Add support for detecting Installer VISE (#38)

* Add support for detecting Installer VISE * Add comment about extraction
2026-04-18 20:22:42 +00:00 · 2021-06-05 16:08:10 -06:00
parent b76d09aa20
commit 475e0b9d91
2 changed files with 52 additions and 0 deletions
--- a/BurnOutSharp/PackerType/InstallerVISE.cs
+++ b/BurnOutSharp/PackerType/InstallerVISE.cs
@@ -0,0 +1,51 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.Matching;
+
+namespace BurnOutSharp.PackerType
+{
+    public class InstallerVISE : IContentCheck, IScannable
+    {
+        /// <summary>
+        /// Set of all ContentMatchSets for this protection
+        /// </summary>
+        private static readonly List<ContentMatchSet> contentMatchers = new List<ContentMatchSet>
+        {
+            //TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds.
+
+            // ViseMain
+            new ContentMatchSet(
+                new ContentMatch(new byte?[] { 0x56, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, start: 0xE0A4, end: 0xE0A5),
+                "Installer VISE"), 
+        };
+
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic) => true;
+
+        /// <inheritdoc/>
+        public string CheckContents(string file, byte[] fileContent, bool includePosition = false)
+        {
+            return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition);
+        }
+
+        // TODO: Add Installer VISE extraction
+        // https://github.com/Bioruebe/UniExtract2
+        /// <inheritdoc/>
+        public Dictionary<string, List<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public Dictionary<string, List<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            return null;
+        }
+    }
+}
--- a/README.md
+++ b/README.md
@@ -93,6 +93,7 @@ Below is a list of the executable packers that can be detected using this code:
 - dotFuscator
 - EXE Stealth
 - Inno Setup
+- Installer VISE
 - NSIS
 - PECompact
 - Setup Factory