetically, because this is how copy-X images seem to be mastered.
// Both Light and Professional have a directory at the end of the image. The files within this directory are intersected by the physical ring.
// This file is usually called ZDAT, but not always. At least one instance of Light calls it ZDATA. At least one instance of Professional calls it System.
// Seemingly it can be anything. It doesn't help that most samples are specifically from one company's games, Tivola. Still, most use ZDAT.
-
+
//Professional:
//All instances of professional contain a disc check, performed via optgraph.dll.
//All instances of professional contain in the directory at the end of the image 3 files. gov_[something].x64, iofile.x64, and sound.x64.
//Due to gov's minor name variance, sound.x64 sometimes being intersected by a ring at the start, and iofile.x64 being referenced directly in optgraph.x64, I chose to just check iofile.x64.
//It always starts the same, so if there are false positives, a more advanced check can be used if necessary.
// TODO: optgraph.dll also contains DRM to prevent kernel debugger SoftICE from being used, via a process called SoftICE-Test. I don't know if this is specifically part of copy-X, or if it's an external solution employed by both copy-X and also other companies. If it's the latter, it should have its own check. It has none here since it wouldn't be necessary.
-
-
+
+
///
public string?
CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug) //Checks for Professional
- {
+ {
//I don't need this to check optgraph.dll, that's redundant. Unsure how to exclude that.
if (pex.OverlayStrings != null)
{
- if (pex.OverlayStrings.Any(s => s.Contains("optgraph.dll"))) //Checks if main executable contains reference to optgraph.dll. Emergency 4's is missing this for some reason.
- // TODO: TKKG also has an NE 3.1x executable with a reference. This can be added later.
+ if (pex.OverlayStrings.Any(s =>
+ s.Contains(
+ "optgraph.dll"))) //Checks if main executable contains reference to optgraph.dll. Emergency 4's is missing this for some reason.
+ // TODO: TKKG also has an NE 3.1x executable with a reference. This can be added later.
return "copy-X";
}
+
return null;
}
-
+
///
public string? CheckFilePath(string path) //Checks for Professional
{
- if (Path.GetFileName(path).Equals("optgraph.dll", StringComparison.OrdinalIgnoreCase)) //Filename check for optgraph.dll disc check
+ if (Path.GetFileName(path)
+ .Equals("optgraph.dll",
+ StringComparison.OrdinalIgnoreCase)) //Filename check for optgraph.dll disc check
{
return "copy-X";
}
- if (Path.GetFileName(path).Equals("iofile.x64", StringComparison.OrdinalIgnoreCase)) //Filename check for seemingly comorbid file.
+
+ if (Path.GetFileName(path)
+ .Equals("iofile.x64", StringComparison.OrdinalIgnoreCase)) //Filename check for seemingly comorbid file.
{
return "copy-X";
}
+
return null;
}
//Light:
//All instances of light contain 1 or more files in the directory at the end of the image. They all consist of 0x00, except for the parts with the rings running through them.
-
+
///
#if NET20 || NET35
public Queue CheckDirectoryPath(string path, IEnumerable? files)
@@ -93,14 +101,13 @@ namespace BinaryObjectScanner.Protection
FileStream stream = new FileStream(fileList[0], FileMode.Open, FileAccess.Read);
byte[] block = new byte[1024];
stream.Read(block, 0, 1024);
- if (block.All(thisByte => thisByte.Equals(0x00))) //Checks arbitrary number of bytes at the beginning of the first file in ZDAT* to see if they're all 0x00
+ if (block.All(thisByte => thisByte.Equals(0x00)))
{
protections.Enqueue("x-Copy");
- }
+ }
}
+
return protections;
}
-
-
}
}
\ No newline at end of file