diff --git a/BinaryObjectScanner.Test/GameEngine/RenderWareTests.cs b/BinaryObjectScanner.Test/GameEngine/RenderWareTests.cs index 2750e5b0..8dd7c74e 100644 --- a/BinaryObjectScanner.Test/GameEngine/RenderWareTests.cs +++ b/BinaryObjectScanner.Test/GameEngine/RenderWareTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.GameEngine string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new RenderWare(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/ASPackTests.cs b/BinaryObjectScanner.Test/Packer/ASPackTests.cs index c1f8c3f8..f767f5db 100644 --- a/BinaryObjectScanner.Test/Packer/ASPackTests.cs +++ b/BinaryObjectScanner.Test/Packer/ASPackTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ASPack(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/AdvancedInstallerTests.cs b/BinaryObjectScanner.Test/Packer/AdvancedInstallerTests.cs index 6d44f0da..7524303b 100644 --- a/BinaryObjectScanner.Test/Packer/AdvancedInstallerTests.cs +++ b/BinaryObjectScanner.Test/Packer/AdvancedInstallerTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new AdvancedInstaller(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/AutoPlayMediaStudioTests.cs b/BinaryObjectScanner.Test/Packer/AutoPlayMediaStudioTests.cs index c6c8e65e..845cbeea 100644 --- a/BinaryObjectScanner.Test/Packer/AutoPlayMediaStudioTests.cs +++ b/BinaryObjectScanner.Test/Packer/AutoPlayMediaStudioTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new AutoPlayMediaStudio(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/CExeTests.cs b/BinaryObjectScanner.Test/Packer/CExeTests.cs index 8200cdc3..d35f358a 100644 --- a/BinaryObjectScanner.Test/Packer/CExeTests.cs +++ b/BinaryObjectScanner.Test/Packer/CExeTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CExe(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/CrunchTests.cs b/BinaryObjectScanner.Test/Packer/CrunchTests.cs index f1178148..6830c08b 100644 --- a/BinaryObjectScanner.Test/Packer/CrunchTests.cs +++ b/BinaryObjectScanner.Test/Packer/CrunchTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Crunch(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/DotFuscatorTests.cs b/BinaryObjectScanner.Test/Packer/DotFuscatorTests.cs index 8c4644a9..451eb35e 100644 --- a/BinaryObjectScanner.Test/Packer/DotFuscatorTests.cs +++ b/BinaryObjectScanner.Test/Packer/DotFuscatorTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new DotFuscator(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/DotNetReactorTests.cs b/BinaryObjectScanner.Test/Packer/DotNetReactorTests.cs index 592a9baf..b4e6903f 100644 --- a/BinaryObjectScanner.Test/Packer/DotNetReactorTests.cs +++ b/BinaryObjectScanner.Test/Packer/DotNetReactorTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new DotNetReactor(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/EXEStealthTests.cs b/BinaryObjectScanner.Test/Packer/EXEStealthTests.cs index 21ea13a7..f13cf738 100644 --- a/BinaryObjectScanner.Test/Packer/EXEStealthTests.cs +++ b/BinaryObjectScanner.Test/Packer/EXEStealthTests.cs @@ -23,10 +23,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new EXEStealth(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/EmbeddedFileTests.cs b/BinaryObjectScanner.Test/Packer/EmbeddedFileTests.cs index c090e4aa..d6ce9f9d 100644 --- a/BinaryObjectScanner.Test/Packer/EmbeddedFileTests.cs +++ b/BinaryObjectScanner.Test/Packer/EmbeddedFileTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new EmbeddedFile(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/GenteeInstallerTests.cs b/BinaryObjectScanner.Test/Packer/GenteeInstallerTests.cs index 8c626341..f504a34e 100644 --- a/BinaryObjectScanner.Test/Packer/GenteeInstallerTests.cs +++ b/BinaryObjectScanner.Test/Packer/GenteeInstallerTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new GenteeInstaller(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/HyperTechCrackProofTests.cs b/BinaryObjectScanner.Test/Packer/HyperTechCrackProofTests.cs index 2a4fd90e..869e1576 100644 --- a/BinaryObjectScanner.Test/Packer/HyperTechCrackProofTests.cs +++ b/BinaryObjectScanner.Test/Packer/HyperTechCrackProofTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new HyperTechCrackProof(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/InnoSetupTests.cs b/BinaryObjectScanner.Test/Packer/InnoSetupTests.cs index 26e10a1e..b5f96c25 100644 --- a/BinaryObjectScanner.Test/Packer/InnoSetupTests.cs +++ b/BinaryObjectScanner.Test/Packer/InnoSetupTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new InnoSetup(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -25,10 +25,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new InnoSetup(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/InstallAnywhereTests.cs b/BinaryObjectScanner.Test/Packer/InstallAnywhereTests.cs index 6bddd2f3..b0fbd0d0 100644 --- a/BinaryObjectScanner.Test/Packer/InstallAnywhereTests.cs +++ b/BinaryObjectScanner.Test/Packer/InstallAnywhereTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new InstallAnywhere(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/InstallerVISETests.cs b/BinaryObjectScanner.Test/Packer/InstallerVISETests.cs index bffb71ec..f0d65336 100644 --- a/BinaryObjectScanner.Test/Packer/InstallerVISETests.cs +++ b/BinaryObjectScanner.Test/Packer/InstallerVISETests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new InstallerVISE(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/IntelInstallationFrameworkTests.cs b/BinaryObjectScanner.Test/Packer/IntelInstallationFrameworkTests.cs index 332f6ff6..f57b18e4 100644 --- a/BinaryObjectScanner.Test/Packer/IntelInstallationFrameworkTests.cs +++ b/BinaryObjectScanner.Test/Packer/IntelInstallationFrameworkTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new IntelInstallationFramework(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/MicrosoftCABSFXTests.cs b/BinaryObjectScanner.Test/Packer/MicrosoftCABSFXTests.cs index 4f08778a..9c594a03 100644 --- a/BinaryObjectScanner.Test/Packer/MicrosoftCABSFXTests.cs +++ b/BinaryObjectScanner.Test/Packer/MicrosoftCABSFXTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new MicrosoftCABSFX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/NSISTests.cs b/BinaryObjectScanner.Test/Packer/NSISTests.cs index 6a4d1b4f..dcce2d55 100644 --- a/BinaryObjectScanner.Test/Packer/NSISTests.cs +++ b/BinaryObjectScanner.Test/Packer/NSISTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new NSIS(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/NeoLiteTests.cs b/BinaryObjectScanner.Test/Packer/NeoLiteTests.cs index 72d6f515..568a49c2 100644 --- a/BinaryObjectScanner.Test/Packer/NeoLiteTests.cs +++ b/BinaryObjectScanner.Test/Packer/NeoLiteTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new NeoLite(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/PECompactTests.cs b/BinaryObjectScanner.Test/Packer/PECompactTests.cs index e00b1a8d..1948136e 100644 --- a/BinaryObjectScanner.Test/Packer/PECompactTests.cs +++ b/BinaryObjectScanner.Test/Packer/PECompactTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new PECompact(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/PEtiteTests.cs b/BinaryObjectScanner.Test/Packer/PEtiteTests.cs index ca9b8797..3ecca3d9 100644 --- a/BinaryObjectScanner.Test/Packer/PEtiteTests.cs +++ b/BinaryObjectScanner.Test/Packer/PEtiteTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new PEtite(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/SetupFactoryTests.cs b/BinaryObjectScanner.Test/Packer/SetupFactoryTests.cs index 4eb1ad60..8844dba2 100644 --- a/BinaryObjectScanner.Test/Packer/SetupFactoryTests.cs +++ b/BinaryObjectScanner.Test/Packer/SetupFactoryTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SetupFactory(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/SevenZipSFXTests.cs b/BinaryObjectScanner.Test/Packer/SevenZipSFXTests.cs index bbd2f96a..5f6ca145 100644 --- a/BinaryObjectScanner.Test/Packer/SevenZipSFXTests.cs +++ b/BinaryObjectScanner.Test/Packer/SevenZipSFXTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SevenZipSFX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/ShrinkerTests.cs b/BinaryObjectScanner.Test/Packer/ShrinkerTests.cs index 0753d8fd..df9ef250 100644 --- a/BinaryObjectScanner.Test/Packer/ShrinkerTests.cs +++ b/BinaryObjectScanner.Test/Packer/ShrinkerTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Shrinker(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/UPXTests.cs b/BinaryObjectScanner.Test/Packer/UPXTests.cs index d8e3c1ae..97040f5f 100644 --- a/BinaryObjectScanner.Test/Packer/UPXTests.cs +++ b/BinaryObjectScanner.Test/Packer/UPXTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new UPX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/WinRARSFXTests.cs b/BinaryObjectScanner.Test/Packer/WinRARSFXTests.cs index 5c746586..1add32bb 100644 --- a/BinaryObjectScanner.Test/Packer/WinRARSFXTests.cs +++ b/BinaryObjectScanner.Test/Packer/WinRARSFXTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new WinRARSFX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/WinZipSFXTests.cs b/BinaryObjectScanner.Test/Packer/WinZipSFXTests.cs index c14ba844..6196686c 100644 --- a/BinaryObjectScanner.Test/Packer/WinZipSFXTests.cs +++ b/BinaryObjectScanner.Test/Packer/WinZipSFXTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new WinZipSFX(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -25,10 +25,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new WinZipSFX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Packer/WiseInstallerTests.cs b/BinaryObjectScanner.Test/Packer/WiseInstallerTests.cs index 543bcf31..d8c4234d 100644 --- a/BinaryObjectScanner.Test/Packer/WiseInstallerTests.cs +++ b/BinaryObjectScanner.Test/Packer/WiseInstallerTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new WiseInstaller(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -25,10 +25,10 @@ namespace BinaryObjectScanner.Test.Packer string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new WiseInstaller(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/ActiveMARKTests.cs b/BinaryObjectScanner.Test/Protection/ActiveMARKTests.cs index 026e1151..7c271142 100644 --- a/BinaryObjectScanner.Test/Protection/ActiveMARKTests.cs +++ b/BinaryObjectScanner.Test/Protection/ActiveMARKTests.cs @@ -23,10 +23,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ActiveMARK(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/AegiSoftTests.cs b/BinaryObjectScanner.Test/Protection/AegiSoftTests.cs index 6c4aa8c9..f2640d37 100644 --- a/BinaryObjectScanner.Test/Protection/AegiSoftTests.cs +++ b/BinaryObjectScanner.Test/Protection/AegiSoftTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new AegiSoft(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/AlphaROMTests.cs b/BinaryObjectScanner.Test/Protection/AlphaROMTests.cs index 39ecc9fe..2e2bc142 100644 --- a/BinaryObjectScanner.Test/Protection/AlphaROMTests.cs +++ b/BinaryObjectScanner.Test/Protection/AlphaROMTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new AlphaROM(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/ArmadilloTests.cs b/BinaryObjectScanner.Test/Protection/ArmadilloTests.cs index 22458bc0..eed5b8de 100644 --- a/BinaryObjectScanner.Test/Protection/ArmadilloTests.cs +++ b/BinaryObjectScanner.Test/Protection/ArmadilloTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Armadillo(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/ByteShieldTests.cs b/BinaryObjectScanner.Test/Protection/ByteShieldTests.cs index 111a58a8..c16a5fb6 100644 --- a/BinaryObjectScanner.Test/Protection/ByteShieldTests.cs +++ b/BinaryObjectScanner.Test/Protection/ByteShieldTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ByteShield(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CDCheckTests.cs b/BinaryObjectScanner.Test/Protection/CDCheckTests.cs index 955a4b4a..30f8540a 100644 --- a/BinaryObjectScanner.Test/Protection/CDCheckTests.cs +++ b/BinaryObjectScanner.Test/Protection/CDCheckTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDCheck(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/CDDVDCopsTests.cs b/BinaryObjectScanner.Test/Protection/CDDVDCopsTests.cs index 7a43cf54..02276da7 100644 --- a/BinaryObjectScanner.Test/Protection/CDDVDCopsTests.cs +++ b/BinaryObjectScanner.Test/Protection/CDDVDCopsTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new CDDVDCops(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -26,10 +26,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDDVDCops(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CDGuardTests.cs b/BinaryObjectScanner.Test/Protection/CDGuardTests.cs index a58679c1..12094388 100644 --- a/BinaryObjectScanner.Test/Protection/CDGuardTests.cs +++ b/BinaryObjectScanner.Test/Protection/CDGuardTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDGuard(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CDKeyTests.cs b/BinaryObjectScanner.Test/Protection/CDKeyTests.cs index 8fa49476..3430aa4a 100644 --- a/BinaryObjectScanner.Test/Protection/CDKeyTests.cs +++ b/BinaryObjectScanner.Test/Protection/CDKeyTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDKey(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/CDLockTests.cs b/BinaryObjectScanner.Test/Protection/CDLockTests.cs index cbe5e003..8dcaa3ab 100644 --- a/BinaryObjectScanner.Test/Protection/CDLockTests.cs +++ b/BinaryObjectScanner.Test/Protection/CDLockTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDLock(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CDSHiELDSETests.cs b/BinaryObjectScanner.Test/Protection/CDSHiELDSETests.cs index 8a80e2e1..424c32e6 100644 --- a/BinaryObjectScanner.Test/Protection/CDSHiELDSETests.cs +++ b/BinaryObjectScanner.Test/Protection/CDSHiELDSETests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CDSHiELDSE(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/CenegaProtectDVDTests.cs b/BinaryObjectScanner.Test/Protection/CenegaProtectDVDTests.cs index 420efb9a..a8858ca8 100644 --- a/BinaryObjectScanner.Test/Protection/CenegaProtectDVDTests.cs +++ b/BinaryObjectScanner.Test/Protection/CenegaProtectDVDTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CenegaProtectDVD(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ChannelwareTests.cs b/BinaryObjectScanner.Test/Protection/ChannelwareTests.cs index b36eb332..2d49dd50 100644 --- a/BinaryObjectScanner.Test/Protection/ChannelwareTests.cs +++ b/BinaryObjectScanner.Test/Protection/ChannelwareTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Channelware(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ChosenBytesCodeLockTests.cs b/BinaryObjectScanner.Test/Protection/ChosenBytesCodeLockTests.cs index 140b289e..ad504d5a 100644 --- a/BinaryObjectScanner.Test/Protection/ChosenBytesCodeLockTests.cs +++ b/BinaryObjectScanner.Test/Protection/ChosenBytesCodeLockTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ChosenBytesCodeLock(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CopyKillerTests.cs b/BinaryObjectScanner.Test/Protection/CopyKillerTests.cs index 3c6cec38..c198033d 100644 --- a/BinaryObjectScanner.Test/Protection/CopyKillerTests.cs +++ b/BinaryObjectScanner.Test/Protection/CopyKillerTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CopyKiller(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CopyLokTests.cs b/BinaryObjectScanner.Test/Protection/CopyLokTests.cs index 35c15311..c0333389 100644 --- a/BinaryObjectScanner.Test/Protection/CopyLokTests.cs +++ b/BinaryObjectScanner.Test/Protection/CopyLokTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CopyLok(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/CopyXTests.cs b/BinaryObjectScanner.Test/Protection/CopyXTests.cs index 5fb80adc..0386c653 100644 --- a/BinaryObjectScanner.Test/Protection/CopyXTests.cs +++ b/BinaryObjectScanner.Test/Protection/CopyXTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CopyX(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CrypKeyTests.cs b/BinaryObjectScanner.Test/Protection/CrypKeyTests.cs index c1ef5d21..752d48a7 100644 --- a/BinaryObjectScanner.Test/Protection/CrypKeyTests.cs +++ b/BinaryObjectScanner.Test/Protection/CrypKeyTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new CrypKey(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/CuckoTests.cs b/BinaryObjectScanner.Test/Protection/CuckoTests.cs index 638cba8e..6b826521 100644 --- a/BinaryObjectScanner.Test/Protection/CuckoTests.cs +++ b/BinaryObjectScanner.Test/Protection/CuckoTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Cucko(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/DenuvoTests.cs b/BinaryObjectScanner.Test/Protection/DenuvoTests.cs index e3425518..2f7930ab 100644 --- a/BinaryObjectScanner.Test/Protection/DenuvoTests.cs +++ b/BinaryObjectScanner.Test/Protection/DenuvoTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Denuvo(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/DigiGuardTests.cs b/BinaryObjectScanner.Test/Protection/DigiGuardTests.cs index 9dd40894..7891d664 100644 --- a/BinaryObjectScanner.Test/Protection/DigiGuardTests.cs +++ b/BinaryObjectScanner.Test/Protection/DigiGuardTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new DigiGuard(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/DiscGuardTests.cs b/BinaryObjectScanner.Test/Protection/DiscGuardTests.cs index 0ddbbfe7..bee9c99d 100644 --- a/BinaryObjectScanner.Test/Protection/DiscGuardTests.cs +++ b/BinaryObjectScanner.Test/Protection/DiscGuardTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new DiscGuard(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/EAAntiCheatTests.cs b/BinaryObjectScanner.Test/Protection/EAAntiCheatTests.cs index 6006728d..8180c521 100644 --- a/BinaryObjectScanner.Test/Protection/EAAntiCheatTests.cs +++ b/BinaryObjectScanner.Test/Protection/EAAntiCheatTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new EAAntiCheat(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/EasyAntiCheatTests.cs b/BinaryObjectScanner.Test/Protection/EasyAntiCheatTests.cs index 610e96ba..7239d30d 100644 --- a/BinaryObjectScanner.Test/Protection/EasyAntiCheatTests.cs +++ b/BinaryObjectScanner.Test/Protection/EasyAntiCheatTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new EasyAntiCheat(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ElectronicArtsTests.cs b/BinaryObjectScanner.Test/Protection/ElectronicArtsTests.cs index 9be2deb2..be58c16d 100644 --- a/BinaryObjectScanner.Test/Protection/ElectronicArtsTests.cs +++ b/BinaryObjectScanner.Test/Protection/ElectronicArtsTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ElectronicArts(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/Engine32Tests.cs b/BinaryObjectScanner.Test/Protection/Engine32Tests.cs index 58d259ee..93a72643 100644 --- a/BinaryObjectScanner.Test/Protection/Engine32Tests.cs +++ b/BinaryObjectScanner.Test/Protection/Engine32Tests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Engine32(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/GFWLTests.cs b/BinaryObjectScanner.Test/Protection/GFWLTests.cs index 2e5c66c1..dc9f51c7 100644 --- a/BinaryObjectScanner.Test/Protection/GFWLTests.cs +++ b/BinaryObjectScanner.Test/Protection/GFWLTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new GFWL(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/GefestTests.cs b/BinaryObjectScanner.Test/Protection/GefestTests.cs index adc96a14..8532d5eb 100644 --- a/BinaryObjectScanner.Test/Protection/GefestTests.cs +++ b/BinaryObjectScanner.Test/Protection/GefestTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Gefest(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/HexalockAutoLockTests.cs b/BinaryObjectScanner.Test/Protection/HexalockAutoLockTests.cs index aa89d506..a6a27e1d 100644 --- a/BinaryObjectScanner.Test/Protection/HexalockAutoLockTests.cs +++ b/BinaryObjectScanner.Test/Protection/HexalockAutoLockTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new HexalockAutoLock(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ImpulseReactorTests.cs b/BinaryObjectScanner.Test/Protection/ImpulseReactorTests.cs index dc1c45f6..0dc6585c 100644 --- a/BinaryObjectScanner.Test/Protection/ImpulseReactorTests.cs +++ b/BinaryObjectScanner.Test/Protection/ImpulseReactorTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ImpulseReactor(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/InteniumTests.cs b/BinaryObjectScanner.Test/Protection/InteniumTests.cs index edc79dac..14c5fbff 100644 --- a/BinaryObjectScanner.Test/Protection/InteniumTests.cs +++ b/BinaryObjectScanner.Test/Protection/InteniumTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Intenium(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/InterLokTests.cs b/BinaryObjectScanner.Test/Protection/InterLokTests.cs index cbeb5270..54df2acd 100644 --- a/BinaryObjectScanner.Test/Protection/InterLokTests.cs +++ b/BinaryObjectScanner.Test/Protection/InterLokTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new InterLok(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/JoWoodTests.cs b/BinaryObjectScanner.Test/Protection/JoWoodTests.cs index d0c942e2..237289e2 100644 --- a/BinaryObjectScanner.Test/Protection/JoWoodTests.cs +++ b/BinaryObjectScanner.Test/Protection/JoWoodTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new JoWood(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/KalypsoLauncherTests.cs b/BinaryObjectScanner.Test/Protection/KalypsoLauncherTests.cs index 3bf517f5..55e68440 100644 --- a/BinaryObjectScanner.Test/Protection/KalypsoLauncherTests.cs +++ b/BinaryObjectScanner.Test/Protection/KalypsoLauncherTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new KalypsoLauncher(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/LabelGateTests.cs b/BinaryObjectScanner.Test/Protection/LabelGateTests.cs index 56b239ca..9d15a726 100644 --- a/BinaryObjectScanner.Test/Protection/LabelGateTests.cs +++ b/BinaryObjectScanner.Test/Protection/LabelGateTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new LabelGate(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/LaserLokTests.cs b/BinaryObjectScanner.Test/Protection/LaserLokTests.cs index 4b21ba02..49ede6a3 100644 --- a/BinaryObjectScanner.Test/Protection/LaserLokTests.cs +++ b/BinaryObjectScanner.Test/Protection/LaserLokTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new LaserLok(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/MGIRegistrationTests.cs b/BinaryObjectScanner.Test/Protection/MGIRegistrationTests.cs index 53b4228e..709114e2 100644 --- a/BinaryObjectScanner.Test/Protection/MGIRegistrationTests.cs +++ b/BinaryObjectScanner.Test/Protection/MGIRegistrationTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new MGIRegistration(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/MacrovisionTests.cs b/BinaryObjectScanner.Test/Protection/MacrovisionTests.cs index f83cdba1..1f89f29a 100644 --- a/BinaryObjectScanner.Test/Protection/MacrovisionTests.cs +++ b/BinaryObjectScanner.Test/Protection/MacrovisionTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new Macrovision(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -26,10 +26,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Macrovision(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/MediaCloQTests.cs b/BinaryObjectScanner.Test/Protection/MediaCloQTests.cs index 36505bcc..88604e2e 100644 --- a/BinaryObjectScanner.Test/Protection/MediaCloQTests.cs +++ b/BinaryObjectScanner.Test/Protection/MediaCloQTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new MediaCloQ(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/MediaMaxTests.cs b/BinaryObjectScanner.Test/Protection/MediaMaxTests.cs index 9fedaaf7..4ab5a5ef 100644 --- a/BinaryObjectScanner.Test/Protection/MediaMaxTests.cs +++ b/BinaryObjectScanner.Test/Protection/MediaMaxTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new MediaMax(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/NEACProtectTests.cs b/BinaryObjectScanner.Test/Protection/NEACProtectTests.cs index 0b38cd9a..0de250a6 100644 --- a/BinaryObjectScanner.Test/Protection/NEACProtectTests.cs +++ b/BinaryObjectScanner.Test/Protection/NEACProtectTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new NEACProtect(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/NProtectTests.cs b/BinaryObjectScanner.Test/Protection/NProtectTests.cs index 63f40d08..f900a95f 100644 --- a/BinaryObjectScanner.Test/Protection/NProtectTests.cs +++ b/BinaryObjectScanner.Test/Protection/NProtectTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new NProtect(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/OnlineRegistrationTests.cs b/BinaryObjectScanner.Test/Protection/OnlineRegistrationTests.cs index 956e9b88..baea5223 100644 --- a/BinaryObjectScanner.Test/Protection/OnlineRegistrationTests.cs +++ b/BinaryObjectScanner.Test/Protection/OnlineRegistrationTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new OnlineRegistration(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/OpenMGTests.cs b/BinaryObjectScanner.Test/Protection/OpenMGTests.cs index 634f592a..fccfaa8c 100644 --- a/BinaryObjectScanner.Test/Protection/OpenMGTests.cs +++ b/BinaryObjectScanner.Test/Protection/OpenMGTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new OpenMG(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/OriginTests.cs b/BinaryObjectScanner.Test/Protection/OriginTests.cs index e5a3538f..4f811f2e 100644 --- a/BinaryObjectScanner.Test/Protection/OriginTests.cs +++ b/BinaryObjectScanner.Test/Protection/OriginTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Origin(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/PlayJTests.cs b/BinaryObjectScanner.Test/Protection/PlayJTests.cs index 664e52a1..27a15070 100644 --- a/BinaryObjectScanner.Test/Protection/PlayJTests.cs +++ b/BinaryObjectScanner.Test/Protection/PlayJTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new PlayJ(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ProtectDiscTests.cs b/BinaryObjectScanner.Test/Protection/ProtectDiscTests.cs index 030f9ca9..1857ffeb 100644 --- a/BinaryObjectScanner.Test/Protection/ProtectDiscTests.cs +++ b/BinaryObjectScanner.Test/Protection/ProtectDiscTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ProtectDISC(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/RainbowSentinelTests.cs b/BinaryObjectScanner.Test/Protection/RainbowSentinelTests.cs index 44e8e8af..ccf6c6ea 100644 --- a/BinaryObjectScanner.Test/Protection/RainbowSentinelTests.cs +++ b/BinaryObjectScanner.Test/Protection/RainbowSentinelTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.NewExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.NewExecutable nex = new(model, source); + SabreTools.Serialization.Wrappers.NewExecutable exe = new(model, source); var checker = new RainbowSentinel(); - string? actual = checker.CheckExecutable(file, nex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } @@ -26,10 +26,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new RainbowSentinel(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/RealArcadeTests.cs b/BinaryObjectScanner.Test/Protection/RealArcadeTests.cs index 8193d26c..ecfc9d22 100644 --- a/BinaryObjectScanner.Test/Protection/RealArcadeTests.cs +++ b/BinaryObjectScanner.Test/Protection/RealArcadeTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new RealArcade(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/RoxxeTests.cs b/BinaryObjectScanner.Test/Protection/RoxxeTests.cs index 8f360e4a..05e4f37b 100644 --- a/BinaryObjectScanner.Test/Protection/RoxxeTests.cs +++ b/BinaryObjectScanner.Test/Protection/RoxxeTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Roxxe(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SVKProtectorTests.cs b/BinaryObjectScanner.Test/Protection/SVKProtectorTests.cs index e6028a09..270ab876 100644 --- a/BinaryObjectScanner.Test/Protection/SVKProtectorTests.cs +++ b/BinaryObjectScanner.Test/Protection/SVKProtectorTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SVKProtector(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SecuROMTests.cs b/BinaryObjectScanner.Test/Protection/SecuROMTests.cs index 30033ec7..55690cee 100644 --- a/BinaryObjectScanner.Test/Protection/SecuROMTests.cs +++ b/BinaryObjectScanner.Test/Protection/SecuROMTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SecuROM(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SmartETests.cs b/BinaryObjectScanner.Test/Protection/SmartETests.cs index a47cf679..31927486 100644 --- a/BinaryObjectScanner.Test/Protection/SmartETests.cs +++ b/BinaryObjectScanner.Test/Protection/SmartETests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SmartE(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SoftLockTests.cs b/BinaryObjectScanner.Test/Protection/SoftLockTests.cs index 39dd1c7d..87fb685c 100644 --- a/BinaryObjectScanner.Test/Protection/SoftLockTests.cs +++ b/BinaryObjectScanner.Test/Protection/SoftLockTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SoftLock(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SolidShieldTests.cs b/BinaryObjectScanner.Test/Protection/SolidShieldTests.cs index a1995e16..4103d268 100644 --- a/BinaryObjectScanner.Test/Protection/SolidShieldTests.cs +++ b/BinaryObjectScanner.Test/Protection/SolidShieldTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new SolidShield(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/StarForceTests.cs b/BinaryObjectScanner.Test/Protection/StarForceTests.cs index 3eb9037a..b494ab16 100644 --- a/BinaryObjectScanner.Test/Protection/StarForceTests.cs +++ b/BinaryObjectScanner.Test/Protection/StarForceTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new StarForce(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SteamTests.cs b/BinaryObjectScanner.Test/Protection/SteamTests.cs index 34fb80a0..c247344d 100644 --- a/BinaryObjectScanner.Test/Protection/SteamTests.cs +++ b/BinaryObjectScanner.Test/Protection/SteamTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Steam(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/SysiphusTests.cs b/BinaryObjectScanner.Test/Protection/SysiphusTests.cs index 63508ee4..66a7149f 100644 --- a/BinaryObjectScanner.Test/Protection/SysiphusTests.cs +++ b/BinaryObjectScanner.Test/Protection/SysiphusTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Sysiphus(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/TAGESTests.cs b/BinaryObjectScanner.Test/Protection/TAGESTests.cs index fc7a19a1..001cfc4c 100644 --- a/BinaryObjectScanner.Test/Protection/TAGESTests.cs +++ b/BinaryObjectScanner.Test/Protection/TAGESTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new TAGES(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/ThemidaTests.cs b/BinaryObjectScanner.Test/Protection/ThemidaTests.cs index f050f20e..8235afe4 100644 --- a/BinaryObjectScanner.Test/Protection/ThemidaTests.cs +++ b/BinaryObjectScanner.Test/Protection/ThemidaTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Themida(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/ThreePLockTests.cs b/BinaryObjectScanner.Test/Protection/ThreePLockTests.cs index 598ee4fb..6d422c5d 100644 --- a/BinaryObjectScanner.Test/Protection/ThreePLockTests.cs +++ b/BinaryObjectScanner.Test/Protection/ThreePLockTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ThreePLock(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/ThreeTwoOneStudiosTests.cs b/BinaryObjectScanner.Test/Protection/ThreeTwoOneStudiosTests.cs index 029d6b71..97dcba9f 100644 --- a/BinaryObjectScanner.Test/Protection/ThreeTwoOneStudiosTests.cs +++ b/BinaryObjectScanner.Test/Protection/ThreeTwoOneStudiosTests.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new ThreeTwoOneStudios(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } } diff --git a/BinaryObjectScanner.Test/Protection/UplayTests.cs b/BinaryObjectScanner.Test/Protection/UplayTests.cs index f8e84f9c..ff51e94c 100644 --- a/BinaryObjectScanner.Test/Protection/UplayTests.cs +++ b/BinaryObjectScanner.Test/Protection/UplayTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new Uplay(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/WMDSTests.cs b/BinaryObjectScanner.Test/Protection/WMDSTests.cs index 6d6b7737..ba922e43 100644 --- a/BinaryObjectScanner.Test/Protection/WMDSTests.cs +++ b/BinaryObjectScanner.Test/Protection/WMDSTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new WMDS(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/WTMCDProtectTests.cs b/BinaryObjectScanner.Test/Protection/WTMCDProtectTests.cs index f7c2a3a8..bd17a35e 100644 --- a/BinaryObjectScanner.Test/Protection/WTMCDProtectTests.cs +++ b/BinaryObjectScanner.Test/Protection/WTMCDProtectTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new WTMCDProtect(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner.Test/Protection/XCPTests.cs b/BinaryObjectScanner.Test/Protection/XCPTests.cs index bd731940..e99fd7d0 100644 --- a/BinaryObjectScanner.Test/Protection/XCPTests.cs +++ b/BinaryObjectScanner.Test/Protection/XCPTests.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Test.Protection string file = "filename"; SabreTools.Models.PortableExecutable.Executable model = new(); Stream source = new MemoryStream(); - SabreTools.Serialization.Wrappers.PortableExecutable pex = new(model, source); + SabreTools.Serialization.Wrappers.PortableExecutable exe = new(model, source); var checker = new XCP(); - string? actual = checker.CheckExecutable(file, pex, includeDebug: false); + string? actual = checker.CheckExecutable(file, exe, includeDebug: false); Assert.Null(actual); } diff --git a/BinaryObjectScanner/GameEngine/RenderWare.cs b/BinaryObjectScanner/GameEngine/RenderWare.cs index b2303eb2..7656be44 100644 --- a/BinaryObjectScanner/GameEngine/RenderWare.cs +++ b/BinaryObjectScanner/GameEngine/RenderWare.cs @@ -18,12 +18,12 @@ namespace BinaryObjectScanner.GameEngine public class RenderWare : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in Redump entries 20138, 55823, and 102493. - bool rwcsegSection = pex.ContainsSection("_rwcseg", exact: true); + bool rwcsegSection = exe.ContainsSection("_rwcseg", exact: true); // Found in Redump entry 20138. - bool rwdsegSection = pex.ContainsSection("_rwdseg", exact: true); + bool rwdsegSection = exe.ContainsSection("_rwdseg", exact: true); // TODO: Check if this indicates a specific version, or if these sections are present in multiple. if (rwcsegSection || rwdsegSection) diff --git a/BinaryObjectScanner/Packer/ASPack.cs b/BinaryObjectScanner/Packer/ASPack.cs index 623046b7..cb5f4419 100644 --- a/BinaryObjectScanner/Packer/ASPack.cs +++ b/BinaryObjectScanner/Packer/ASPack.cs @@ -11,23 +11,23 @@ namespace BinaryObjectScanner.Packer public class ASPack : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .aspack section, if it exists - if (pex.ContainsSection(".aspack", exact: true)) + if (exe.ContainsSection(".aspack", exact: true)) return "ASPack 2.29"; // Use the entry point data, if it exists - if (pex.EntryPointData != null) + if (exe.EntryPointData != null) { var matchers = GenerateMatchers(); - var match = MatchUtil.GetFirstMatch(file, pex.EntryPointData, matchers, includeDebug); + var match = MatchUtil.GetFirstMatch(file, exe.EntryPointData, matchers, includeDebug); if (!string.IsNullOrEmpty(match)) return match; } // Get the .adata* section, if it exists - var adataSectionRaw = pex.GetFirstSectionData(".adata", exact: false); + var adataSectionRaw = exe.GetFirstSectionData(".adata", exact: false); if (adataSectionRaw != null) { var matchers = GenerateMatchers(); @@ -37,7 +37,7 @@ namespace BinaryObjectScanner.Packer } // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw != null) { var matchers = GenerateMatchers(); diff --git a/BinaryObjectScanner/Packer/AdvancedInstaller.cs b/BinaryObjectScanner/Packer/AdvancedInstaller.cs index 1f2335af..92bebfa6 100644 --- a/BinaryObjectScanner/Packer/AdvancedInstaller.cs +++ b/BinaryObjectScanner/Packer/AdvancedInstaller.cs @@ -8,10 +8,10 @@ namespace BinaryObjectScanner.Packer public class AdvancedInstaller : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .rdata section strings, if they exist - var strs = pex.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { if (strs.Exists(s => s.Contains("Software\\Caphyon\\Advanced Installer"))) diff --git a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs index c81df808..2ac994ae 100644 --- a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs +++ b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs @@ -10,30 +10,30 @@ namespace BinaryObjectScanner.Packer public class AutoPlayMediaStudio : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Known to detect versions 5.0.0.3 - 8.1.0.0 - var name = pex.ProductName; + var name = exe.ProductName; if (name.OptionalStartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase)) - return $"AutoPlay Media Studio {GetVersion(pex)}"; + return $"AutoPlay Media Studio {GetVersion(exe)}"; // TODO: Currently too vague, may be re-enabled in the future - // name = Utilities.GetLegalCopyright(pex); + // name = Utilities.GetLegalCopyright(exe); // if (name.OptionalStartsWith("Runtime Engine", StringComparison.OrdinalIgnoreCase)) - // return $"AutoPlay Media Studio {GetVersion(pex)}"; + // return $"AutoPlay Media Studio {GetVersion(exe)}"; return null; } - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the product version explicitly - var version = pex.ProductVersion; + var version = exe.ProductVersion; if (!string.IsNullOrEmpty(version)) return version!; // Check the internal versions - version = pex.GetInternalVersion(); + version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return version!; diff --git a/BinaryObjectScanner/Packer/CExe.cs b/BinaryObjectScanner/Packer/CExe.cs index d70ffe24..eedcdb56 100644 --- a/BinaryObjectScanner/Packer/CExe.cs +++ b/BinaryObjectScanner/Packer/CExe.cs @@ -12,13 +12,13 @@ namespace BinaryObjectScanner.Packer public class CExe : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // If there are exactly 2 resources with type 99 - if (pex.FindResourceByNamedType("99, ").Count == 2) + if (exe.FindResourceByNamedType("99, ").Count == 2) return "CExe"; - if (pex.StubExecutableData != null) + if (exe.StubExecutableData != null) { var matchers = new List { @@ -33,7 +33,7 @@ namespace BinaryObjectScanner.Packer }, "CExe") }; - var match = MatchUtil.GetFirstMatch(file, pex.StubExecutableData, matchers, includeDebug); + var match = MatchUtil.GetFirstMatch(file, exe.StubExecutableData, matchers, includeDebug); if (!string.IsNullOrEmpty(match)) return match; } diff --git a/BinaryObjectScanner/Packer/Crunch.cs b/BinaryObjectScanner/Packer/Crunch.cs index 3b7c1960..252e5f2c 100644 --- a/BinaryObjectScanner/Packer/Crunch.cs +++ b/BinaryObjectScanner/Packer/Crunch.cs @@ -9,11 +9,11 @@ namespace BinaryObjectScanner.Packer public class Crunch : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the last section strings, if they exist - var sections = pex.Model.SectionTable ?? []; - var strs = pex.GetSectionStrings(sections.Length - 1); + var sections = exe.Model.SectionTable ?? []; + var strs = exe.GetSectionStrings(sections.Length - 1); if (strs != null) { if (strs.Exists(s => s.Contains("BITARTS"))) diff --git a/BinaryObjectScanner/Packer/DotFuscator.cs b/BinaryObjectScanner/Packer/DotFuscator.cs index 4be90519..d3ec5741 100644 --- a/BinaryObjectScanner/Packer/DotFuscator.cs +++ b/BinaryObjectScanner/Packer/DotFuscator.cs @@ -7,10 +7,10 @@ namespace BinaryObjectScanner.Packer public class DotFuscator : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .text section strings, if they exist - var strs = pex.GetFirstSectionStrings(".text"); + var strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { if (strs.Exists(s => s.Contains("DotfuscatorAttribute"))) diff --git a/BinaryObjectScanner/Packer/DotNetReactor.cs b/BinaryObjectScanner/Packer/DotNetReactor.cs index 426197c5..4da8e62a 100644 --- a/BinaryObjectScanner/Packer/DotNetReactor.cs +++ b/BinaryObjectScanner/Packer/DotNetReactor.cs @@ -18,13 +18,13 @@ namespace BinaryObjectScanner.Packer public class DotNetReactor : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Detect version // TODO: Further refine checks using https://github.com/horsicq/Detect-It-Easy/blob/075a70b1484d1d84d1dc37c86aac16188d5a84e7/db/PE/NetReactor.2.sg and https://github.com/cod3nym/detection-rules/blob/main/yara/dotnet/obf_net_reactor.yar // Get the .text section, if it exists - var textData = pex.GetFirstSectionData(".text"); + var textData = exe.GetFirstSectionData(".text"); if (textData != null) { var matchers = new List diff --git a/BinaryObjectScanner/Packer/EXEStealth.cs b/BinaryObjectScanner/Packer/EXEStealth.cs index e033ba0b..ba2251ee 100644 --- a/BinaryObjectScanner/Packer/EXEStealth.cs +++ b/BinaryObjectScanner/Packer/EXEStealth.cs @@ -33,7 +33,7 @@ namespace BinaryObjectScanner.Packer } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // The ExeS/EXES/*mtw sections seem to map to the Import Table // 2.6/2.51 @@ -47,17 +47,17 @@ namespace BinaryObjectScanner.Packer // `ExeStealth V2 Shareware not for public - This text not in registered version - www.webtoolmaster.com` // Get the ExeS/EXES section, if it exists - if (pex.ContainsSection("ExeS", exact: true)) + if (exe.ContainsSection("ExeS", exact: true)) return "EXE Stealth 2.41-2.75"; - if (pex.ContainsSection("EXES", exact: true)) + if (exe.ContainsSection("EXES", exact: true)) return "EXE Stealth 2.41-2.75"; // Get the mtw section, if it exists - if (pex.ContainsSection("mtw", exact: true)) + if (exe.ContainsSection("mtw", exact: true)) return "EXE Stealth 1.1"; // Get the rsrr section, if it exists - if (pex.ContainsSection("rsrr", exact: true)) + if (exe.ContainsSection("rsrr", exact: true)) return "EXE Stealth 2.76"; return null; diff --git a/BinaryObjectScanner/Packer/EmbeddedFile.cs b/BinaryObjectScanner/Packer/EmbeddedFile.cs index 42c54b36..0441ba15 100644 --- a/BinaryObjectScanner/Packer/EmbeddedFile.cs +++ b/BinaryObjectScanner/Packer/EmbeddedFile.cs @@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Packer public class EmbeddedFile : IExecutableCheck, IExecutableCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // TODO: Have this return all detected things, not just the first - byte[]? overlayData = nex.OverlayData; + byte[]? overlayData = exe.OverlayData; // Check the overlay, if it exists if (overlayData != null && overlayData.Length > 0) @@ -79,15 +79,15 @@ namespace BinaryObjectScanner.Packer } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Have this return all detected things, not just the first // Only process the overlay if it is recognized - if (pex.ResourceData != null) + if (exe.ResourceData != null) { // Cache the resource data for easier reading - var resourceData = pex.ResourceData; + var resourceData = exe.ResourceData; // Get the resources that have an archive signature foreach (var value in resourceData.Values) @@ -127,16 +127,16 @@ namespace BinaryObjectScanner.Packer } // Check the overlay, if it exists - if (pex.OverlayData != null && pex.OverlayData.Length > 0) + if (exe.OverlayData != null && exe.OverlayData.Length > 0) { // Set the output variables int overlayOffset = 0; // Only process the overlay if it is recognized - for (; overlayOffset < 0x100 && overlayOffset < pex.OverlayData.Length - 0x10; overlayOffset++) + for (; overlayOffset < 0x100 && overlayOffset < exe.OverlayData.Length - 0x10; overlayOffset++) { int temp = overlayOffset; - byte[] overlaySample = pex.OverlayData.ReadBytes(ref temp, 0x10); + byte[] overlaySample = exe.OverlayData.ReadBytes(ref temp, 0x10); if (overlaySample.StartsWith([0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C])) { @@ -177,7 +177,7 @@ namespace BinaryObjectScanner.Packer else if (overlaySample.StartsWith([0x3B, 0x21, 0x40, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C])) { // 7-zip SFX script -- ";!@Install" to ";!@InstallEnd@!" - overlayOffset = pex.OverlayData.FirstPosition([0x3B, 0x21, 0x40, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C, 0x45, 0x6E, 0x64, 0x40, 0x21]); + overlayOffset = exe.OverlayData.FirstPosition([0x3B, 0x21, 0x40, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C, 0x45, 0x6E, 0x64, 0x40, 0x21]); if (overlayOffset > -1) return "Embedded 7-Zip Archive"; } diff --git a/BinaryObjectScanner/Packer/GPInstall.cs b/BinaryObjectScanner/Packer/GPInstall.cs index 1735bf11..c2033a18 100644 --- a/BinaryObjectScanner/Packer/GPInstall.cs +++ b/BinaryObjectScanner/Packer/GPInstall.cs @@ -9,10 +9,10 @@ namespace BinaryObjectScanner.Packer public class GPInstall : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("GP-Install")) return "GP-Install"; diff --git a/BinaryObjectScanner/Packer/GenteeInstaller.cs b/BinaryObjectScanner/Packer/GenteeInstaller.cs index f983cc31..94eb7ebe 100644 --- a/BinaryObjectScanner/Packer/GenteeInstaller.cs +++ b/BinaryObjectScanner/Packer/GenteeInstaller.cs @@ -8,10 +8,10 @@ namespace BinaryObjectScanner.Packer public class GenteeInstaller : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("Gentee installer"))) diff --git a/BinaryObjectScanner/Packer/GkWareSFX.cs b/BinaryObjectScanner/Packer/GkWareSFX.cs index 4adbb6a4..f6ded7ff 100644 --- a/BinaryObjectScanner/Packer/GkWareSFX.cs +++ b/BinaryObjectScanner/Packer/GkWareSFX.cs @@ -9,15 +9,15 @@ namespace BinaryObjectScanner.Packer public class GkWareSFX : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("GkWare Self extractor")) return "GkWare SFX"; // - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("GkWare Self extractor")) return "GkWare SFX"; diff --git a/BinaryObjectScanner/Packer/HyperTechCrackProof.cs b/BinaryObjectScanner/Packer/HyperTechCrackProof.cs index 10c20d28..b9052ef2 100644 --- a/BinaryObjectScanner/Packer/HyperTechCrackProof.cs +++ b/BinaryObjectScanner/Packer/HyperTechCrackProof.cs @@ -12,14 +12,14 @@ namespace BinaryObjectScanner.Packer public class HyperTechCrackProof : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // This check may be overly limiting, as it excludes the sample provided to DiE (https://github.com/horsicq/Detect-It-Easy/issues/102). // TODO: Find further samples and invesitgate if the "peC" section is only present on specific versions. - bool importTableMatch = Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], + bool importTableMatch = Array.Exists(exe.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "KeRnEl32.dLl"); - if (pex.ContainsSection("peC", exact: true) && importTableMatch) + if (exe.ContainsSection("peC", exact: true) && importTableMatch) return "HyperTech CrackProof"; return null; diff --git a/BinaryObjectScanner/Packer/InnoSetup.cs b/BinaryObjectScanner/Packer/InnoSetup.cs index f1b3da21..57df28f4 100644 --- a/BinaryObjectScanner/Packer/InnoSetup.cs +++ b/BinaryObjectScanner/Packer/InnoSetup.cs @@ -11,15 +11,15 @@ namespace BinaryObjectScanner.Packer public class InnoSetup : IExecutableCheck, IExecutableCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // Check for "Inno" in the reserved words - var reserved2 = nex.Model.Stub?.Header?.Reserved2; + var reserved2 = exe.Model.Stub?.Header?.Reserved2; if (reserved2 != null && reserved2.Length > 5) { if (reserved2[4] == 0x6E49 && reserved2[5] == 0x6F6E) { - string version = GetOldVersion(file, nex); + string version = GetOldVersion(file, exe); if (!string.IsNullOrEmpty(version)) return $"Inno Setup {version}"; @@ -31,10 +31,10 @@ namespace BinaryObjectScanner.Packer } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { var str = strs.Find(s => s.StartsWith("Inno Setup Setup Data")); @@ -51,7 +51,7 @@ namespace BinaryObjectScanner.Packer return null; } - private static string GetOldVersion(string file, NewExecutable nex) + private static string GetOldVersion(string file, NewExecutable exe) { // Notes: // Look into `SETUPLDR` in the resident-name table @@ -60,7 +60,7 @@ namespace BinaryObjectScanner.Packer // TODO: Don't read entire file // TODO: Only 64 bytes at the end of the file is needed - byte[]? data = nex.ReadArbitraryRange(); + byte[]? data = exe.ReadArbitraryRange(); if (data == null) return "Unknown 1.X"; diff --git a/BinaryObjectScanner/Packer/InstallAnywhere.cs b/BinaryObjectScanner/Packer/InstallAnywhere.cs index 9f6cbc94..a2d0cb22 100644 --- a/BinaryObjectScanner/Packer/InstallAnywhere.cs +++ b/BinaryObjectScanner/Packer/InstallAnywhere.cs @@ -9,23 +9,23 @@ namespace BinaryObjectScanner.Packer public class InstallAnywhere : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("InstallAnywhere Self Extractor", StringComparison.OrdinalIgnoreCase)) - return $"InstallAnywhere {GetVersion(pex)}"; + return $"InstallAnywhere {GetVersion(exe)}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("InstallAnywhere", StringComparison.OrdinalIgnoreCase)) - return $"InstallAnywhere {GetVersion(pex)}"; + return $"InstallAnywhere {GetVersion(exe)}"; return null; } - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the internal versions - var version = pex.GetInternalVersion(); + var version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return version!; diff --git a/BinaryObjectScanner/Packer/InstallerVISE.cs b/BinaryObjectScanner/Packer/InstallerVISE.cs index ed6bb462..4ed8fca8 100644 --- a/BinaryObjectScanner/Packer/InstallerVISE.cs +++ b/BinaryObjectScanner/Packer/InstallerVISE.cs @@ -9,10 +9,10 @@ namespace BinaryObjectScanner.Packer { //TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("ViseMain"))) diff --git a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs index 23d21fdf..82ee3370 100644 --- a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs +++ b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs @@ -8,20 +8,20 @@ namespace BinaryObjectScanner.Packer public class IntelInstallationFramework : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase) || name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase)) { - return $"Intel Installation Framework {pex.GetInternalVersion()}"; + return $"Intel Installation Framework {exe.GetInternalVersion()}"; } - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase) || name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase)) { - return $"Intel Installation Framework {pex.GetInternalVersion()}"; + return $"Intel Installation Framework {exe.GetInternalVersion()}"; } return null; diff --git a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs index b05fd37a..72ba523c 100644 --- a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs +++ b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs @@ -9,41 +9,41 @@ namespace BinaryObjectScanner.Packer public class MicrosoftCABSFX : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.InternalName; + var name = exe.InternalName; if (name.OptionalEquals("Wextract", StringComparison.OrdinalIgnoreCase)) - return $"Microsoft CAB SFX {GetVersion(pex)}"; + return $"Microsoft CAB SFX {GetVersion(exe)}"; - name = pex.OriginalFilename; + name = exe.OriginalFilename; if (name.OptionalEquals("WEXTRACT.EXE", StringComparison.OrdinalIgnoreCase)) - return $"Microsoft CAB SFX {GetVersion(pex)}"; + return $"Microsoft CAB SFX {GetVersion(exe)}"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("wextract_cleanup"))) - return $"Microsoft CAB SFX {GetVersion(pex)}"; + return $"Microsoft CAB SFX {GetVersion(exe)}"; } // Get the .text section strings, if they exist - strs = pex.GetFirstSectionStrings(".text"); + strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { // This detects a different but similar type of SFX that uses Microsoft CAB files. // Further research is needed to see if it's just a different version or entirely separate. if (strs.Exists(s => s.Contains("MSCFu"))) - return $"Microsoft CAB SFX {GetVersion(pex)}"; + return $"Microsoft CAB SFX {GetVersion(exe)}"; } return null; } - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the internal versions - var version = pex.GetInternalVersion(); + var version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return $"v{version}"; diff --git a/BinaryObjectScanner/Packer/NSIS.cs b/BinaryObjectScanner/Packer/NSIS.cs index 6cdd4f51..4d28a657 100644 --- a/BinaryObjectScanner/Packer/NSIS.cs +++ b/BinaryObjectScanner/Packer/NSIS.cs @@ -7,14 +7,14 @@ namespace BinaryObjectScanner.Packer public class NSIS : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.AssemblyDescription; + var name = exe.AssemblyDescription; if (name.OptionalStartsWith("Nullsoft Install System")) return $"NSIS {name!.Substring("Nullsoft Install System".Length).Trim()}"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("NullsoftInst"))) diff --git a/BinaryObjectScanner/Packer/NeoLite.cs b/BinaryObjectScanner/Packer/NeoLite.cs index abd9e8de..66154749 100644 --- a/BinaryObjectScanner/Packer/NeoLite.cs +++ b/BinaryObjectScanner/Packer/NeoLite.cs @@ -17,11 +17,11 @@ namespace BinaryObjectScanner.Packer { // TODO: Find samples of NeoLite 1.X. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .neolit section, if it exists. // TODO: Check if this section is also present in NeoLite 1.X. - if (pex.ContainsSection(".neolit", exact: true)) + if (exe.ContainsSection(".neolit", exact: true)) return "NeoLite"; // If more specific or additional checks are needed, "NeoLite Executable File Compressor" should be present diff --git a/BinaryObjectScanner/Packer/PECompact.cs b/BinaryObjectScanner/Packer/PECompact.cs index b296cc89..9afcd5b9 100644 --- a/BinaryObjectScanner/Packer/PECompact.cs +++ b/BinaryObjectScanner/Packer/PECompact.cs @@ -8,21 +8,21 @@ namespace BinaryObjectScanner.Packer public class PECompact : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // 0x4F434550 is "PECO" - if (pex.Model.COFFFileHeader?.PointerToSymbolTable == 0x4F434550) + if (exe.Model.COFFFileHeader?.PointerToSymbolTable == 0x4F434550) return "PE Compact v1.x"; // TODO: Get more granular version detection. PiD is somehow able to detect version ranges based // on the data in the file. This may be related to information in other fields // Get the pec1 section, if it exists - if (pex.ContainsSection("pec1", exact: true)) + if (exe.ContainsSection("pec1", exact: true)) return "PE Compact v1.x"; // Get the PEC2 section, if it exists -- TODO: Verify this comment since it's pulling the .text section - var textSection = pex.GetFirstSection(".text", exact: true); + var textSection = exe.GetFirstSection(".text", exact: true); if (textSection?.PointerToRelocations == 0x32434550) { if (textSection.PointerToLinenumbers != 0) diff --git a/BinaryObjectScanner/Packer/PEtite.cs b/BinaryObjectScanner/Packer/PEtite.cs index ef8c103d..7feea437 100644 --- a/BinaryObjectScanner/Packer/PEtite.cs +++ b/BinaryObjectScanner/Packer/PEtite.cs @@ -8,10 +8,10 @@ namespace BinaryObjectScanner.Packer public class PEtite : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .petite section, if it exists -- TODO: Is there a version number that can be found? - if (pex.ContainsSection(".petite", exact: true)) + if (exe.ContainsSection(".petite", exact: true)) return "PEtite"; return null; diff --git a/BinaryObjectScanner/Packer/PKLite.cs b/BinaryObjectScanner/Packer/PKLite.cs index 3a0c379e..b8327549 100644 --- a/BinaryObjectScanner/Packer/PKLite.cs +++ b/BinaryObjectScanner/Packer/PKLite.cs @@ -9,10 +9,10 @@ namespace BinaryObjectScanner.Packer public class PKLite : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - if (pex.ContainsSection(".pklstb")) + if (exe.ContainsSection(".pklstb")) return "PKLITE32"; // TODO: Figure out how to determine version return null; diff --git a/BinaryObjectScanner/Packer/SetupFactory.cs b/BinaryObjectScanner/Packer/SetupFactory.cs index c18c321f..c3f0a69c 100644 --- a/BinaryObjectScanner/Packer/SetupFactory.cs +++ b/BinaryObjectScanner/Packer/SetupFactory.cs @@ -10,21 +10,21 @@ namespace BinaryObjectScanner.Packer public class SetupFactory : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Known to detect versions 7.0.5.1 - 9.1.0.0 - var name = pex.LegalCopyright; + var name = exe.LegalCopyright; if (name.OptionalStartsWith("Setup Engine", StringComparison.OrdinalIgnoreCase)) - return $"Setup Factory {GetVersion(pex)}"; + return $"Setup Factory {GetVersion(exe)}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("Setup Factory", StringComparison.OrdinalIgnoreCase)) - return $"Setup Factory {GetVersion(pex)}"; + return $"Setup Factory {GetVersion(exe)}"; // Known to detect version 5.0.1 - 6.0.1.3 - name = pex.FileDescription; + name = exe.FileDescription; if (name.OptionalStartsWith("Setup Factory", StringComparison.OrdinalIgnoreCase)) - return $"Setup Factory {GetVersion(pex)}"; + return $"Setup Factory {GetVersion(exe)}"; // Longer version of the check that can be used if false positves become an issue: // "Setup Factory is a trademark of Indigo Rose Corporation" @@ -32,15 +32,15 @@ namespace BinaryObjectScanner.Packer return null; } - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the product version explicitly - var version = pex.ProductVersion; + var version = exe.ProductVersion; if (!string.IsNullOrEmpty(version)) return version!; // Check the internal versions - version = pex.GetInternalVersion(); + version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return version!; diff --git a/BinaryObjectScanner/Packer/SevenZipSFX.cs b/BinaryObjectScanner/Packer/SevenZipSFX.cs index e35879cb..776f798c 100644 --- a/BinaryObjectScanner/Packer/SevenZipSFX.cs +++ b/BinaryObjectScanner/Packer/SevenZipSFX.cs @@ -6,32 +6,32 @@ namespace BinaryObjectScanner.Packer public class SevenZipSFX : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the assembly description, if possible - if (pex.AssemblyDescription.OptionalStartsWith("7-Zip Self-extracting Archive")) - return $"7-Zip SFX {pex.AssemblyDescription!.Substring("7-Zip Self-extracting Archive ".Length)}"; + if (exe.AssemblyDescription.OptionalStartsWith("7-Zip Self-extracting Archive")) + return $"7-Zip SFX {exe.AssemblyDescription!.Substring("7-Zip Self-extracting Archive ".Length)}"; // Get the file description, if it exists - if (pex.FileDescription.OptionalEquals("7z SFX")) + if (exe.FileDescription.OptionalEquals("7z SFX")) return "7-Zip SFX"; - if (pex.FileDescription.OptionalEquals("7z Self-Extract Setup")) + if (exe.FileDescription.OptionalEquals("7z Self-Extract Setup")) return "7-Zip SFX"; // Get the original filename, if it exists - if (pex.OriginalFilename.OptionalEquals("7z.sfx.exe")) + if (exe.OriginalFilename.OptionalEquals("7z.sfx.exe")) return "7-Zip SFX"; - else if (pex.OriginalFilename.OptionalEquals("7zS.sfx")) + else if (exe.OriginalFilename.OptionalEquals("7zS.sfx")) return "7-Zip SFX"; // Get the internal name, if it exists - if (pex.InternalName.OptionalEquals("7z.sfx")) + if (exe.InternalName.OptionalEquals("7z.sfx")) return "7-Zip SFX"; - else if (pex.InternalName.OptionalEquals("7zS.sfx")) + else if (exe.InternalName.OptionalEquals("7zS.sfx")) return "7-Zip SFX"; // If any dialog boxes match - if (pex.FindDialogByTitle("7-Zip self-extracting archive").Count > 0) + if (exe.FindDialogByTitle("7-Zip self-extracting archive").Count > 0) return "7-Zip SFX"; return null; diff --git a/BinaryObjectScanner/Packer/Shrinker.cs b/BinaryObjectScanner/Packer/Shrinker.cs index d7241df6..e81c84eb 100644 --- a/BinaryObjectScanner/Packer/Shrinker.cs +++ b/BinaryObjectScanner/Packer/Shrinker.cs @@ -8,10 +8,10 @@ namespace BinaryObjectScanner.Packer public class Shrinker : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .shrink0 and .shrink2 sections, if they exist -- TODO: Confirm if both are needed or either/or is fine - if (pex.ContainsSection(".shrink0", true) || pex.ContainsSection(".shrink2", true)) + if (exe.ContainsSection(".shrink0", true) || exe.ContainsSection(".shrink2", true)) return "Shrinker"; return null; diff --git a/BinaryObjectScanner/Packer/UPX.cs b/BinaryObjectScanner/Packer/UPX.cs index 926d440f..dc4241a2 100644 --- a/BinaryObjectScanner/Packer/UPX.cs +++ b/BinaryObjectScanner/Packer/UPX.cs @@ -15,16 +15,16 @@ namespace BinaryObjectScanner.Packer private static readonly Regex _upxVersionMatch = new Regex(@"^([0-9]\.[0-9]{2})$", RegexOptions.Compiled); /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Check header padding strings - if (pex.HeaderPaddingStrings != null && pex.HeaderPaddingStrings.Count > 0) + if (exe.HeaderPaddingStrings != null && exe.HeaderPaddingStrings.Count > 0) { - var match = pex.HeaderPaddingStrings.Find(s => s.Contains("UPX!")); + var match = exe.HeaderPaddingStrings.Find(s => s.Contains("UPX!")); //if (match != null) // return "UPX"; - match = pex.HeaderPaddingStrings.Find(s => s.StartsWith("$Id: UPX")); + match = exe.HeaderPaddingStrings.Find(s => s.StartsWith("$Id: UPX")); if (match != null) { var regexMatch = _oldUpxVersionMatch.Match(match); @@ -34,8 +34,8 @@ namespace BinaryObjectScanner.Packer return "UPX (Unknown Version)"; } - match = pex.HeaderPaddingStrings.Find(s => _upxVersionMatch.IsMatch(s)); - if (match != null && pex.HeaderPaddingStrings.Exists(s => s == "UPX!")) + match = exe.HeaderPaddingStrings.Find(s => _upxVersionMatch.IsMatch(s)); + if (match != null && exe.HeaderPaddingStrings.Exists(s => s == "UPX!")) { var regexMatch = _upxVersionMatch.Match(match); if (regexMatch.Success) @@ -43,7 +43,7 @@ namespace BinaryObjectScanner.Packer else return "UPX (Unknown Version)"; } - else if (match != null && pex.HeaderPaddingStrings.Exists(s => s == "NOS ")) + else if (match != null && exe.HeaderPaddingStrings.Exists(s => s == "NOS ")) { var regexMatch = _upxVersionMatch.Match(match); if (regexMatch.Success) diff --git a/BinaryObjectScanner/Packer/WinRARSFX.cs b/BinaryObjectScanner/Packer/WinRARSFX.cs index e19e0fa3..bd4030b9 100644 --- a/BinaryObjectScanner/Packer/WinRARSFX.cs +++ b/BinaryObjectScanner/Packer/WinRARSFX.cs @@ -6,13 +6,13 @@ namespace BinaryObjectScanner.Packer public class WinRARSFX : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.AssemblyDescription; + var name = exe.AssemblyDescription; if (name.OptionalContains("WinRAR archiver")) return "WinRAR SFX"; - if (pex.FindDialogByTitle("WinRAR self-extracting archive").Count > 0) + if (exe.FindDialogByTitle("WinRAR self-extracting archive").Count > 0) return "WinRAR SFX"; return null; diff --git a/BinaryObjectScanner/Packer/WinZipSFX.cs b/BinaryObjectScanner/Packer/WinZipSFX.cs index ec094d16..fccf97dd 100644 --- a/BinaryObjectScanner/Packer/WinZipSFX.cs +++ b/BinaryObjectScanner/Packer/WinZipSFX.cs @@ -8,16 +8,16 @@ namespace BinaryObjectScanner.Packer public class WinZipSFX : IExecutableCheck, IExecutableCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // If the resident-name table doesnt exist - if (nex.Model.ResidentNameTable == null) + if (exe.Model.ResidentNameTable == null) return null; // Get the resident and non-resident name table strings - var rntStrs = Array.ConvertAll(nex.Model.ResidentNameTable, + var rntStrs = Array.ConvertAll(exe.Model.ResidentNameTable, rnte => rnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(rnte.NameString)); - var nrntStrs = Array.ConvertAll(nex.Model.NonResidentNameTable ?? [], + var nrntStrs = Array.ConvertAll(exe.Model.NonResidentNameTable ?? [], nrnte => nrnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(nrnte.NameString)); // Check for the WinZip name strings @@ -29,7 +29,7 @@ namespace BinaryObjectScanner.Packer return null; // Try to get a known version - var version = GetNEHeaderVersion(nex); + var version = GetNEHeaderVersion(exe); if (!string.IsNullOrEmpty(version)) return $"WinZip SFX {version}"; @@ -37,18 +37,18 @@ namespace BinaryObjectScanner.Packer } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Check the export directory table, if it exists - if (pex.Model.ExportTable?.ExportDirectoryTable != null) + if (exe.Model.ExportTable?.ExportDirectoryTable != null) { - var version = GetPEExportDirectoryVersion(pex); + var version = GetPEExportDirectoryVersion(exe); if (!string.IsNullOrEmpty(version)) return $"WinZip SFX {version}"; } // Get the _winzip_ section, if it exists - if (pex.ContainsSection("_winzip_", exact: true)) + if (exe.ContainsSection("_winzip_", exact: true)) return "WinZip SFX Unknown Version (32-bit)"; return null; @@ -61,151 +61,151 @@ namespace BinaryObjectScanner.Packer /// /// TODO: Reduce the checks to only the ones that differ between versions /// TODO: Research to see if the versions are embedded elsewhere in these files - private static string? GetNEHeaderVersion(NewExecutable nex) + private static string? GetNEHeaderVersion(NewExecutable exe) { #region 2.0 Variants // 2.0 (MS-DOS/16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0086 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0086 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x00012BE6 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006C - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000044B8 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x00012BE6 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006C + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000044B8 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.0 (MS-DOS/16-bit)"; // 2.0 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0086 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0086 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x00013174 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006C - && nex.Model.Header?.NonResidentNamesTableOffset == 0x00000198 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x00013174 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006C + && exe.Model.Header?.NonResidentNamesTableOffset == 0x00000198 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.0 (16-bit)"; // Compact 2.0 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0080 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0080 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x000124A0 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0003 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006A - && nex.Model.Header?.NonResidentNamesTableOffset == 0x00000192 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x000124A0 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0003 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006A + && exe.Model.Header?.NonResidentNamesTableOffset == 0x00000192 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Compact 2.0 (16-bit)"; // Software Installation 2.0 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00CD - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00CD + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x000136FA - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0005 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0097 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x00A3 - && nex.Model.Header?.ImportedNamesTableOffset == 0x00AD - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001DF - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x000136FA + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0005 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0097 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x00A3 + && exe.Model.Header?.ImportedNamesTableOffset == 0x00AD + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001DF + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Software Installation 2.0 (16-bit)"; #endregion @@ -213,145 +213,145 @@ namespace BinaryObjectScanner.Packer #region 2.1 RC2 Variants // 2.1 RC2 (MS-DOS/16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0086 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0086 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x00013386 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006C - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000043C8 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x00013386 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006C + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000043C8 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.1 RC2 (MS-DOS/16-bit)"; // 2.1 RC2 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00BE - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00BE + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x00013E56 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A4 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x00013E56 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A4 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.1 RC2 (16-bit)"; // Compact 2.1 RC2 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0080 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0080 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x00012B84 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0003 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006A - && nex.Model.Header?.NonResidentNamesTableOffset == 0x00000192 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x00012B84 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0003 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006A + && exe.Model.Header?.NonResidentNamesTableOffset == 0x00000192 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Compact 2.1 RC2 (16-bit)"; // Software Installation 2.1 RC2 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00BE - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00BE + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x000143AC - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A4 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x000143AC + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A4 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Software Installation 2.1 RC2 (16-bit)"; #endregion @@ -359,145 +359,145 @@ namespace BinaryObjectScanner.Packer #region 2.1 Variants // 2.1 (MS-DOS/16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0086 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0086 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x3A00 - && nex.Model.Header?.InitialCSIPSetting == 0x00013396 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006C - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000043C8 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x3A00 + && exe.Model.Header?.InitialCSIPSetting == 0x00013396 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006C + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000043C8 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.1 (MS-DOS/16-bit)"; // 2.1 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00BE - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00BE + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x3A00 - && nex.Model.Header?.InitialCSIPSetting == 0x00013E7E - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A4 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x3A00 + && exe.Model.Header?.InitialCSIPSetting == 0x00013E7E + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A4 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "2.1 (16-bit)"; // Compact 2.1 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0080 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0080 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x3A00 - && nex.Model.Header?.InitialCSIPSetting == 0x00012B90 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0003 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006A - && nex.Model.Header?.NonResidentNamesTableOffset == 0x00000192 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x3A00 + && exe.Model.Header?.InitialCSIPSetting == 0x00012B90 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0003 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006A + && exe.Model.Header?.NonResidentNamesTableOffset == 0x00000192 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Compact 2.1 (16-bit)"; // Software Installation 2.1 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00BE - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00BE + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x3A00 - && nex.Model.Header?.InitialCSIPSetting == 0x00014408 - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A4 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x3A00 + && exe.Model.Header?.InitialCSIPSetting == 0x00014408 + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A4 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Software Installation 2.1 (16-bit)"; #endregion @@ -505,109 +505,109 @@ namespace BinaryObjectScanner.Packer #region Misc. Variants // Personal Edition (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x0086 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x0086 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.ProtectedModeOnly | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x4000 - && nex.Model.Header?.InitialCSIPSetting == 0x0001317C - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0058 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x0064 - && nex.Model.Header?.ImportedNamesTableOffset == 0x006C - && nex.Model.Header?.NonResidentNamesTableOffset == 0x00000198 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x4000 + && exe.Model.Header?.InitialCSIPSetting == 0x0001317C + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0058 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x0064 + && exe.Model.Header?.ImportedNamesTableOffset == 0x006C + && exe.Model.Header?.NonResidentNamesTableOffset == 0x00000198 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Personal Edition (16-bit)"; // Personal Edition 32-bit (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00BE - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00BE + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x2000 - && nex.Model.Header?.InitialStackAlloc == 0x3C00 - && nex.Model.Header?.InitialCSIPSetting == 0x00013E7C - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0004 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A4 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x2000 + && exe.Model.Header?.InitialStackAlloc == 0x3C00 + && exe.Model.Header?.InitialCSIPSetting == 0x00013E7C + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0004 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A4 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D0 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Personal Edition 32-bit (16-bit)"; // Personal Edition 32-bit Build 1260/1285 (16-bit) - if (nex.Model.Header?.LinkerVersion == 0x11 - && nex.Model.Header?.LinkerRevision == 0x20 - && nex.Model.Header?.EntryTableOffset == 0x00C6 - && nex.Model.Header?.EntryTableSize == 0x0002 - && nex.Model.Header?.CrcChecksum == 0x00000000 - && nex.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA + if (exe.Model.Header?.LinkerVersion == 0x11 + && exe.Model.Header?.LinkerRevision == 0x20 + && exe.Model.Header?.EntryTableOffset == 0x00C6 + && exe.Model.Header?.EntryTableSize == 0x0002 + && exe.Model.Header?.CrcChecksum == 0x00000000 + && exe.Model.Header?.FlagWord == (SabreTools.Models.NewExecutable.HeaderFlag.MULTIPLEDATA | SabreTools.Models.NewExecutable.HeaderFlag.FullScreen | SabreTools.Models.NewExecutable.HeaderFlag.WindowsPMCompatible) - && nex.Model.Header?.AutomaticDataSegmentNumber == 0x0003 - && nex.Model.Header?.InitialHeapAlloc == 0x43DC - && nex.Model.Header?.InitialStackAlloc == 0x2708 - && nex.Model.Header?.InitialCSIPSetting == 0x00014ADC - && nex.Model.Header?.InitialSSSPSetting == 0x00030000 - && nex.Model.Header?.FileSegmentCount == 0x0003 - && nex.Model.Header?.ModuleReferenceTableSize == 0x0005 - && nex.Model.Header?.NonResidentNameTableSize == 0x004B - && nex.Model.Header?.SegmentTableOffset == 0x0040 - && nex.Model.Header?.ResourceTableOffset == 0x0058 - && nex.Model.Header?.ResidentNameTableOffset == 0x0090 - && nex.Model.Header?.ModuleReferenceTableOffset == 0x009C - && nex.Model.Header?.ImportedNamesTableOffset == 0x00A6 - && nex.Model.Header?.NonResidentNamesTableOffset == 0x000001D8 - && nex.Model.Header?.MovableEntriesCount == 0x0000 - && nex.Model.Header?.SegmentAlignmentShiftCount == 0x0001 - && nex.Model.Header?.ResourceEntriesCount == 0x0000 - && nex.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS - && nex.Model.Header?.AdditionalFlags == 0x00 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.ReturnThunkOffset == 0x0000 - && nex.Model.Header?.MinCodeSwapAreaSize == 0x0000 - && nex.Model.Header?.WindowsSDKRevision == 0x00 - && nex.Model.Header?.WindowsSDKVersion == 0x03) + && exe.Model.Header?.AutomaticDataSegmentNumber == 0x0003 + && exe.Model.Header?.InitialHeapAlloc == 0x43DC + && exe.Model.Header?.InitialStackAlloc == 0x2708 + && exe.Model.Header?.InitialCSIPSetting == 0x00014ADC + && exe.Model.Header?.InitialSSSPSetting == 0x00030000 + && exe.Model.Header?.FileSegmentCount == 0x0003 + && exe.Model.Header?.ModuleReferenceTableSize == 0x0005 + && exe.Model.Header?.NonResidentNameTableSize == 0x004B + && exe.Model.Header?.SegmentTableOffset == 0x0040 + && exe.Model.Header?.ResourceTableOffset == 0x0058 + && exe.Model.Header?.ResidentNameTableOffset == 0x0090 + && exe.Model.Header?.ModuleReferenceTableOffset == 0x009C + && exe.Model.Header?.ImportedNamesTableOffset == 0x00A6 + && exe.Model.Header?.NonResidentNamesTableOffset == 0x000001D8 + && exe.Model.Header?.MovableEntriesCount == 0x0000 + && exe.Model.Header?.SegmentAlignmentShiftCount == 0x0001 + && exe.Model.Header?.ResourceEntriesCount == 0x0000 + && exe.Model.Header?.TargetOperatingSystem == SabreTools.Models.NewExecutable.OperatingSystem.WINDOWS + && exe.Model.Header?.AdditionalFlags == 0x00 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.ReturnThunkOffset == 0x0000 + && exe.Model.Header?.MinCodeSwapAreaSize == 0x0000 + && exe.Model.Header?.WindowsSDKRevision == 0x00 + && exe.Model.Header?.WindowsSDKVersion == 0x03) return "Personal Edition 32-bit Build 1260/1285 (16-bit)"; #endregion @@ -619,11 +619,11 @@ namespace BinaryObjectScanner.Packer /// Get the version from the PE export directory table value combinations /// /// TODO: Research to see if the versions are embedded elsewhere in these files - private static string? GetPEExportDirectoryVersion(PortableExecutable pex) + private static string? GetPEExportDirectoryVersion(PortableExecutable exe) { - string sfxFileName = pex.Model.ExportTable?.ExportDirectoryTable?.Name ?? string.Empty; - uint sfxTimeDateStamp = pex.Model.ExportTable?.ExportDirectoryTable?.TimeDateStamp ?? uint.MaxValue; - string assemblyVersion = pex.AssemblyVersion ?? "Unknown Version"; + string sfxFileName = exe.Model.ExportTable?.ExportDirectoryTable?.Name ?? string.Empty; + uint sfxTimeDateStamp = exe.Model.ExportTable?.ExportDirectoryTable?.TimeDateStamp ?? uint.MaxValue; + string assemblyVersion = exe.AssemblyVersion ?? "Unknown Version"; // Standard if (sfxFileName == "VW95SE.SFX" diff --git a/BinaryObjectScanner/Packer/WiseInstaller.cs b/BinaryObjectScanner/Packer/WiseInstaller.cs index 929b36ab..09d2407f 100644 --- a/BinaryObjectScanner/Packer/WiseInstaller.cs +++ b/BinaryObjectScanner/Packer/WiseInstaller.cs @@ -7,24 +7,24 @@ namespace BinaryObjectScanner.Packer public class WiseInstaller : IExecutableCheck, IExecutableCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // If the overlay header can be found - if (nex.FindWiseOverlayHeader() > -1) + if (exe.FindWiseOverlayHeader() > -1) return "Wise Installation Wizard Module"; return null; } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // If the overlay header can be found - if (pex.FindWiseOverlayHeader() > -1) + if (exe.FindWiseOverlayHeader() > -1) return "Wise Installation Wizard Module"; // If the section header can be found - if (pex.FindWiseSection() != null) + if (exe.FindWiseSection() != null) return "Wise Installation Wizard Module"; return null; diff --git a/BinaryObjectScanner/Protection/ActiveMARK.cs b/BinaryObjectScanner/Protection/ActiveMARK.cs index 9fde52d0..7471357c 100644 --- a/BinaryObjectScanner/Protection/ActiveMARK.cs +++ b/BinaryObjectScanner/Protection/ActiveMARK.cs @@ -29,18 +29,18 @@ namespace BinaryObjectScanner.Protection } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the entry point data, if it exists - if (pex.EntryPointData != null) + if (exe.EntryPointData != null) { // Found in "Zuma.exe" - if (pex.EntryPointData.StartsWith(new byte?[] { 0x89, 0x25, 0x04, 0xF0, 0x86, 0x00, 0x68, 0x30 })) + if (exe.EntryPointData.StartsWith(new byte?[] { 0x89, 0x25, 0x04, 0xF0, 0x86, 0x00, 0x68, 0x30 })) return "ActiveMark v5.3.1078 (Packer Version)"; } // Get the .data section strings, if they exist - var strs = pex.GetLastSectionStrings(".data"); + var strs = exe.GetLastSectionStrings(".data"); if (strs != null) { if (strs.Exists(s => s.Contains("MPRMMGVA")) @@ -51,7 +51,7 @@ namespace BinaryObjectScanner.Protection } // Get "REGISTRY, AMINTERNETPROTOCOL" resource items - var resources = pex.FindResourceByNamedType("REGISTRY, AMINTERNETPROTOCOL"); + var resources = exe.FindResourceByNamedType("REGISTRY, AMINTERNETPROTOCOL"); if (resources.Count > 0) { bool match = resources @@ -62,14 +62,14 @@ namespace BinaryObjectScanner.Protection } // Get the overlay data, if it exists - if (pex.OverlayStrings != null) + if (exe.OverlayStrings != null) { - if (pex.OverlayStrings.Exists(s => s.Contains("TMSAMVOH"))) + if (exe.OverlayStrings.Exists(s => s.Contains("TMSAMVOH"))) return "ActiveMARK"; } // Get the last .bss section strings, if they exist - strs = pex.GetLastSectionStrings(".bss"); + strs = exe.GetLastSectionStrings(".bss"); if (strs != null) { if (strs.Exists(s => s.Contains("TMSAMVOF"))) diff --git a/BinaryObjectScanner/Protection/AegiSoft.cs b/BinaryObjectScanner/Protection/AegiSoft.cs index 05c3a2bd..1725396a 100644 --- a/BinaryObjectScanner/Protection/AegiSoft.cs +++ b/BinaryObjectScanner/Protection/AegiSoft.cs @@ -20,7 +20,7 @@ namespace BinaryObjectScanner.Protection public class AegiSoft : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // There are possibly identifying Product Names for some files used in AegiSoft License Manager, but they were deemed too overmatching to use for the time being (Found in Redump entry 73521/IA item "Nova_HoyleCasino99USA").. // "Asc001.dll" has the Product Name "Install Dynamic Link Library". @@ -34,12 +34,12 @@ namespace BinaryObjectScanner.Protection // "Asc002.dll" has the string "AscActivate" // Get string table resources - var resource = pex.FindStringTableByEntry("AegiSoft License Manager"); + var resource = exe.FindStringTableByEntry("AegiSoft License Manager"); if (resource.Count > 0) return "AegiSoft License Manager"; // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw != null) { var matchers = new List diff --git a/BinaryObjectScanner/Protection/AlphaROM.cs b/BinaryObjectScanner/Protection/AlphaROM.cs index 6786b729..deda8920 100644 --- a/BinaryObjectScanner/Protection/AlphaROM.cs +++ b/BinaryObjectScanner/Protection/AlphaROM.cs @@ -42,13 +42,13 @@ namespace BinaryObjectScanner.Protection public class AlphaROM : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Add support for detecting Alpha-ROM found in older games made with the RealLive engine. // TODO: Add version detection for Alpha-ROM. // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("\\SETTEC"))) @@ -59,7 +59,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - strs = pex.GetFirstSectionStrings(".rdata"); + strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { if (strs.Exists(s => s.Contains("This Game is Japan Only"))) @@ -75,10 +75,10 @@ namespace BinaryObjectScanner.Protection } // Get the overlay data, if it exists - if (pex.OverlayStrings != null) + if (exe.OverlayStrings != null) { // Found in Redump entry 84122. - if (pex.OverlayStrings.Exists(s => s.Contains("SETTEC0000"))) + if (exe.OverlayStrings.Exists(s => s.Contains("SETTEC0000"))) return "Alpha-ROM"; } diff --git a/BinaryObjectScanner/Protection/Armadillo.cs b/BinaryObjectScanner/Protection/Armadillo.cs index 4cd5cc2a..8cb7b0ed 100644 --- a/BinaryObjectScanner/Protection/Armadillo.cs +++ b/BinaryObjectScanner/Protection/Armadillo.cs @@ -21,19 +21,19 @@ namespace BinaryObjectScanner.Protection public class Armadillo : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .nicode section, if it exists - if (pex.ContainsSection(".nicode", exact: true)) + if (exe.ContainsSection(".nicode", exact: true)) return "Armadillo"; // Loop through all "extension" sections -- usually .data1 or .text1 - if (pex.SectionNames != null) + if (exe.SectionNames != null) { - foreach (var sectionName in Array.FindAll(pex.SectionNames ?? [], s => s != null && s.EndsWith("1"))) + foreach (var sectionName in Array.FindAll(exe.SectionNames ?? [], s => s != null && s.EndsWith("1"))) { // Get the section strings, if they exist - var strs = pex.GetFirstSectionStrings(sectionName); + var strs = exe.GetFirstSectionStrings(sectionName); if (strs != null) { if (strs.Exists(s => s.Contains("ARMDEBUG"))) diff --git a/BinaryObjectScanner/Protection/ByteShield.cs b/BinaryObjectScanner/Protection/ByteShield.cs index 20103c83..6b772ec6 100644 --- a/BinaryObjectScanner/Protection/ByteShield.cs +++ b/BinaryObjectScanner/Protection/ByteShield.cs @@ -40,49 +40,49 @@ namespace BinaryObjectScanner.Protection public class ByteShield : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "LineRider2.exe" in Redump entry 6236 - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("ByteShield Client")) - return $"ByteShield Activation Client {pex.GetInternalVersion()}"; + return $"ByteShield Activation Client {exe.GetInternalVersion()}"; // Found in "LineRider2.exe" in Redump entry 6236 - name = pex.InternalName; + name = exe.InternalName; if (name.OptionalEquals("ByteShield")) - return $"ByteShield Activation Client {pex.GetInternalVersion()}"; + return $"ByteShield Activation Client {exe.GetInternalVersion()}"; // Found in "LineRider2.exe" in Redump entry 6236 - name = pex.OriginalFilename; + name = exe.OriginalFilename; if (name.OptionalEquals("ByteShield.EXE")) - return $"ByteShield Activation Client {pex.GetInternalVersion()}"; + return $"ByteShield Activation Client {exe.GetInternalVersion()}"; // Found in "LineRider2.exe" in Redump entry 6236 - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("ByteShield Client")) - return $"ByteShield Activation Client {pex.GetInternalVersion()}"; + return $"ByteShield Activation Client {exe.GetInternalVersion()}"; // Found in "ByteShield.dll" in Redump entry 6236 - name = pex.Model.ExportTable?.ExportDirectoryTable?.Name; + name = exe.Model.ExportTable?.ExportDirectoryTable?.Name; if (name.OptionalEquals("ByteShield Client")) return "ByteShield Component Module"; // Found in "LineRider2.exe" in Redump entry 6236 - if (pex.FindStringTableByEntry("ByteShield").Count > 0) - return $"ByteShield Activation Client {pex.GetInternalVersion()}"; + if (exe.FindStringTableByEntry("ByteShield").Count > 0) + return $"ByteShield Activation Client {exe.GetInternalVersion()}"; // Found in "LineRider2.exe" in Redump entry 6236 - if (pex.FindDialogByTitle("About ByteShield").Count > 0) + if (exe.FindDialogByTitle("About ByteShield").Count > 0) return "ByteShield"; // TODO: See if the version number is anywhere else // TODO: Parse the version number out of the dialog box item // Found in "LineRider2.exe" in Redump entry 6236 - if (pex.FindDialogBoxByItemTitle("ByteShield Version 1.0").Count > 0) + if (exe.FindDialogBoxByItemTitle("ByteShield Version 1.0").Count > 0) return "ByteShield"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "LineRider2.exe" in Redump entry 6236 @@ -91,7 +91,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - strs = pex.GetFirstSectionStrings(".rdata"); + strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { // Found in "ByteShield.dll" in Redump entry 6236 @@ -108,7 +108,7 @@ namespace BinaryObjectScanner.Protection } // Get the .ret section strings, if they exist - strs = pex.GetFirstSectionStrings(".ret"); + strs = exe.GetFirstSectionStrings(".ret"); if (strs != null) { // TODO: Figure out if this specifically indicates if the file is encrypted diff --git a/BinaryObjectScanner/Protection/CDCheck.cs b/BinaryObjectScanner/Protection/CDCheck.cs index 6755f104..b08754f8 100644 --- a/BinaryObjectScanner/Protection/CDCheck.cs +++ b/BinaryObjectScanner/Protection/CDCheck.cs @@ -6,19 +6,19 @@ namespace BinaryObjectScanner.Protection public class CDCheck : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.Comments; + var name = exe.Comments; if (name.OptionalContains("CDCheck utlity for Microsoft Game Studios")) return "Microsoft Game Studios CD Check"; // To broad to be of use - //name = pex.InternalName; + //name = exe.InternalName; //if (name.OptionalContains("CDCheck")) // return "Microsoft Game Studios CD Check"; // To broad to be of use - //name = pex.OriginalFilename; + //name = exe.OriginalFilename; //if (name.OptionalContains("CDCheck.exe")) // return "Microsoft Game Studios CD Check"; diff --git a/BinaryObjectScanner/Protection/CDDVDCops.cs b/BinaryObjectScanner/Protection/CDDVDCops.cs index 3d939cf1..1a8b680b 100644 --- a/BinaryObjectScanner/Protection/CDDVDCops.cs +++ b/BinaryObjectScanner/Protection/CDDVDCops.cs @@ -70,10 +70,10 @@ namespace BinaryObjectScanner.Protection public class CDDVDCops : IExecutableCheck, IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // TODO: Don't read entire file - byte[]? data = nex.ReadArbitraryRange(); + byte[]? data = exe.ReadArbitraryRange(); if (data == null) return null; @@ -120,14 +120,14 @@ namespace BinaryObjectScanner.Protection return match; // Get the resident and non-resident name table strings - var nrntStrs = Array.ConvertAll(nex.Model.NonResidentNameTable ?? [], + var nrntStrs = Array.ConvertAll(exe.Model.NonResidentNameTable ?? [], nrnte => nrnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(nrnte.NameString)); // Check the imported-name table // Found in "h3blade.exe" in Redump entry 85077. - if (nex.Model.ImportedNameTable != null) + if (exe.Model.ImportedNameTable != null) { - foreach (var inte in nex.Model.ImportedNameTable.Values) + foreach (var inte in exe.Model.ImportedNameTable.Values) { if (inte.NameString.IsNullOrEmpty()) continue; @@ -147,10 +147,10 @@ namespace BinaryObjectScanner.Protection } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the stub executable data, if it exists - if (pex.StubExecutableData != null) + if (exe.StubExecutableData != null) { var matchers = new List { @@ -162,26 +162,26 @@ namespace BinaryObjectScanner.Protection }, "WEB-Cops") }; - var match = MatchUtil.GetFirstMatch(file, pex.StubExecutableData, matchers, includeDebug); + var match = MatchUtil.GetFirstMatch(file, exe.StubExecutableData, matchers, includeDebug); if (!string.IsNullOrEmpty(match)) return match; } // Get the .grand section, if it exists // Found in "AGENTHUG.QZ_" in Redump entry 84517 and "h3blade.QZ_" in Redump entry 85077. - if (pex.ContainsSection(".grand", exact: true)) + if (exe.ContainsSection(".grand", exact: true)) return "CD/DVD/WEB-Cops"; // Get the UNICops section, if it exists // Found in "FGP.exe" in IA item "flaklypa-grand-prix-dvd"/Redump entry 108169. - if (pex.ContainsSection("UNICops", exact: true)) + if (exe.ContainsSection("UNICops", exact: true)) return "UNI-Cops"; // Get the DATA section, if it exists // Found in "bib.dll" in IA item "https://archive.org/details/cover_202501" // This contains the version section that the Content Check looked for. There are likely other sections // that may contain it. Update when more are found. - var strs = pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings("DATA"); if (strs != null) { var match = strs.Find(s => s.Contains(" ver. ") && (s.Contains("CD-Cops, ") || s.Contains("DVD-Cops, "))); diff --git a/BinaryObjectScanner/Protection/CDGuard.cs b/BinaryObjectScanner/Protection/CDGuard.cs index 0ae1a3a5..72f8e730 100644 --- a/BinaryObjectScanner/Protection/CDGuard.cs +++ b/BinaryObjectScanner/Protection/CDGuard.cs @@ -23,24 +23,24 @@ namespace BinaryObjectScanner.Protection public class CDGuard : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate the numerous ".guard" sections present in "Randevu.exe" in Redump entry 97142. // Get the export directory table - if (pex.Model.ExportTable?.ExportDirectoryTable != null) + if (exe.Model.ExportTable?.ExportDirectoryTable != null) { // Found in "cdguard.dll" in Redump entry 97142 and IA item "pahgeby-he3hakomkou". - bool match = pex.Model.ExportTable.ExportDirectoryTable.Name.OptionalEquals("cdguard.dll", StringComparison.OrdinalIgnoreCase); + bool match = exe.Model.ExportTable.ExportDirectoryTable.Name.OptionalEquals("cdguard.dll", StringComparison.OrdinalIgnoreCase); if (match) return "CD-Guard Copy Protection System"; } // Get the import directory table - if (pex.Model.ImportTable?.ImportDirectoryTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null) { // Found in "Randevu.exe" in Redump entry 97142. - bool match = Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("cdguard.dll", StringComparison.OrdinalIgnoreCase)); + bool match = Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("cdguard.dll", StringComparison.OrdinalIgnoreCase)); if (match) return "CD-Guard Copy Protection System"; } diff --git a/BinaryObjectScanner/Protection/CDKey.cs b/BinaryObjectScanner/Protection/CDKey.cs index a2998b23..c49b62e5 100644 --- a/BinaryObjectScanner/Protection/CDKey.cs +++ b/BinaryObjectScanner/Protection/CDKey.cs @@ -7,9 +7,9 @@ namespace BinaryObjectScanner.Protection public class CDKey : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.InternalName; + var name = exe.InternalName; if (name.OptionalEquals("CDKey", StringComparison.OrdinalIgnoreCase)) return "CD-Key / Serial"; diff --git a/BinaryObjectScanner/Protection/CDLock.cs b/BinaryObjectScanner/Protection/CDLock.cs index fd216a9a..7f039769 100644 --- a/BinaryObjectScanner/Protection/CDLock.cs +++ b/BinaryObjectScanner/Protection/CDLock.cs @@ -28,10 +28,10 @@ namespace BinaryObjectScanner.Protection public class CDLock : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw != null) { var matchers = new List diff --git a/BinaryObjectScanner/Protection/CDSHiELDSE.cs b/BinaryObjectScanner/Protection/CDSHiELDSE.cs index 8f632769..dfaa93ff 100644 --- a/BinaryObjectScanner/Protection/CDSHiELDSE.cs +++ b/BinaryObjectScanner/Protection/CDSHiELDSE.cs @@ -6,19 +6,19 @@ namespace BinaryObjectScanner.Protection public class CDSHiELDSE : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Indicates Hypertech Crack Proof as well? //// Get the import directory table - //if (pex.Model.ImportTable?.ImportDirectoryTable != null) + //if (exe.Model.ImportTable?.ImportDirectoryTable != null) //{ - // bool match = pex.Model.ImportTable.ImportDirectoryTable.Any(idte => idte.Name == "KeRnEl32.dLl"); + // bool match = exe.Model.ImportTable.ImportDirectoryTable.Any(idte => idte.Name == "KeRnEl32.dLl"); // if (match) // return "CDSHiELD SE"; //} // Get the code/CODE section strings, if they exist - var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); + var strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) { if (strs.Exists(s => s.Contains("~0017.tmp"))) diff --git a/BinaryObjectScanner/Protection/CenegaProtectDVD.cs b/BinaryObjectScanner/Protection/CenegaProtectDVD.cs index 6021be6e..cc5a1b2a 100644 --- a/BinaryObjectScanner/Protection/CenegaProtectDVD.cs +++ b/BinaryObjectScanner/Protection/CenegaProtectDVD.cs @@ -15,27 +15,27 @@ namespace BinaryObjectScanner.Protection public class CenegaProtectDVD : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the export directory table - if (pex.Model.ExportTable?.ExportDirectoryTable != null) + if (exe.Model.ExportTable?.ExportDirectoryTable != null) { // Found in "cenega.dll" in IA item "speed-pack". - bool match = pex.Model.ExportTable.ExportDirectoryTable.Name.OptionalEquals("ProtectDVD.dll", StringComparison.OrdinalIgnoreCase); + bool match = exe.Model.ExportTable.ExportDirectoryTable.Name.OptionalEquals("ProtectDVD.dll", StringComparison.OrdinalIgnoreCase); if (match) return "Cenega ProtectDVD"; } // Get the .cenega section, if it exists. Seems to be found in the protected game executable ("game.exe" in Redump entry 31422 and "Classic Car Racing.exe" in IA item "speed-pack"). - if (pex.ContainsSection(".cenega", exact: true)) + if (exe.ContainsSection(".cenega", exact: true)) return "Cenega ProtectDVD"; // Get the .cenega0 through .cenega2 sections, if they exists. Found in "cenega.dll" in Redump entry 31422 and IA item "speed-pack". - if (pex.ContainsSection(".cenega0", exact: true)) + if (exe.ContainsSection(".cenega0", exact: true)) return "Cenega ProtectDVD"; - if (pex.ContainsSection(".cenega1", exact: true)) + if (exe.ContainsSection(".cenega1", exact: true)) return "Cenega ProtectDVD"; - if (pex.ContainsSection(".cenega2", exact: true)) + if (exe.ContainsSection(".cenega2", exact: true)) return "Cenega ProtectDVD"; return null; diff --git a/BinaryObjectScanner/Protection/Channelware.cs b/BinaryObjectScanner/Protection/Channelware.cs index 90b6e4a8..16de028c 100644 --- a/BinaryObjectScanner/Protection/Channelware.cs +++ b/BinaryObjectScanner/Protection/Channelware.cs @@ -23,10 +23,10 @@ namespace BinaryObjectScanner.Protection public class Channelware : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "AbeWincw.dll" in Redump entry 116358 and in "TOYSGMcw.dll" in the "TOYSTORY" installation folder from Redump entry 12354. - var name = pex.ProductName; + var name = exe.ProductName; if (name.OptionalEquals("ChannelWare Utilities")) return "Channelware"; @@ -42,12 +42,12 @@ namespace BinaryObjectScanner.Protection if (name.OptionalEquals("Channelware Authorization Server Browser Launcher")) return "Channelware"; - name = pex.FileDescription; + name = exe.FileDescription; // Found in "cwuninst.exe" in the "Channelware" folder installed from Redump entry 12354. if (name.OptionalEquals("Channelware Launcher Uninstall")) return "Channelware"; - name = pex.LegalTrademarks; + name = exe.LegalTrademarks; // Found in "CWAuto.dll" and "Upgrader.exe" in the "TOYSTORY" installation folder from Redump entry 12354. if (name.OptionalEquals("Channelware")) return "Channelware"; diff --git a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs index 8cfb7ed7..85013d7b 100644 --- a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs +++ b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs @@ -22,16 +22,16 @@ namespace BinaryObjectScanner.Protection public class ChosenBytesCodeLock : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "Code-Lock.ocx" in Code-Lock version 2.35. // Also worth noting is the File Description for this file, which is "A future for you, a challenge for the rest.". - var name = pex.ProductName; + var name = exe.ProductName; if (name.OptionalStartsWith("Code-Lock", StringComparison.OrdinalIgnoreCase)) - return $"ChosenBytes Code-Lock {pex.ProductVersion}"; + return $"ChosenBytes Code-Lock {exe.ProductVersion}"; // Get the .text section strings, if they exist - var strs = pex.GetFirstSectionStrings(".text"); + var strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { if (strs.Exists(s => s.Contains("CODE-LOCK.OCX"))) diff --git a/BinaryObjectScanner/Protection/CopyKiller.cs b/BinaryObjectScanner/Protection/CopyKiller.cs index 9c590aba..194cdb4a 100644 --- a/BinaryObjectScanner/Protection/CopyKiller.cs +++ b/BinaryObjectScanner/Protection/CopyKiller.cs @@ -18,11 +18,11 @@ namespace BinaryObjectScanner.Protection public class CopyKiller : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Figure out why this check doesn't work. // Found in "autorun.exe" in CopyKiller V3.64, V3.99, and V3.99a. - var name = pex.ProductName; + var name = exe.ProductName; if (name.OptionalStartsWith("CopyKiller", StringComparison.OrdinalIgnoreCase)) return "CopyKiller V3.64+"; diff --git a/BinaryObjectScanner/Protection/CopyLok.cs b/BinaryObjectScanner/Protection/CopyLok.cs index 2f2a839e..47ac2e31 100644 --- a/BinaryObjectScanner/Protection/CopyLok.cs +++ b/BinaryObjectScanner/Protection/CopyLok.cs @@ -23,12 +23,12 @@ namespace BinaryObjectScanner.Protection public class CopyLok : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // If there are more than 2 icd-prefixed sections, then we have a match // Though this is the same name that SafeDisc uses for protected executables, this seems to be a coincidence. // Found in Redump entries 31557, 31674, 31675, 31708, 38239, 44210, and 53929. - int icdSectionCount = Array.FindAll(pex.SectionNames ?? [], s => s.StartsWith("icd")).Length; + int icdSectionCount = Array.FindAll(exe.SectionNames ?? [], s => s.StartsWith("icd")).Length; if (icdSectionCount >= 2) return "CopyLok / CodeLok"; diff --git a/BinaryObjectScanner/Protection/CopyX.cs b/BinaryObjectScanner/Protection/CopyX.cs index f14de804..6fadfa53 100644 --- a/BinaryObjectScanner/Protection/CopyX.cs +++ b/BinaryObjectScanner/Protection/CopyX.cs @@ -57,16 +57,16 @@ namespace BinaryObjectScanner.Protection // Find a viable way to check the last directory alphabetically and not just ZDAT* /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Checks for Professional // PEX checks intentionally only detect Professional - var sections = pex.Model.SectionTable; + var sections = exe.Model.SectionTable; if (sections == null) return null; - if (pex.OverlayStrings != null) + if (exe.OverlayStrings != null) { // Checks if main executable contains reference to optgraph.dll. // This might be better removed later, as Redump ID 82475 is a false positive, and also doesn't actually @@ -76,11 +76,11 @@ namespace BinaryObjectScanner.Protection // TODO: This might need to check every single section. Unsure until more samples are acquired. // TODO: TKKG also has an NE 3.1x executable with a reference. This can be added later. // Samples: Redump ID 108150 - if (pex.OverlayStrings.Exists(s => s.Contains("optgraph.dll"))) + if (exe.OverlayStrings.Exists(s => s.Contains("optgraph.dll"))) return "copy-X [Check disc for physical ring]"; } - var strs = pex.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { // Samples: Redump ID 82475, German Emergency 2 Deluxe, Redump ID 48393 diff --git a/BinaryObjectScanner/Protection/CrypKey.cs b/BinaryObjectScanner/Protection/CrypKey.cs index dc259ec0..436b4d83 100644 --- a/BinaryObjectScanner/Protection/CrypKey.cs +++ b/BinaryObjectScanner/Protection/CrypKey.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Protection public class CrypKey : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the code/CODE section strings, if they exist - var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); + var strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) { // Found in "NECRO95.EXE" in IA item "NBECRORV11". @@ -36,25 +36,25 @@ namespace BinaryObjectScanner.Protection } // Get the CrypKey version from the VersionInfo, if it exists - string version = pex.GetVersionInfoString("CrypKey Version") ?? string.Empty; + string version = exe.GetVersionInfoString("CrypKey Version") ?? string.Empty; // Found in 'cki32k.dll' - var name = pex.CompanyName; + var name = exe.CompanyName; if (name.OptionalStartsWith("CrypKey")) return $"CrypKey {version}".TrimEnd(); - name = pex.FileDescription; + name = exe.FileDescription; // Found in "CKSEC_32.DLL" in IA item "NBECRORV11". if (name.OptionalStartsWith("CrypKey Instant security library")) - return $"CrypKey Instant {pex.GetInternalVersion()}"; + return $"CrypKey Instant {exe.GetInternalVersion()}"; // Found in 'cki32k.dll' if (name.OptionalStartsWith("CrypKey")) return $"CrypKey {version}".TrimEnd(); // Found in 'cki32k.dll' - name = pex.LegalCopyright; + name = exe.LegalCopyright; if (name.OptionalContains("CrypKey")) return $"CrypKey {version}".TrimEnd(); diff --git a/BinaryObjectScanner/Protection/Cucko.cs b/BinaryObjectScanner/Protection/Cucko.cs index 1b92ca7b..a2759d01 100644 --- a/BinaryObjectScanner/Protection/Cucko.cs +++ b/BinaryObjectScanner/Protection/Cucko.cs @@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Protection public class Cucko : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .text section, if it exists - var textData = pex.GetFirstSectionData(".text"); + var textData = exe.GetFirstSectionData(".text"); if (textData != null) { var matchers = new List diff --git a/BinaryObjectScanner/Protection/Denuvo.cs b/BinaryObjectScanner/Protection/Denuvo.cs index eaff23a9..8ef27d09 100644 --- a/BinaryObjectScanner/Protection/Denuvo.cs +++ b/BinaryObjectScanner/Protection/Denuvo.cs @@ -32,12 +32,12 @@ namespace BinaryObjectScanner.Protection // https://www.pcgamingwiki.com/wiki/Denuvo#Redeem.exe /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // All current checks for Denuvo Anti-Cheat come from Doom Eternal Update 1 (Steam Depot 782332, Manifest 7064393210727378308). // Found in "denuvo-anti-cheat.sys". - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("Denuvo Anti-Cheat Driver", StringComparison.OrdinalIgnoreCase)) return $"Denuvo Anti-Cheat"; @@ -62,8 +62,8 @@ namespace BinaryObjectScanner.Protection // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/_denuvoComplete.2.sg // Denuvo Protector - if (pex.Model.OptionalHeader?.Magic == OHMN.PE32Plus - && pex.EntryPointData != null) + if (exe.Model.OptionalHeader?.Magic == OHMN.PE32Plus + && exe.EntryPointData != null) { byte?[] denuvoProtector = [ @@ -72,7 +72,7 @@ namespace BinaryObjectScanner.Protection 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ]; - if (pex.EntryPointData.StartsWith(denuvoProtector)) + if (exe.EntryPointData.StartsWith(denuvoProtector)) return "Denuvo Protector"; } @@ -86,16 +86,16 @@ namespace BinaryObjectScanner.Protection 0x69, 0x6D, 0x69, 0x6E, 0x67, }, "Denuvo") }; - var timingMatch = MatchUtil.GetFirstMatch(file, pex.EntryPointData, timingMatchers, includeDebug); + var timingMatch = MatchUtil.GetFirstMatch(file, exe.EntryPointData, timingMatchers, includeDebug); // TODO: Re-enable all Entry Point checks after implementing - if (pex.ContainsSection(".arch") + if (exe.ContainsSection(".arch") // Disabled scanning in files with the ".srdata" section due to numerous false positives. // These include Redump entry 112733 and Bus Hound 5.04 (https://web.archive.org/web/20070129204350/http://www.perisoft.net/bin/bhe504.exe). - // || pex.ContainsSection(".srdata") + // || exe.ContainsSection(".srdata") || !string.IsNullOrEmpty(timingMatch)) { - if (pex.Model.OptionalHeader?.Magic == OHMN.PE32Plus) + if (exe.Model.OptionalHeader?.Magic == OHMN.PE32Plus) { var matchers = new List { @@ -165,7 +165,7 @@ namespace BinaryObjectScanner.Protection "Denuvo v3.0b (x64)"), }; - var match = MatchUtil.GetFirstMatch(file, pex.EntryPointData, matchers, includeDebug); + var match = MatchUtil.GetFirstMatch(file, exe.EntryPointData, matchers, includeDebug); if (!string.IsNullOrEmpty(match)) return match; @@ -231,7 +231,7 @@ namespace BinaryObjectScanner.Protection "Denuvo v2.0 (x86)"), }; - var match = MatchUtil.GetFirstMatch(file, pex.EntryPointData, matchers, includeDebug); + var match = MatchUtil.GetFirstMatch(file, exe.EntryPointData, matchers, includeDebug); if (!string.IsNullOrEmpty(match)) return match; diff --git a/BinaryObjectScanner/Protection/DigiGuard.cs b/BinaryObjectScanner/Protection/DigiGuard.cs index db4079d1..a617b056 100644 --- a/BinaryObjectScanner/Protection/DigiGuard.cs +++ b/BinaryObjectScanner/Protection/DigiGuard.cs @@ -26,20 +26,20 @@ namespace BinaryObjectScanner.Protection public class DigiGuard : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("DigiGuard3 Client")) return $"DigiGuard3"; // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. - name = pex.LegalTrademarks; + name = exe.LegalTrademarks; if (name.OptionalEquals("DigiGuard")) return $"DigiGuard"; // Found in "PJS3.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("Greenleaf Wrapper3")) return $"DigiGuard"; diff --git a/BinaryObjectScanner/Protection/DiscGuard.cs b/BinaryObjectScanner/Protection/DiscGuard.cs index ddbf9c73..3ab1b441 100644 --- a/BinaryObjectScanner/Protection/DiscGuard.cs +++ b/BinaryObjectScanner/Protection/DiscGuard.cs @@ -38,40 +38,40 @@ namespace BinaryObjectScanner.Protection { // TODO: Add checks for the game executables, which seem likely to contain some kind of indicators that can be checked for. The game executables all seem to import "Ord(1)" from one of the varying DLLs present. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("IOSLinkNT", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; // Found in "T29.dll" (Redump entry 31914). if (name.OptionalStartsWith("TTR Technologies DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) - return $"DiscGuard {GetVersion(pex)}"; + return $"DiscGuard {GetVersion(exe)}"; // Found in "T29.dll" (Redump entry 31914). - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("TTR Technologies Ltd. DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; // Found in "Alternate.exe" (Redump entry 31914) and "Alt.exe" (Redump entries 46743, 46961, 79284, and 79374). List?> resources = [ - .. pex.FindStringTableByEntry("DiscGuard"), - .. pex.FindStringTableByEntry("The file Dg.vbn was not found."), - .. pex.FindStringTableByEntry("The file IosLink.VxD was not found."), - .. pex.FindStringTableByEntry("The file IosLink.sys was not found."), + .. exe.FindStringTableByEntry("DiscGuard"), + .. exe.FindStringTableByEntry("The file Dg.vbn was not found."), + .. exe.FindStringTableByEntry("The file IosLink.VxD was not found."), + .. exe.FindStringTableByEntry("The file IosLink.sys was not found."), ]; if (resources.Count > 0) return "DiscGuard"; // Get the .vbn section, if it exists - var vbnData = pex.GetFirstSectionData(".vbn"); + var vbnData = exe.GetFirstSectionData(".vbn"); if (vbnData != null) { var matchers = new List @@ -178,10 +178,10 @@ namespace BinaryObjectScanner.Protection } /// - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the internal versions - var version = pex.GetInternalVersion(); + var version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return version!; diff --git a/BinaryObjectScanner/Protection/EAAntiCheat.cs b/BinaryObjectScanner/Protection/EAAntiCheat.cs index 5ecef679..d0cff257 100644 --- a/BinaryObjectScanner/Protection/EAAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EAAntiCheat.cs @@ -19,19 +19,19 @@ namespace BinaryObjectScanner.Protection { // TODO: Add support for detecting older versions, especially versions made before Easy Anti-Cheat was purchased by Epic Games. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat")) return "EA Anti Cheat"; - name = pex.ProductName; + name = exe.ProductName; // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat")) return "EA Anti Cheat"; - name = pex.InternalName; + name = exe.InternalName; // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Equals("skyfall")) return "EA Anti Cheat"; diff --git a/BinaryObjectScanner/Protection/EasyAntiCheat.cs b/BinaryObjectScanner/Protection/EasyAntiCheat.cs index 07be0f21..a9a538d1 100644 --- a/BinaryObjectScanner/Protection/EasyAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EasyAntiCheat.cs @@ -22,9 +22,9 @@ namespace BinaryObjectScanner.Protection { // TODO: Add support for detecting older versions, especially versions made before Easy Anti-Cheat was purchased by Epic Games. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; // Found in "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam). if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)")) return "Easy Anti-Cheat (EOS Version)"; @@ -50,7 +50,7 @@ namespace BinaryObjectScanner.Protection // "EasyAntiCheat Server" -> "eac_server.dll" from "Intruder" (Update 2287, Steam). // "EasyAntiCheat Service" -> "EasyAntiCheat.exe", which is found installed in "Program Files (x86)\EasyAntiCheat" and "EasyAntiCheat_Setup.exe" ("Intruder", Update 2287, Steam). - name = pex.ProductName; + name = exe.ProductName; // Found in multiple files, including "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam) and "start_protected_game.exe" ("VRChat", Version 2022.2.2p2, Oculus). if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)")) return "Easy Anti-Cheat (EOS Version)"; diff --git a/BinaryObjectScanner/Protection/ElectronicArts.cs b/BinaryObjectScanner/Protection/ElectronicArts.cs index 90f16b7d..8f59fbd4 100644 --- a/BinaryObjectScanner/Protection/ElectronicArts.cs +++ b/BinaryObjectScanner/Protection/ElectronicArts.cs @@ -7,27 +7,27 @@ namespace BinaryObjectScanner.Protection public class ElectronicArts : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("EReg MFC Application")) - return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; + return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; else if (name.OptionalContains("Registration code installer program")) - return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; + return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; else if (name.OptionalEquals("EA DRM Helper", StringComparison.OrdinalIgnoreCase)) - return $"EA DRM Protection {pex.GetInternalVersion()}"; + return $"EA DRM Protection {exe.GetInternalVersion()}"; - name = pex.InternalName; + name = exe.InternalName; if (name.OptionalEquals("CDCode", StringComparison.Ordinal)) - return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; + return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; - if (pex.FindDialogByTitle("About CDKey").Count > 0) - return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; - else if (pex.FindGenericResource("About CDKey").Count > 0) - return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; + if (exe.FindDialogByTitle("About CDKey").Count > 0) + return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; + else if (exe.FindGenericResource("About CDKey").Count > 0) + return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("EReg Config Form"))) @@ -35,7 +35,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - strs = pex.GetFirstSectionStrings(".rdata"); + strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { if (strs.Exists(s => s.Contains("GenericEA")) && strs.Exists(s => s.Contains("Activation"))) @@ -43,7 +43,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - strs = pex.GetFirstSectionStrings(".text"); + strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { if (strs.Exists(s => s.Contains("GenericEA")) && strs.Exists(s => s.Contains("Activation"))) diff --git a/BinaryObjectScanner/Protection/Engine32.cs b/BinaryObjectScanner/Protection/Engine32.cs index 264ecbdd..7434e1c9 100644 --- a/BinaryObjectScanner/Protection/Engine32.cs +++ b/BinaryObjectScanner/Protection/Engine32.cs @@ -15,16 +15,16 @@ namespace BinaryObjectScanner.Protection public class Engine32 : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Most every tested sample of "engine32.dll" has a product name of "engine32", and the file description typically follows the naming pattern of "[Game Name] DLL-helper". // Detects Engine32 within the game executables that contain it. - if (pex.Model.ImportTable?.ImportDirectoryTable != null && pex.Model.ImportTable?.HintNameTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null && exe.Model.ImportTable?.HintNameTable != null) { - bool importDirectoryTableMatch = Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, + bool importDirectoryTableMatch = Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("ENGINE32.DLL", StringComparison.OrdinalIgnoreCase)); - bool hintNameTableMatch = Array.Exists(pex.Model.ImportTable.HintNameTable, + bool hintNameTableMatch = Array.Exists(exe.Model.ImportTable.HintNameTable, ihne => ihne?.Name == "InitEngine"); // The Hint/Name Table Entry "DeinitEngine" is present in every tested sample, aside from TOCA Race Driver 2 (Redump entries 104593-104596). @@ -33,10 +33,10 @@ namespace BinaryObjectScanner.Protection } // Detects Engine32 within the file "engine32.dll". - if (pex.Model.ExportTable?.ExportNameTable?.Strings != null) + if (exe.Model.ExportTable?.ExportNameTable?.Strings != null) { - bool exportNameTableMatch1 = Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "engine32.dll"); - bool exportNameTableMatch2 = Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "DeinitEngine"); + bool exportNameTableMatch1 = Array.Exists(exe.Model.ExportTable.ExportNameTable.Strings, s => s == "engine32.dll"); + bool exportNameTableMatch2 = Array.Exists(exe.Model.ExportTable.ExportNameTable.Strings, s => s == "DeinitEngine"); if (exportNameTableMatch1 && exportNameTableMatch2) return "Engine32"; diff --git a/BinaryObjectScanner/Protection/GFWL.cs b/BinaryObjectScanner/Protection/GFWL.cs index 8decf39c..267b6d89 100644 --- a/BinaryObjectScanner/Protection/GFWL.cs +++ b/BinaryObjectScanner/Protection/GFWL.cs @@ -11,18 +11,18 @@ namespace BinaryObjectScanner.Protection public class GFWL : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("Games for Windows - LIVE Zero Day Piracy Protection", StringComparison.OrdinalIgnoreCase)) - return $"Games for Windows LIVE - Zero Day Piracy Protection Module {pex.GetInternalVersion()}"; + return $"Games for Windows LIVE - Zero Day Piracy Protection Module {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Games for Windows", StringComparison.OrdinalIgnoreCase)) - return $"Games for Windows LIVE {pex.GetInternalVersion()}"; + return $"Games for Windows LIVE {exe.GetInternalVersion()}"; // Get the import directory table - if (pex.Model.ImportTable?.ImportDirectoryTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null) { - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "xlive.dll")) + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "xlive.dll")) return "Games for Windows LIVE"; } diff --git a/BinaryObjectScanner/Protection/Gefest.cs b/BinaryObjectScanner/Protection/Gefest.cs index f91e4fc7..df75018d 100644 --- a/BinaryObjectScanner/Protection/Gefest.cs +++ b/BinaryObjectScanner/Protection/Gefest.cs @@ -19,12 +19,12 @@ namespace BinaryObjectScanner.Protection public class Gefest : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the header padding strings, if it exists - if (pex.HeaderPaddingStrings != null) + if (exe.HeaderPaddingStrings != null) { - var match = pex.HeaderPaddingStrings.Find(s => s.Contains("Gefest Protection System")); + var match = exe.HeaderPaddingStrings.Find(s => s.Contains("Gefest Protection System")); if (match != null) return $"Gefest Protection System {GetVersion(match)}"; } diff --git a/BinaryObjectScanner/Protection/HexalockAutoLock.cs b/BinaryObjectScanner/Protection/HexalockAutoLock.cs index a09d0011..56eecf32 100644 --- a/BinaryObjectScanner/Protection/HexalockAutoLock.cs +++ b/BinaryObjectScanner/Protection/HexalockAutoLock.cs @@ -32,11 +32,11 @@ namespace BinaryObjectScanner.Protection public class HexalockAutoLock : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Fix the following checks, as this information is visible via Windows Explorer but isn't currently being seen by BOS. // Found in "HCPSMng.exe". - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("HCPS Manager", StringComparison.OrdinalIgnoreCase)) return $"Hexalock AutoLock 4.5"; @@ -45,12 +45,12 @@ namespace BinaryObjectScanner.Protection return $"Hexalock AutoLock 4.5"; // Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe". - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("HCPS", StringComparison.OrdinalIgnoreCase)) return $"Hexalock AutoLock 4.5"; // Get the .text section strings, if they exist - var strs = pex.GetFirstSectionStrings(".text"); + var strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { // Found in "The Sudoku Challenge Collection.exe" in "The Sudoku Challenge! Collection" by Play at Joe's. @@ -59,7 +59,7 @@ namespace BinaryObjectScanner.Protection } // Get the code/CODE section strings, if they exist - strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); + strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) { // Found in "launcher.exe" in "Sea Adventure / Adventure de la Mer" by Compedia. @@ -68,7 +68,7 @@ namespace BinaryObjectScanner.Protection } // Get the UPX1 section strings, if they exist - strs = pex.GetFirstSectionStrings("UPX1"); + strs = exe.GetFirstSectionStrings("UPX1"); if (strs != null) { // Found in "postmanpat.exe" in "Postman Pat" by Compedia. diff --git a/BinaryObjectScanner/Protection/ImpulseReactor.cs b/BinaryObjectScanner/Protection/ImpulseReactor.cs index b018b312..3532ea0e 100644 --- a/BinaryObjectScanner/Protection/ImpulseReactor.cs +++ b/BinaryObjectScanner/Protection/ImpulseReactor.cs @@ -13,28 +13,28 @@ namespace BinaryObjectScanner.Protection public class ImpulseReactor : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("ImpulseReactor Dynamic Link Library")) - return $"Impulse Reactor Core Module {pex.GetInternalVersion()}"; + return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("ImpulseReactor Dynamic Link Library")) - return $"Impulse Reactor Core Module {pex.GetInternalVersion()}"; + return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; - name = pex.OriginalFilename; + name = exe.OriginalFilename; if (name.OptionalContains("ReactorActivate.exe")) - return $"Stardock Product Activation {pex.GetInternalVersion()}"; + return $"Stardock Product Activation {exe.GetInternalVersion()}"; // TODO: Check for CVP* instead? bool containsCheck = false; - if (pex.Model.ExportTable?.ExportNameTable?.Strings != null) - containsCheck = Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s.OptionalStartsWith("CVPInitializeClient")); + if (exe.Model.ExportTable?.ExportNameTable?.Strings != null) + containsCheck = Array.Exists(exe.Model.ExportTable.ExportNameTable.Strings, s => s.OptionalStartsWith("CVPInitializeClient")); // Get the .rdata section strings, if they exist bool containsCheck2 = false; - var strs = pex.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { containsCheck2 = strs.Exists(s => s.EndsWith("ATTLIST")) @@ -43,7 +43,7 @@ namespace BinaryObjectScanner.Protection } if (containsCheck && containsCheck2) - return $"Impulse Reactor Core Module {pex.GetInternalVersion()}"; + return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; else if (containsCheck && !containsCheck2) return $"Impulse Reactor"; diff --git a/BinaryObjectScanner/Protection/Intenium.cs b/BinaryObjectScanner/Protection/Intenium.cs index 89688ff5..d195132e 100644 --- a/BinaryObjectScanner/Protection/Intenium.cs +++ b/BinaryObjectScanner/Protection/Intenium.cs @@ -22,9 +22,9 @@ namespace BinaryObjectScanner.Protection */ /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - if (pex.FindGenericResource("NO NESTED PRMS SUPPORTED").Count > 0) + if (exe.FindGenericResource("NO NESTED PRMS SUPPORTED").Count > 0) return "INTENIUM Trial & Buy Protection"; return null; diff --git a/BinaryObjectScanner/Protection/InterLok.cs b/BinaryObjectScanner/Protection/InterLok.cs index de06b10c..d782d5aa 100644 --- a/BinaryObjectScanner/Protection/InterLok.cs +++ b/BinaryObjectScanner/Protection/InterLok.cs @@ -7,10 +7,10 @@ namespace BinaryObjectScanner.Protection public class InterLok : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .rsrc section strings, if they exist - var strs = pex.GetFirstSectionStrings(".rsrc"); + var strs = exe.GetFirstSectionStrings(".rsrc"); if (strs != null) { // Found in "nfsc_link.exe" in IA item "nfscorigin". diff --git a/BinaryObjectScanner/Protection/JoWood.cs b/BinaryObjectScanner/Protection/JoWood.cs index 823245cb..31574f63 100644 --- a/BinaryObjectScanner/Protection/JoWood.cs +++ b/BinaryObjectScanner/Protection/JoWood.cs @@ -14,18 +14,18 @@ namespace BinaryObjectScanner.Protection public class JoWood : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .ext section, if it exists - if (pex.ContainsSection(".ext ", exact: true)) + if (exe.ContainsSection(".ext ", exact: true)) { - bool importTableMatches = Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "kernel32.dll") - && Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], s => s?.Name == "VirtualProtect"); + bool importTableMatches = Array.Exists(exe.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "kernel32.dll") + && Array.Exists(exe.Model.ImportTable?.HintNameTable ?? [], s => s?.Name == "VirtualProtect"); // Get the .dcrtext section, if it exists - if (pex.ContainsSection(".dcrtext") && importTableMatches) + if (exe.ContainsSection(".dcrtext") && importTableMatches) { - var dcrtextData = pex.GetFirstSectionData(".dcrtext"); + var dcrtextData = exe.GetFirstSectionData(".dcrtext"); if (dcrtextData != null) { var matchers = new List @@ -50,12 +50,12 @@ namespace BinaryObjectScanner.Protection } // Get the HC09 section, if it exists - bool hc09Section = pex.ContainsSection("HC09 ", exact: true); + bool hc09Section = exe.ContainsSection("HC09 ", exact: true); if (hc09Section) return "JoWood X-Prot v2"; // TODO: Can we get more granular with the version? // Get the XPROT section, if it exists - var xprotSection = pex.ContainsSection("XPROT ", exact: true); + var xprotSection = exe.ContainsSection("XPROT ", exact: true); if (xprotSection) return "JoWood X-Prot v1.4+"; // TODO: Can we get more granular with the version? diff --git a/BinaryObjectScanner/Protection/KalypsoLauncher.cs b/BinaryObjectScanner/Protection/KalypsoLauncher.cs index dd610f25..55154093 100644 --- a/BinaryObjectScanner/Protection/KalypsoLauncher.cs +++ b/BinaryObjectScanner/Protection/KalypsoLauncher.cs @@ -21,25 +21,25 @@ namespace BinaryObjectScanner.Protection public class KalypsoLauncher : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate if there are any viable checks for the game EXE itself. // "Styx" is found as the File Description and Product Name in "KalypsoLauncher.dll", but checks aren't included due to the risk of false positives. - var name = pex.InternalName; + var name = exe.InternalName; // Found in "KalypsoLauncher.dll" in Redump entry 95617. if (name.OptionalContains("KalypsoLauncher.dll")) - return $"Kalypso Launcher {pex.GetInternalVersion()}"; + return $"Kalypso Launcher {exe.GetInternalVersion()}"; - name = pex.OriginalFilename; + name = exe.OriginalFilename; // Found in "KalypsoLauncher.dll" in Redump entry 95617. if (name.OptionalContains("KalypsoLauncher.dll")) - return $"Kalypso Launcher {pex.GetInternalVersion()}"; + return $"Kalypso Launcher {exe.GetInternalVersion()}"; // Get the .text section strings, if they exist - var strs = pex.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { // Found in "TFT.exe" in Redump entry 95617. diff --git a/BinaryObjectScanner/Protection/LabelGate.cs b/BinaryObjectScanner/Protection/LabelGate.cs index e1b09cd1..332c6041 100644 --- a/BinaryObjectScanner/Protection/LabelGate.cs +++ b/BinaryObjectScanner/Protection/LabelGate.cs @@ -19,19 +19,19 @@ namespace BinaryObjectScanner.Protection public class LabelGate : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Should be present on all LabelGate CD2 discs (Redump entry 95010 and product ID SVWC-7185). - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("MAGIQLIP2 Installer", StringComparison.OrdinalIgnoreCase)) return $"LabelGate CD2 Media Player"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("MQSTART", StringComparison.OrdinalIgnoreCase)) return $"LabelGate CD2 Media Player"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "START.EXE" (Redump entry 95010 and product ID SVWC-7185). diff --git a/BinaryObjectScanner/Protection/LaserLok.cs b/BinaryObjectScanner/Protection/LaserLok.cs index 8a4dad5c..181ba5bd 100644 --- a/BinaryObjectScanner/Protection/LaserLok.cs +++ b/BinaryObjectScanner/Protection/LaserLok.cs @@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Protection public class LaserLok : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Add entry point check // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Laserlok.2.sg @@ -59,21 +59,21 @@ namespace BinaryObjectScanner.Protection 0x6C, 0x61, 0x6D, 0x65, 0x6E, 0x74, 0x61, 0x73, 0x2E, 0x50, 0x45 ]; - int endDosStub = (int)(pex.Model.Stub?.Header?.NewExeHeaderAddr ?? 0); + int endDosStub = (int)(exe.Model.Stub?.Header?.NewExeHeaderAddr ?? 0); int position = -1; // Check the executable tables - position = pex.StubExecutableData?.FirstPosition(check) ?? -1; + position = exe.StubExecutableData?.FirstPosition(check) ?? -1; bool containsCheck = position > -1; - bool containsCheck2 = Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetModuleHandleA") - && Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetProcAddress") - && Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "LoadLibraryA") - && Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "KERNEL32.dll"); + bool containsCheck2 = Array.Exists(exe.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetModuleHandleA") + && Array.Exists(exe.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetProcAddress") + && Array.Exists(exe.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "LoadLibraryA") + && Array.Exists(exe.Model.ImportTable?.ImportDirectoryTable ?? [], idte => idte?.Name == "KERNEL32.dll"); int position2 = -1; // Get the .text section, if it exists - if (containsCheck2 && pex.ContainsSection(".text")) + if (containsCheck2 && exe.ContainsSection(".text")) { // GetModuleHandleA + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + GetProcAddress + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + LoadLibraryA + (char)0x00 + (char)0x00 + KERNEL32.dll + (char)0x00 + ëy + (char)0x01 + SNIF/MPVI byte?[] check2 = @@ -89,7 +89,7 @@ namespace BinaryObjectScanner.Protection 0x00, 0xEB, 0x79, 0x01, null, null, null, null, ]; - position2 = pex.GetFirstSectionData(".text")?.FirstPosition(check2) ?? -1; + position2 = exe.GetFirstSectionData(".text")?.FirstPosition(check2) ?? -1; containsCheck2 = position2 > -1; } else @@ -100,11 +100,11 @@ namespace BinaryObjectScanner.Protection } if (containsCheck && containsCheck2) - return $"LaserLok {GetVersion(pex.GetFirstSectionData(".text"), position2)} {GetBuild(pex.GetFirstSectionData(".text"), true)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); + return $"LaserLok {GetVersion(exe.GetFirstSectionData(".text"), position2)} {GetBuild(exe.GetFirstSectionData(".text"), true)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty); else if (containsCheck && !containsCheck2) - return $"LaserLok Marathon {GetBuild(pex.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position})" : string.Empty); + return $"LaserLok Marathon {GetBuild(exe.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position})" : string.Empty); else if (!containsCheck && containsCheck2) - return $"LaserLok {GetVersion(pex.GetFirstSectionData(".text"), --position2)} {GetBuild(pex.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position2})" : string.Empty); + return $"LaserLok {GetVersion(exe.GetFirstSectionData(".text"), --position2)} {GetBuild(exe.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position2})" : string.Empty); return null; } diff --git a/BinaryObjectScanner/Protection/MGIRegistration.cs b/BinaryObjectScanner/Protection/MGIRegistration.cs index cb3b9fbf..09de95a7 100644 --- a/BinaryObjectScanner/Protection/MGIRegistration.cs +++ b/BinaryObjectScanner/Protection/MGIRegistration.cs @@ -7,20 +7,20 @@ namespace BinaryObjectScanner.Protection public class MGIRegistration : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.ProductName; + var name = exe.ProductName; // Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001". if (name.OptionalEquals("MGI Registration Utility", StringComparison.Ordinal)) - return $"MGI Registration {pex.GetInternalVersion()}"; + return $"MGI Registration {exe.GetInternalVersion()}"; // Found in "Register.dll" from "VideoWaveIII" in IA item "mgi-videowave-iii-version-3.00-mgi-software-2000". - if (pex.FindStringTableByEntry("MGI Registration").Count > 0) + if (exe.FindStringTableByEntry("MGI Registration").Count > 0) return "MGI Registration"; // Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001". - if (pex.FindStringTableByEntry("Register@register.mgisoft.com").Count > 0) + if (exe.FindStringTableByEntry("Register@register.mgisoft.com").Count > 0) return "MGI Registration"; return null; diff --git a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs index 3f554f29..3a89f236 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs @@ -34,7 +34,7 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? CDillaCheckExecutable(string file, NewExecutable nex, bool includeDebug) + internal static string? CDillaCheckExecutable(string file, NewExecutable exe, bool includeDebug) { // TODO: Implement NE checks for "CDILLA05", "CDILLA10", "CDILLA16", and "CDILLA40". @@ -60,9 +60,9 @@ namespace BinaryObjectScanner.Protection } /// - internal static string? CDillaCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? CDillaCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; // Found in in "cdilla52.dll" from C-Dilla LMS version 3.24.010. if (name.OptionalEquals("32-bit C-Dilla DLL", StringComparison.OrdinalIgnoreCase)) @@ -70,50 +70,50 @@ namespace BinaryObjectScanner.Protection // Found in "CdaIns32.dll" and "CdSet32.exe" from version 3.27.000 of C-Dilla LMS. if (name.OptionalEquals("C-Dilla Windows 32-Bit RTS Installer", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla License Management System Version {pex.ProductVersion}"; + return $"C-Dilla License Management System Version {exe.ProductVersion}"; // Found in "CDILLA32.DLL"/"CDILLA64.EXE" from C-Dilla LMS version 3.27.000 for Windows 3.1. if (name.OptionalEquals("C-Dilla Windows 3.1x RTS", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla License Management System Version {pex.ProductVersion}"; + return $"C-Dilla License Management System Version {exe.ProductVersion}"; // Found in "CDILLA13.DLL"/"CDILLA32.DLL"/"CDILLA64.EXE" from C-Dilla LMS version 3.27.000 for Windows 95. if (name.OptionalEquals("C-Dilla Windows 95 RTS", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla License Management System Version {pex.ProductVersion}"; + return $"C-Dilla License Management System Version {exe.ProductVersion}"; // Found in "CDANT.SYS"/"CDILLA13.DLL"/"CDILLA32.DLL"/"CDILLA64.EXE" from C-Dilla LMSversion 3.27.000 for Windows NT. if (name.OptionalEquals("C-Dilla Windows NT RTS", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla License Management System Version {pex.ProductVersion}"; + return $"C-Dilla License Management System Version {exe.ProductVersion}"; // Found in "CDANTSRV.EXE" from C-Dilla LMS version 3.27.000 for Windows NT, and an embedded executable contained in Redump entry 95524. if (name.OptionalEquals("C-Dilla RTS Service", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla RTS Service Version {pex.ProductVersion}"; + return $"C-Dilla RTS Service Version {exe.ProductVersion}"; - name = pex.ProductName; + name = exe.ProductName; // Found in "CDANTSRV.EXE" from version 3.27.000 of C-Dilla LMS. if (name.OptionalEquals("CD-Secure/CD-Compress Windows NT", StringComparison.OrdinalIgnoreCase)) - return $"C-Dilla License Management System Version {pex.ProductVersion}"; + return $"C-Dilla License Management System Version {exe.ProductVersion}"; // Get string table resources - if (pex.FindStringTableByEntry("C-Dilla Licence Management System").Count > 0) + if (exe.FindStringTableByEntry("C-Dilla Licence Management System").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("C-DiIla Licence Management System").Count > 0) + if (exe.FindStringTableByEntry("C-DiIla Licence Management System").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("C-DILLA_BITMAP_NAMES_TAG").Count > 0) + if (exe.FindStringTableByEntry("C-DILLA_BITMAP_NAMES_TAG").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("C-DILLA_EDITABLE_STRINGS_TAG").Count > 0) + if (exe.FindStringTableByEntry("C-DILLA_EDITABLE_STRINGS_TAG").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("CdaLMS.exe").Count > 0) + if (exe.FindStringTableByEntry("CdaLMS.exe").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("cdilla51.dll").Count > 0) + if (exe.FindStringTableByEntry("cdilla51.dll").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("cdilla52.dll").Count > 0) + if (exe.FindStringTableByEntry("cdilla52.dll").Count > 0) return $"C-Dilla License Management System"; - if (pex.FindStringTableByEntry("http://www.c-dilla.com/support/lms.html").Count > 0) + if (exe.FindStringTableByEntry("http://www.c-dilla.com/support/lms.html").Count > 0) return $"C-Dilla License Management System"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "DJMixStation\DJMixStation.exe" in IA item "ejay_nestle_trial". diff --git a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs index 27de3c46..42086452 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs @@ -30,10 +30,10 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? CactusDataShieldCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? CactusDataShieldCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("\\*.CDS"))) @@ -44,11 +44,11 @@ namespace BinaryObjectScanner.Protection // Found in "Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427]). // Modified version of the PlayJ Music Player specificaly for CDS, as indicated by the About page present when running the executable. - if (pex.FindGenericResource("CactusPJ").Count > 0) + if (exe.FindGenericResource("CactusPJ").Count > 0) return "PlayJ Music Player (Cactus Data Shield 200)"; // Found in various files in "Les Paul & Friends" (Barcode 4 98806 834170). - var name = pex.ProductName; + var name = exe.ProductName; if (name.OptionalEquals("CDS300", StringComparison.OrdinalIgnoreCase)) return $"Cactus Data Shield 300"; diff --git a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs index d3f3a201..4eb21536 100644 --- a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs +++ b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs @@ -12,9 +12,9 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? FLEXnetCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? FLEXnetCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.ProductName; + var name = exe.ProductName; // Found in "IsSvcInstDanceEJay7.dll" in IA item "computer200709dvd" (Dance eJay 7). if (name.OptionalEquals("FLEXnet Activation Toolkit", StringComparison.OrdinalIgnoreCase)) @@ -22,36 +22,36 @@ namespace BinaryObjectScanner.Protection // Found in "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403". if (name.OptionalEquals("Globetrotter Software Inc lmgr326b Flexlm", StringComparison.OrdinalIgnoreCase)) - return $"FlexLM {pex.ProductVersion}"; + return $"FlexLM {exe.ProductVersion}"; // Generic case to catch unknown versions. if (name.OptionalContains("Flexlm")) return "FlexLM (Unknown Version - Please report to us on GitHub)"; - name = pex.FileDescription; + name = exe.FileDescription; // Found in "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403". if (name.OptionalEquals("lmgr326b", StringComparison.OrdinalIgnoreCase)) - return $"FlexLM {pex.ProductVersion}"; + return $"FlexLM {exe.ProductVersion}"; - name = pex.LegalTrademarks; + name = exe.LegalTrademarks; // Found in "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403". if (name.OptionalEquals("Flexible License Manager,FLEXlm,Globetrotter,FLEXID", StringComparison.OrdinalIgnoreCase)) - return $"FlexLM {pex.ProductVersion}"; + return $"FlexLM {exe.ProductVersion}"; if (name.OptionalContains("FLEXlm")) - return $"FlexLM {pex.ProductVersion}"; + return $"FlexLM {exe.ProductVersion}"; - name = pex.OriginalFilename; + name = exe.OriginalFilename; // Found in "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403". // It isn't known why these various executables have the same original filename. if (name.OptionalEquals("lmgr326b.dll", StringComparison.OrdinalIgnoreCase)) - return $"FlexLM {pex.ProductVersion}"; + return $"FlexLM {exe.ProductVersion}"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "FLEXLM.CPL", "INSTALLS.EXE", "LMGR326B.DLL", "LMGRD.EXE", and "TAKEFIVE.EXE" in IA item "prog-17_202403". diff --git a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs index 220d37ab..8e17d6c4 100644 --- a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs +++ b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs @@ -19,15 +19,15 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? RipGuardCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? RipGuardCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase)) return "RipGuard"; // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase)) return "RipGuard"; diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs index 415623c2..90f1bc4d 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs @@ -40,19 +40,19 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? SafeCastCheckExecutable(string file, NewExecutable nex, bool includeDebug) + internal static string? SafeCastCheckExecutable(string file, NewExecutable exe, bool includeDebug) { // Check for the CDAC01AA name string. - if (nex.Model.ResidentNameTable != null) + if (exe.Model.ResidentNameTable != null) { - var residentNames = Array.ConvertAll(nex.Model.ResidentNameTable, + var residentNames = Array.ConvertAll(exe.Model.ResidentNameTable, rnte => rnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(rnte.NameString)); if (Array.Exists(residentNames, s => s.Contains("CDAC01AA"))) return "SafeCast"; } // TODO: Don't read entire file - byte[]? data = nex.ReadArbitraryRange(); + byte[]? data = exe.ReadArbitraryRange(); if (data == null) return null; @@ -67,16 +67,16 @@ namespace BinaryObjectScanner.Protection } /// - internal static string? SafeCastCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? SafeCastCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate import hint/name table entry "CdaSysInstall" // TODO: Investigate string table entries: "CDWP02DG", "CDWP02DG", "CDWS02DG" // TODO: Invesitgate if the "AdobeLM.dll" file (along with mentions of "AdobeLM" in executables) uniquely identifies SafeCast, or if it can be used with different DRM. (Found in IA item ccd0605) // Get the import directory table, if it exists - if (pex.Model.ImportTable?.ImportDirectoryTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null) { - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("CdaC14BA.dll", StringComparison.OrdinalIgnoreCase))) { return "SafeCast"; @@ -85,11 +85,11 @@ namespace BinaryObjectScanner.Protection // Get the dialog box resources // Found in "CDAC21BA.DLL" in Redump entry 95524. - if (pex.FindDialogByTitle("SafeCast API").Count > 0) + if (exe.FindDialogByTitle("SafeCast API").Count > 0) return "SafeCast"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "DJMixStation\DJMixStation.exe" in IA item "ejay_nestle_trial". @@ -98,7 +98,7 @@ namespace BinaryObjectScanner.Protection } // Found in "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)". - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("SafeCast2", StringComparison.OrdinalIgnoreCase)) return "SafeCast"; @@ -117,7 +117,7 @@ namespace BinaryObjectScanner.Protection // Found in "SCRfrsh.exe" in Redump entry 102979. if (name.OptionalEquals("32-bit SafeCast Toolkit", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast {pex.FileVersion}"; + return $"SafeCast {exe.FileVersion}"; // Found in "CDAC14BA.DLL" in Redump entry 95524. if (name.OptionalEquals("32-bit SafeCast Anchor Installer", StringComparison.OrdinalIgnoreCase)) @@ -128,7 +128,7 @@ namespace BinaryObjectScanner.Protection return $"SafeCast"; // Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)". - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("SafeCast Windows NT", StringComparison.OrdinalIgnoreCase)) return "SafeCast"; diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs index 24d62740..4cc17580 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs @@ -48,24 +48,24 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal static string? SafeDiscCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal static string? SafeDiscCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in Redump entry 57986. - if (pex.Model.ImportTable?.HintNameTable != null) + if (exe.Model.ImportTable?.HintNameTable != null) { - if (Array.Exists(pex.Model.ImportTable.HintNameTable, ihne => ihne?.Name == "LTDLL_Authenticate")) + if (Array.Exists(exe.Model.ImportTable.HintNameTable, ihne => ihne?.Name == "LTDLL_Authenticate")) return "SafeDisc Lite"; } // Found in Redump entry 57986. - if (pex.Model.ImportTable?.ImportDirectoryTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null) { - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "ltdll.dll")) + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "ltdll.dll")) return "SafeDisc Lite"; } // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in Redump entries 14928, 25579, 32751. @@ -81,23 +81,23 @@ namespace BinaryObjectScanner.Protection return "Macrovision SecDrv Update Installer"; } - var name = pex.FileDescription; + var name = exe.FileDescription; // Present in "Diag.exe" files from SafeDisc 4.50.000+. if (name.OptionalEquals("SafeDisc SRV Tool APP", StringComparison.OrdinalIgnoreCase)) - return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(pex)}"; + return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(exe)}"; // Present in "Setup.exe" from the later "safedisc.exe" driver update provided by Macrovision. if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase)) return "Macrovision SecDrv Update Installer"; // Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004. - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("SafeDisc CDROM Protection System", StringComparison.OrdinalIgnoreCase)) return "SafeDisc 1.00.025-1.01.044"; // Present in "Diag.exe" files from SafeDisc 4.50.000+. else if (name.OptionalEquals("SafeDisc SRV Tool APP", StringComparison.OrdinalIgnoreCase)) - return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(pex)}"; + return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(exe)}"; // Present in "Setup.exe" from the later "safedisc.exe" driver update provided by Macrovision. if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase)) @@ -107,11 +107,11 @@ namespace BinaryObjectScanner.Protection // This filename is confirmed by the file properties in SafeDisc 4+ (such as Redump entry 35382). // It is only found extracted into the Windows Temp directory when a protected application is run, and is renamed to begin with a "~" and have the ".tmp" extension. else if (name.OptionalEquals("SafeDisc AuthServ APP", StringComparison.OrdinalIgnoreCase)) - return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(pex)}"; + return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(exe)}"; // Present on all "CLOKSPL.EXE" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004. // Only found so far on SafeDisc 1.00.025-1.01.044, but the report is currently left generic due to the generic nature of the check. - name = pex.FileDescription; + name = exe.FileDescription; if (name.OptionalEquals("SafeDisc", StringComparison.OrdinalIgnoreCase)) return "SafeDisc"; @@ -119,9 +119,9 @@ namespace BinaryObjectScanner.Protection { // Found in Redump entries 20729 and 65569. // Get the debug data - if (pex.FindCodeViewDebugTableByPath("SafeDisc").Count > 0) + if (exe.FindCodeViewDebugTableByPath("SafeDisc").Count > 0) return "SafeDisc"; - if (pex.FindCodeViewDebugTableByPath("Safedisk").Count > 0) + if (exe.FindCodeViewDebugTableByPath("Safedisk").Count > 0) return "SafeDisc"; } catch @@ -386,10 +386,10 @@ namespace BinaryObjectScanner.Protection return MatchUtil.GetFirstMatch(path, matchers, any: true); } - private static string GetSafeDiscAuthServVersion(PortableExecutable pex) + private static string GetSafeDiscAuthServVersion(PortableExecutable exe) { // Different versions of this executable correspond to different SafeDisc versions. - var version = pex.FileVersion; + var version = exe.FileVersion; if (!string.IsNullOrEmpty(version)) { return version switch @@ -1167,10 +1167,10 @@ namespace BinaryObjectScanner.Protection // "SPLSH256.BMP": Found in SafeDisc versions 1.00.025-1.01.044 (Redump entries 66005 and 81619). } - private static string GetSafeDiscDiagExecutableVersion(PortableExecutable pex) + private static string GetSafeDiscDiagExecutableVersion(PortableExecutable exe) { // Different versions of this executable correspond to different SafeDisc versions. - var version = pex.FileVersion; + var version = exe.FileVersion; if (!string.IsNullOrEmpty(version)) { return version switch diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeWrap.cs b/BinaryObjectScanner/Protection/Macrovision.SafeWrap.cs index e6f8d960..31f7f74b 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeWrap.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeWrap.cs @@ -39,7 +39,7 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision { /// - internal string? SafeWrapCheckExecutable(string file, PortableExecutable pex, bool includeDebug) + internal string? SafeWrapCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Figure out what SafeWrap is exactly, and add checks. diff --git a/BinaryObjectScanner/Protection/Macrovision.cs b/BinaryObjectScanner/Protection/Macrovision.cs index 858eeb42..c201f56f 100644 --- a/BinaryObjectScanner/Protection/Macrovision.cs +++ b/BinaryObjectScanner/Protection/Macrovision.cs @@ -20,17 +20,17 @@ namespace BinaryObjectScanner.Protection public partial class Macrovision : IExecutableCheck, IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { var resultsList = new List(); // Run C-Dilla NE checks - var cDilla = CDillaCheckExecutable(file, nex, includeDebug); + var cDilla = CDillaCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(cDilla)) resultsList.Add(cDilla!); // Run SafeCast NE checks - var safeCast = SafeCastCheckExecutable(file, nex, includeDebug); + var safeCast = SafeCastCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(safeCast)) resultsList.Add(safeCast!); @@ -41,23 +41,23 @@ namespace BinaryObjectScanner.Protection } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Check for specific indications for individual Macrovision protections. var resultsList = new List(); // Check for generic indications of Macrovision protections first. - var name = pex.FileDescription; + var name = exe.FileDescription; // Present in "secdrv.sys" files found in SafeDisc 2.80.010+. if (name.OptionalEquals("Macrovision SECURITY Driver", StringComparison.OrdinalIgnoreCase)) - resultsList.Add($"Macrovision Security Driver {GetSecDrvExecutableVersion(pex)}"); + resultsList.Add($"Macrovision Security Driver {GetSecDrvExecutableVersion(exe)}"); // Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Windows (2.00R)(Intuit)(2002)(352282)". // Known versions: // 4.16.050 Windows NT 2002/04/24 if (name.OptionalEquals("Macrovision RTS Service", StringComparison.OrdinalIgnoreCase)) - resultsList.Add($"Macrovision RTS Service {pex.FileVersion}"); + resultsList.Add($"Macrovision RTS Service {exe.FileVersion}"); // The stxt371 and stxt774 sections are found in various newer Macrovision products, including various versions of CDS-300, SafeCast, and SafeDisc. // A stxt381 section has also been found in the "~df89e9.tmp" file, which is extracted into the Windows temp directory when running Redump entry 42034 on Windows 9x. @@ -66,20 +66,20 @@ namespace BinaryObjectScanner.Protection // Almost every single sample known has both sections, though one only contains the "stxt371" section. It is unknown if this is intentional, or if the game functions without it. // It is present in the "Texas HoldEm!" game in "boontybox_PCGamer_DVD.exe" in IA items PC_Gamer_Disc_7.55_July_2005 and cdrom-pcgamercd7.58. // Other games in this set also aren't functional despite having the normal layout of stxt sections, and the primary program doesn't install at all due to activation servers being down. - if (pex.ContainsSection("stxt371", exact: true) || pex.ContainsSection("stxt774", exact: true)) + if (exe.ContainsSection("stxt371", exact: true) || exe.ContainsSection("stxt774", exact: true)) { // Check the header padding for protected sections. - var sectionMatch = CheckSectionForProtection(file, includeDebug, pex.HeaderPaddingStrings, pex.HeaderPaddingData, true); + var sectionMatch = CheckSectionForProtection(file, includeDebug, exe.HeaderPaddingStrings, exe.HeaderPaddingData, true); if (sectionMatch != null) resultsList.Add(sectionMatch); // Get the .data section, if it exists, for protected sections. - sectionMatch = CheckSectionForProtection(file, includeDebug, pex.GetFirstSectionStrings(".data"), pex.GetFirstSectionData(".data"), true); + sectionMatch = CheckSectionForProtection(file, includeDebug, exe.GetFirstSectionStrings(".data"), exe.GetFirstSectionData(".data"), true); if (sectionMatch != null) resultsList.Add(sectionMatch!); - int entryPointIndex = pex.FindEntryPointSectionIndex(); - var entryPointSectionName = pex.SectionNames?[entryPointIndex]; + int entryPointIndex = exe.FindEntryPointSectionIndex(); + var entryPointSectionName = exe.SectionNames?[entryPointIndex]; switch (entryPointSectionName) { @@ -102,43 +102,43 @@ namespace BinaryObjectScanner.Protection else { // Check the header padding for protected sections. - var sectionMatch = CheckSectionForProtection(file, includeDebug, pex.HeaderPaddingStrings, pex.HeaderPaddingData, false); + var sectionMatch = CheckSectionForProtection(file, includeDebug, exe.HeaderPaddingStrings, exe.HeaderPaddingData, false); if (sectionMatch != null) resultsList.Add(sectionMatch); // Check the .data section, if it exists, for protected sections. - sectionMatch = CheckSectionForProtection(file, includeDebug, pex.GetFirstSectionStrings(".data"), pex.GetFirstSectionData(".data"), false); + sectionMatch = CheckSectionForProtection(file, includeDebug, exe.GetFirstSectionStrings(".data"), exe.GetFirstSectionData(".data"), false); if (sectionMatch != null) resultsList.Add(sectionMatch); } // Run Cactus Data Shield PE checks - var match = CactusDataShieldCheckExecutable(file, pex, includeDebug); + var match = CactusDataShieldCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); // Run C-Dilla PE checks - match = CDillaCheckExecutable(file, pex, includeDebug); + match = CDillaCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); // Run RipGuard PE checks - match = RipGuardCheckExecutable(file, pex, includeDebug); + match = RipGuardCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); // Run SafeCast PE checks - match = SafeCastCheckExecutable(file, pex, includeDebug); + match = SafeCastCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); // Run SafeDisc PE checks - match = SafeDiscCheckExecutable(file, pex, includeDebug); + match = SafeDiscCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); // Run FLEXnet PE checks - match = FLEXnetCheckExecutable(file, pex, includeDebug); + match = FLEXnetCheckExecutable(file, exe, includeDebug); if (!string.IsNullOrEmpty(match)) resultsList.Add(match!); @@ -389,11 +389,11 @@ namespace BinaryObjectScanner.Protection } // TODO: Combine with filesize version checks if possible. - private static string GetSecDrvExecutableVersion(PortableExecutable pex) + private static string GetSecDrvExecutableVersion(PortableExecutable exe) { // Different versions of this driver correspond to different SafeDisc versions. // TODO: Check if earlier versions of this driver contain the version string in a less obvious place. - var version = pex.FileVersion; + var version = exe.FileVersion; if (!string.IsNullOrEmpty(version)) { return version switch diff --git a/BinaryObjectScanner/Protection/MediaCloQ.cs b/BinaryObjectScanner/Protection/MediaCloQ.cs index c0b228f4..8ec158a3 100644 --- a/BinaryObjectScanner/Protection/MediaCloQ.cs +++ b/BinaryObjectScanner/Protection/MediaCloQ.cs @@ -16,15 +16,15 @@ namespace BinaryObjectScanner.Protection // TODO: "Karaoke Spotlight Series - Pop Hits - Vol. 132" - Sound Choice (SC8732)" is currently undetected, due to there seeming to be no reference to MediaCloQ in the disc's contents. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase)) return $"MediaCloQ"; // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("scvfy Application", StringComparison.OrdinalIgnoreCase)) return $"MediaCloQ"; diff --git a/BinaryObjectScanner/Protection/MediaMax.cs b/BinaryObjectScanner/Protection/MediaMax.cs index b6f13900..edd83ef0 100644 --- a/BinaryObjectScanner/Protection/MediaMax.cs +++ b/BinaryObjectScanner/Protection/MediaMax.cs @@ -16,28 +16,28 @@ namespace BinaryObjectScanner.Protection public class MediaMax : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Used to detect "LicGen.exe", found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase)) return $"MediaMax CD-3"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase)) return $"MediaMax CD-3"; - if (pex.FindGenericResource("Cd3Ctl").Count > 0) + if (exe.FindGenericResource("Cd3Ctl").Count > 0) return $"MediaMax CD-3"; - if (pex.FindDialogBoxByItemTitle("This limited production advanced CD is not playable on your computer. It is solely intended for playback on standard CD players.").Count > 0) + if (exe.FindDialogBoxByItemTitle("This limited production advanced CD is not playable on your computer. It is solely intended for playback on standard CD players.").Count > 0) return $"MediaMax CD-3"; // TODO: Investigate the following dialog item title resource // "This limited production advanced CD is not playable on your computer. It is solely intended for playback on standard CD players." // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { if (strs.Exists(s => s.Contains("CD3 Launch Error"))) @@ -45,9 +45,9 @@ namespace BinaryObjectScanner.Protection } // Get the export name table - if (pex.Model.ExportTable?.ExportNameTable?.Strings != null) + if (exe.Model.ExportTable?.ExportNameTable?.Strings != null) { - if (Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "DllInstallSbcp")) + if (Array.Exists(exe.Model.ExportTable.ExportNameTable.Strings, s => s == "DllInstallSbcp")) return "MediaMax CD-3"; } diff --git a/BinaryObjectScanner/Protection/NEACProtect.cs b/BinaryObjectScanner/Protection/NEACProtect.cs index 089d5142..395138bc 100644 --- a/BinaryObjectScanner/Protection/NEACProtect.cs +++ b/BinaryObjectScanner/Protection/NEACProtect.cs @@ -22,16 +22,16 @@ namespace BinaryObjectScanner.Protection public class NEACProtect : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Most of the relevant executables are highly obfuscated, making executable detection mostly impractical. // Get the .neac0 and .neac1 sections, if they exist. // Found in "NeacSafe64.sys" and "NeacSafe.sys". - if (pex.ContainsSection(".neac0", exact: true) || pex.ContainsSection(".neac1", exact: true)) + if (exe.ContainsSection(".neac0", exact: true) || exe.ContainsSection(".neac1", exact: true)) return "NEAC Protect"; - var name = pex.ProductName; + var name = exe.ProductName; // Found in "NeacSafe64.sys" and "NeacSafe.sys". // TODO: Fix Product Name not being properly grabbed from the file. diff --git a/BinaryObjectScanner/Protection/NProtect.cs b/BinaryObjectScanner/Protection/NProtect.cs index a5d84efb..14662929 100644 --- a/BinaryObjectScanner/Protection/NProtect.cs +++ b/BinaryObjectScanner/Protection/NProtect.cs @@ -31,45 +31,45 @@ namespace BinaryObjectScanner.Protection // TODO: Add text check for the string mentioned in https://github.com/mnadareski/BinaryObjectScanner/issues/154. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate if there are any viable checks for the game EXE itself. - var name = pex.FileDescription; + var name = exe.FileDescription; // Found in "GameGuard.des" in Redump entry 90526 and 99598, and "Soulworker" (Steam Depot 1377581, Manifest 5092481117079359342). if (name.OptionalContains("nProtect GameGuard Launcher")) - return $"nProtect GameGuard ({pex.GetInternalVersion()})"; + return $"nProtect GameGuard ({exe.GetInternalVersion()})"; // Found in "npkcrypt.dll" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Driver Support Dll")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; // Found in "npkcrypt.sys" and "npkcusb.sys" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Driver")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; // Found in "npkpdb.dll" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Program Database DLL")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; - name = pex.ProductName; + name = exe.ProductName; // Found in "GameGuard.des" in Redump entry 90526 and 99598. if (name.OptionalContains("nProtect GameGuard Launcher")) - return $"nProtect GameGuard ({pex.GetInternalVersion()})"; + return $"nProtect GameGuard ({exe.GetInternalVersion()})"; // Found in "npkcrypt.dll" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Driver Support Dll")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; // Found in "npkcrypt.sys" and "npkcusb.sys" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Driver")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; // Found in "npkpdb.dll" in Redump entry 90526. if (name.OptionalContains("nProtect KeyCrypt Program Database DLL")) - return $"nProtect KeyCrypt ({pex.GetInternalVersion()})"; + return $"nProtect KeyCrypt ({exe.GetInternalVersion()})"; return null; } diff --git a/BinaryObjectScanner/Protection/OnlineRegistration.cs b/BinaryObjectScanner/Protection/OnlineRegistration.cs index 6a3cb504..28985237 100644 --- a/BinaryObjectScanner/Protection/OnlineRegistration.cs +++ b/BinaryObjectScanner/Protection/OnlineRegistration.cs @@ -7,12 +7,12 @@ namespace BinaryObjectScanner.Protection public class OnlineRegistration : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Is this too broad in general? - var name = pex.InternalName; + var name = exe.InternalName; if (name.OptionalStartsWith("EReg", StringComparison.OrdinalIgnoreCase)) - return $"Executable-Based Online Registration {pex.GetInternalVersion()}"; + return $"Executable-Based Online Registration {exe.GetInternalVersion()}"; return null; } diff --git a/BinaryObjectScanner/Protection/OpenMG.cs b/BinaryObjectScanner/Protection/OpenMG.cs index 8ed9bdd0..b3d30f3f 100644 --- a/BinaryObjectScanner/Protection/OpenMG.cs +++ b/BinaryObjectScanner/Protection/OpenMG.cs @@ -17,15 +17,15 @@ namespace BinaryObjectScanner.Protection public class OpenMG : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in many different OpenMG related files ("Touch" by Amerie). - var name = pex.LegalTrademarks; + var name = exe.LegalTrademarks; if (name.OptionalStartsWith("OpenMG", StringComparison.OrdinalIgnoreCase)) return $"OpenMG"; // Found in "OMGDBP.OCX" ("Touch" by Amerie). - name = pex.FileDescription; + name = exe.FileDescription; if (name.OptionalStartsWith("LGDiscComp Module", StringComparison.OrdinalIgnoreCase)) return $"OpenMG"; diff --git a/BinaryObjectScanner/Protection/Origin.cs b/BinaryObjectScanner/Protection/Origin.cs index 7293e963..270c5348 100644 --- a/BinaryObjectScanner/Protection/Origin.cs +++ b/BinaryObjectScanner/Protection/Origin.cs @@ -10,13 +10,13 @@ namespace BinaryObjectScanner.Protection public class Origin : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase)) return "Origin"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase)) return "Origin"; diff --git a/BinaryObjectScanner/Protection/PlayJ.cs b/BinaryObjectScanner/Protection/PlayJ.cs index d2912a22..9008cf17 100644 --- a/BinaryObjectScanner/Protection/PlayJ.cs +++ b/BinaryObjectScanner/Protection/PlayJ.cs @@ -14,20 +14,20 @@ namespace BinaryObjectScanner.Protection public class PlayJ : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("PlayJ Music Player", StringComparison.OrdinalIgnoreCase)) return $"PlayJ Music Player"; // Found in "PJSTREAM.DLL" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - name = pex.FileDescription; + name = exe.FileDescription; if (name.OptionalStartsWith("EVAUX32 Module", StringComparison.OrdinalIgnoreCase)) return $"PlayJ Music Player Component"; // Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("PlayJ", StringComparison.OrdinalIgnoreCase)) return $"PlayJ"; diff --git a/BinaryObjectScanner/Protection/ProtectDISC.cs b/BinaryObjectScanner/Protection/ProtectDISC.cs index 66c60d08..66c87f6f 100644 --- a/BinaryObjectScanner/Protection/ProtectDISC.cs +++ b/BinaryObjectScanner/Protection/ProtectDISC.cs @@ -14,13 +14,13 @@ namespace BinaryObjectScanner.Protection public class ProtectDISC : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the 4th and 5th sections, if they exist (example names: ACE4/ACE5) (Found in Redump entries 94792, 94793) - var sections = pex.Model.SectionTable ?? []; + var sections = exe.Model.SectionTable ?? []; for (int i = 3; i < sections.Length; i++) { - var nthSectionData = pex.GetSectionData(i); + var nthSectionData = exe.GetSectionData(i); if (nthSectionData == null) continue; @@ -36,7 +36,7 @@ namespace BinaryObjectScanner.Protection } // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw != null) { var matchers = new List @@ -54,7 +54,7 @@ namespace BinaryObjectScanner.Protection if (sections.Length > 1) { // Get the n - 1 section strings, if they exist - var strs = pex.GetSectionStrings(sections.Length - 2); + var strs = exe.GetSectionStrings(sections.Length - 2); if (strs != null) { var str = strs.Find(s => s.Contains("VOB ProtectCD")); @@ -66,7 +66,7 @@ namespace BinaryObjectScanner.Protection // Get the last section (example names: ACE5, akxpxgcv, and piofinqb) if (sections.Length > 0) { - var lastSectionData = pex.GetSectionData(sections.Length - 1); + var lastSectionData = exe.GetSectionData(sections.Length - 1); if (lastSectionData != null) { var matchers = new List @@ -85,7 +85,7 @@ namespace BinaryObjectScanner.Protection } // Get the .vob.pcd section, if it exists - if (pex.ContainsSection(".vob.pcd", exact: true)) + if (exe.ContainsSection(".vob.pcd", exact: true)) return "VOB ProtectCD"; return null; diff --git a/BinaryObjectScanner/Protection/RainbowSentinel.cs b/BinaryObjectScanner/Protection/RainbowSentinel.cs index a3f1c99d..3e19cb0f 100644 --- a/BinaryObjectScanner/Protection/RainbowSentinel.cs +++ b/BinaryObjectScanner/Protection/RainbowSentinel.cs @@ -38,10 +38,10 @@ namespace BinaryObjectScanner.Protection public class RainbowSentinel : IExecutableCheck, IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug) + public string? CheckExecutable(string file, NewExecutable exe, bool includeDebug) { // TODO: Don't read entire file - byte[]? data = nex.ReadArbitraryRange(); + byte[]? data = exe.ReadArbitraryRange(); if (data == null) return null; @@ -105,7 +105,7 @@ namespace BinaryObjectScanner.Protection return match; // Get the resident and non-resident name table strings - var nrntStrs = Array.ConvertAll(nex.Model.NonResidentNameTable ?? [], + var nrntStrs = Array.ConvertAll(exe.Model.NonResidentNameTable ?? [], rnte => rnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(rnte.NameString)); // Check the nonresident-name table @@ -127,35 +127,35 @@ namespace BinaryObjectScanner.Protection } /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", "SNTI386.DLL", and "SX32W.DL_"/"SX32W.DLL" aren't getting read properly, causing checks for these files to not work. - var name = pex.FileDescription; + var name = exe.FileDescription; // Found in "RNBOVTMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Rainbow Technologies Virtual Device Driver", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "SENTTEMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Rainbow Technologies Sentinel Driver", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "SETUPX86.EXE"/"SENTW95.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Sentinel Driver Setup DLL", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "SNTI386.DLL"/"SENTW95.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Install, Setup - Sentinel Driver", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "wd126.zip/WDSHARE.EXE/SX32W.DL_" in IA item "ASMEsMechanicalEngineeringToolkit1997December" and "WDSHARE.ZIP/WDSHARE.EXE/SX32W.DL_" in IA item "aplicaciones-windows". if (name.OptionalEquals("Rainbow Technologies SentinelSuperPro WIN32 DLL", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel SuperPro {pex.ProductVersion}"; + return $"Rainbow Sentinel SuperPro {exe.ProductVersion}"; // Found in "SP32W.DLL" in IA item "pcwkcd-1296". if (name.OptionalEquals("Rainbow Technologies SentinelPro WIN32 DLL", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow SentinelPro {pex.ProductVersion}"; + return $"Rainbow SentinelPro {exe.ProductVersion}"; // Found in "NSRVGX.EXE" in IA item "czchip199707cd". if (name.OptionalEquals("NetSentinel Server for WIN 32", StringComparison.OrdinalIgnoreCase)) @@ -166,27 +166,27 @@ namespace BinaryObjectScanner.Protection if (name.OptionalEquals("Rainbow Technologies Sentinel Device Driver", StringComparison.OrdinalIgnoreCase)) return "Rainbow Sentinel Driver"; - name = pex.ProductName; + name = exe.ProductName; // Found in multiple files in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", including "RNBOVTMP.DLL", "SENTTEMP.DLL", and "SNTI386.DLL". if (name.OptionalEquals("Rainbow Technologies Sentinel", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "SETUPX86.EXE"/"SENTW95.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Sentinel Driver Setup", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "wd126.zip/WDSHARE.EXE/SX32W.DL_" in IA item "ASMEsMechanicalEngineeringToolkit1997December" and "WDSHARE.ZIP/WDSHARE.EXE/SX32W.DL_" in IA item "aplicaciones-windows". if (name.OptionalEquals("Rainbow Technologies SentinelSuperPro WIN32 DLL", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel SuperPro {pex.ProductVersion}"; + return $"Rainbow Sentinel SuperPro {exe.ProductVersion}"; // Found in "SP32W.DLL" in IA item "pcwkcd-1296". if (name.OptionalEquals("Rainbow Technologies SentinelPro WIN32 DLL", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow SentinelPro {pex.ProductVersion}"; + return $"Rainbow SentinelPro {exe.ProductVersion}"; // Found in "F481_SetupSysDriver.exe.B391C18A_6953_11D4_82CB_00D0B72E1DB9"/"SetupSysDriver.exe" in IA item "chip-cds-2001-08". if (name.OptionalEquals("Sentinel System Driver", StringComparison.OrdinalIgnoreCase)) - return $"Rainbow Sentinel {pex.ProductVersion}"; + return $"Rainbow Sentinel {exe.ProductVersion}"; // Found in "\disc4\cad\sdcc_200.zip\DISK1\_USER1.HDR\Language_Independent_Intel_32_Files\SNTNLUSB.SYS" in "CICA 32 For Windows CD-ROM (Walnut Creek) (October 1999) (Disc 4).iso" in IA item "CICA_32_For_Windows_CD-ROM_Walnut_Creek_October_1999". // TODO: Check if the version included with this is useful. @@ -194,7 +194,7 @@ namespace BinaryObjectScanner.Protection return "Rainbow Sentinel Driver"; // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "ADESKSYS.DLL"/"WINADMIN.EXE"/"WINQUERY.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\netsetup\SUPPORT\IPX". @@ -207,7 +207,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - strs = pex.GetFirstSectionStrings(".rdata"); + strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { // Found in "SP32W.DLL" in IA item "pcwkcd-1296". @@ -232,7 +232,7 @@ namespace BinaryObjectScanner.Protection } // Get the .rsrc section strings, if they exist - strs = pex.GetFirstSectionStrings(".rsrc"); + strs = exe.GetFirstSectionStrings(".rsrc"); if (strs != null) { // Found in "WINMON.exe" in IA item "czchip199707cd". @@ -241,7 +241,7 @@ namespace BinaryObjectScanner.Protection } // Get the .text section strings, if they exist - strs = pex.GetFirstSectionStrings(".text"); + strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { // Found in "ACLT.HWL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\W95LOCK". diff --git a/BinaryObjectScanner/Protection/RealArcade.cs b/BinaryObjectScanner/Protection/RealArcade.cs index 3a441008..05ab809f 100644 --- a/BinaryObjectScanner/Protection/RealArcade.cs +++ b/BinaryObjectScanner/Protection/RealArcade.cs @@ -16,10 +16,10 @@ namespace BinaryObjectScanner.Protection public class RealArcade : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data"); + var strs = exe.GetFirstSectionStrings(".data"); if (strs != null) { // Found in "rebound.exe" in the installation directory for "Rebound" in IA item "Nova_RealArcadeCD_USA". @@ -28,7 +28,7 @@ namespace BinaryObjectScanner.Protection } // Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA". - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("RngInterstitial")) return "RealArcade"; diff --git a/BinaryObjectScanner/Protection/Roxxe.cs b/BinaryObjectScanner/Protection/Roxxe.cs index c5197b12..7cd0ed71 100644 --- a/BinaryObjectScanner/Protection/Roxxe.cs +++ b/BinaryObjectScanner/Protection/Roxxe.cs @@ -14,10 +14,10 @@ namespace BinaryObjectScanner.Protection public class Roxxe : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the code/CODE section strings, if they exist - var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); + var strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) { // Found in "Owar.exe" in IA item "game4u-22-cd". @@ -27,7 +27,7 @@ namespace BinaryObjectScanner.Protection // Get the .rsrc section strings, if they exist // TODO: Check for these strings specifically within the application-defined resource that they're found in, not just the generic resource section. - strs = pex.GetFirstSectionStrings(".rsrc"); + strs = exe.GetFirstSectionStrings(".rsrc"); if (strs != null) { // Found in "Owar.exe" in IA items "game4u-22-cd" and "original-war". @@ -45,10 +45,10 @@ namespace BinaryObjectScanner.Protection // If any dialog boxes match // Found in "Data6.OWP" in IA item "game4u-22-cd". - if (pex.FindDialogBoxByItemTitle("SharpTiny Version 1.0").Count > 0) + if (exe.FindDialogBoxByItemTitle("SharpTiny Version 1.0").Count > 0) return "Roxxe"; // Found in "Data8.OWP" in IA item "game4u-22-cd". - else if (pex.FindDialogBoxByItemTitle("T32xWin Version 1.0").Count > 0) + else if (exe.FindDialogBoxByItemTitle("T32xWin Version 1.0").Count > 0) return "Roxxe"; return null; diff --git a/BinaryObjectScanner/Protection/SVKProtector.cs b/BinaryObjectScanner/Protection/SVKProtector.cs index 382d0ae9..7de605c6 100644 --- a/BinaryObjectScanner/Protection/SVKProtector.cs +++ b/BinaryObjectScanner/Protection/SVKProtector.cs @@ -24,15 +24,15 @@ namespace BinaryObjectScanner.Protection // TODO: Find 1.4+ samples. /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate the "Debugger or tool for monitoring detected!!!.Application cannot be run with debugger or monitoring tool(s) loaded!. Please unload it and restart the application" strings present in seemingly every version. // Get the entry point data, if it exists. - if (pex.EntryPointData != null) + if (exe.EntryPointData != null) { // Found in the SVKP 1.05 demo. - if (pex.EntryPointData.StartsWith(new byte?[] + if (exe.EntryPointData.StartsWith(new byte?[] { 0xEB, 0x03, 0xC7, 0x84, 0xE8, 0x60, 0xEB, 0x03, 0xC7, 0x84, 0xE8, 0xEB, 0x03, 0xC7, 0x84, 0x9A, @@ -43,7 +43,7 @@ namespace BinaryObjectScanner.Protection return "SVKP v1.05"; // Found in the SVKP 1.051 demo. - if (pex.EntryPointData.StartsWith(new byte?[] + if (exe.EntryPointData.StartsWith(new byte?[] { 0x60, 0xEB, 0x03, 0xC7, 0x84, 0xE8, 0xEB, 0x03, 0xC7, 0x84, 0x9A, 0xE8, 0x00, 0x00, 0x00, 0x00, @@ -54,7 +54,7 @@ namespace BinaryObjectScanner.Protection return "SVKP v1.051"; // Found in the SVKP 1.11 demo. - if (pex.EntryPointData.StartsWith(new byte?[] + if (exe.EntryPointData.StartsWith(new byte?[] { 0x60, 0xE8, null, null, null, null, 0x5D, 0x81, 0xED, 0x06, null, null, null, 0x64, 0xA0, 0x23 @@ -62,7 +62,7 @@ namespace BinaryObjectScanner.Protection return "SVKP v1.11"; // Found in the SVKP 1.32 demo and Redump entry 84122. - if (pex.EntryPointData.StartsWith(new byte?[] + if (exe.EntryPointData.StartsWith(new byte?[] { 0x60, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x5D, 0x81, 0xED, 0x06, 0x00, 0x00, 0x00, 0xEB, 0x05, 0xB8, @@ -72,12 +72,12 @@ namespace BinaryObjectScanner.Protection } // 0x504B5653 is "SVKP" - if (pex.Model.COFFFileHeader?.PointerToSymbolTable == 0x504B5653) + if (exe.Model.COFFFileHeader?.PointerToSymbolTable == 0x504B5653) return "SVKP"; // Get the .svkp section, if it exists. // This section is present in at least versions 1.05-1.32, but isn't present in every known sample of these versions. Removing this section name may be a perk of the licensed version. - if (pex.ContainsSection(".svkp", exact: true)) + if (exe.ContainsSection(".svkp", exact: true)) return "SVKP"; return null; diff --git a/BinaryObjectScanner/Protection/SecuROM.cs b/BinaryObjectScanner/Protection/SecuROM.cs index 0f59c174..6cfa957a 100644 --- a/BinaryObjectScanner/Protection/SecuROM.cs +++ b/BinaryObjectScanner/Protection/SecuROM.cs @@ -13,65 +13,65 @@ namespace BinaryObjectScanner.Protection public class SecuROM : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("SecuROM PA")) - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; - name = pex.InternalName; + name = exe.InternalName; if (name.OptionalEquals("paul.dll", StringComparison.OrdinalIgnoreCase)) { - if (pex.ProductName.OptionalEquals("drEAm")) - return $"SecuROM Product Activation v{pex.GetInternalVersion()} - EA Game Authorization Management"; + if (exe.ProductName.OptionalEquals("drEAm")) + return $"SecuROM Product Activation v{exe.GetInternalVersion()} - EA Game Authorization Management"; else - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; } else if (name.OptionalEquals("paul_dll_activate_and_play.dll")) { - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; } else if (name.OptionalEquals("paul_dll_preview_and_review.dll")) { - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; } - name = pex.OriginalFilename; + name = exe.OriginalFilename; if (name.OptionalEquals("paul_dll_activate_and_play.dll")) - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("SecuROM Activate & Play")) - return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; + return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; // Get the matrosch section, if it exists - if (pex.ContainsSection("matrosch", exact: true)) + if (exe.ContainsSection("matrosch", exact: true)) return $"SecuROM Matroschka Package"; // Get the rcpacker section, if it exists - if (pex.ContainsSection("rcpacker", exact: true)) + if (exe.ContainsSection("rcpacker", exact: true)) return $"SecuROM Release Control"; - if (pex.ContainsSection(".dsstext", exact: true)) + if (exe.ContainsSection(".dsstext", exact: true)) return $"SecuROM 8.03.03+"; // Get the .securom section, if it exists - if (pex.ContainsSection(".securom", exact: true)) - return $"SecuROM {GetV7Version(pex)}"; + if (exe.ContainsSection(".securom", exact: true)) + return $"SecuROM {GetV7Version(exe)}"; // Get the .sll section, if it exists - if (pex.ContainsSection(".sll", exact: true)) + if (exe.ContainsSection(".sll", exact: true)) return $"SecuROM SLL Protected (for SecuROM v8.x)"; // Search after the last section - if (pex.OverlayStrings != null) + if (exe.OverlayStrings != null) { - if (pex.OverlayStrings.Exists(s => s == "AddD")) - return $"SecuROM {GetV4Version(pex)}"; + if (exe.OverlayStrings.Exists(s => s == "AddD")) + return $"SecuROM {GetV4Version(exe)}"; } // Get the sections 5+, if they exist (example names: .fmqyrx, .vcltz, .iywiak) - var sections = pex.Model.SectionTable ?? []; + var sections = exe.Model.SectionTable ?? []; for (int i = 4; i < sections.Length; i++) { var nthSection = sections[i]; @@ -81,7 +81,7 @@ namespace BinaryObjectScanner.Protection string nthSectionName = Encoding.ASCII.GetString(nthSection.Name ?? []).TrimEnd('\0'); if (nthSectionName != ".idata" && nthSectionName != ".rsrc") { - var nthSectionData = pex.GetFirstSectionData(nthSectionName); + var nthSectionData = exe.GetFirstSectionData(nthSectionName); if (nthSectionData == null) continue; @@ -98,18 +98,18 @@ namespace BinaryObjectScanner.Protection } // Get the .rdata section strings, if they exist - var strs = pex.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { // Both have the identifier found within `.rdata` but the version is within `.data` if (strs.Exists(s => s.Contains("/secuexp"))) - return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)"; + return $"SecuROM {GetV8WhiteLabelVersion(exe)} (White Label)"; else if (strs.Exists(s => s.Contains("SecuExp.exe"))) - return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)"; + return $"SecuROM {GetV8WhiteLabelVersion(exe)} (White Label)"; } // Get the .cms_d and .cms_t sections, if they exist -- TODO: Confirm if both are needed or either/or is fine - if (pex.ContainsSection(".cmd_d", true) || pex.ContainsSection(".cms_t", true)) + if (exe.ContainsSection(".cmd_d", true) || exe.ContainsSection(".cms_t", true)) return $"SecuROM 1-3"; return null; @@ -167,19 +167,19 @@ namespace BinaryObjectScanner.Protection return MatchUtil.GetFirstMatch(path, matchers, any: true); } - private static string GetV4Version(PortableExecutable pex) + private static string GetV4Version(PortableExecutable exe) { int index = 8; // Begin reading after "AddD" - char major = (char)pex.OverlayData![index]; + char major = (char)exe.OverlayData![index]; index += 2; - string minor = Encoding.ASCII.GetString(pex.OverlayData, index, 2); + string minor = Encoding.ASCII.GetString(exe.OverlayData, index, 2); index += 3; - string patch = Encoding.ASCII.GetString(pex.OverlayData, index, 2); + string patch = Encoding.ASCII.GetString(exe.OverlayData, index, 2); index += 3; - string revision = Encoding.ASCII.GetString(pex.OverlayData, index, 4); + string revision = Encoding.ASCII.GetString(exe.OverlayData, index, 4); if (!char.IsNumber(major)) return "(very old, v3 or less)"; @@ -225,30 +225,30 @@ namespace BinaryObjectScanner.Protection } // These live in the MS-DOS stub, for some reason - private static string GetV7Version(PortableExecutable pex) + private static string GetV7Version(PortableExecutable exe) { // If SecuROM is stripped, the MS-DOS stub might be shorter. // We then know that SecuROM -was- there, but we don't know what exact version. - if (pex.StubExecutableData == null) + if (exe.StubExecutableData == null) return "7 remnants"; //SecuROM 7 new and 8 -- 64 bytes for DOS stub, 236 bytes in total int index = 172; - if (pex.StubExecutableData.Length >= 176 && pex.StubExecutableData[index + 3] == 0x5C) + if (exe.StubExecutableData.Length >= 176 && exe.StubExecutableData[index + 3] == 0x5C) { - int major = pex.StubExecutableData[index + 0] ^ 0xEA; - int minor = pex.StubExecutableData[index + 1] ^ 0x2C; - int patch = pex.StubExecutableData[index + 2] ^ 0x08; + int major = exe.StubExecutableData[index + 0] ^ 0xEA; + int minor = exe.StubExecutableData[index + 1] ^ 0x2C; + int patch = exe.StubExecutableData[index + 2] ^ 0x08; return $"{major}.{minor:00}.{patch:0000}"; } // SecuROM 7 old -- 64 bytes for DOS stub, 122 bytes in total index = 58; - if (pex.StubExecutableData.Length >= 62) + if (exe.StubExecutableData.Length >= 62) { - int minor = pex.StubExecutableData[index + 0] ^ 0x10; - int patch = pex.StubExecutableData[index + 1] ^ 0x10; + int minor = exe.StubExecutableData[index + 0] ^ 0x10; + int patch = exe.StubExecutableData[index + 1] ^ 0x10; //return "7.01-7.10" return $"7.{minor:00}.{patch:0000}"; @@ -259,10 +259,10 @@ namespace BinaryObjectScanner.Protection return "7 remnants"; } - private static string GetV8WhiteLabelVersion(PortableExecutable pex) + private static string GetV8WhiteLabelVersion(PortableExecutable exe) { // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw == null) return "8"; diff --git a/BinaryObjectScanner/Protection/SmartE.cs b/BinaryObjectScanner/Protection/SmartE.cs index 24702b14..5d66b734 100644 --- a/BinaryObjectScanner/Protection/SmartE.cs +++ b/BinaryObjectScanner/Protection/SmartE.cs @@ -9,18 +9,18 @@ namespace BinaryObjectScanner.Protection { public class SmartE : IPathCheck, IExecutableCheck { - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Only works on stub generated from running the program yourself - if (pex.InternalName.OptionalEquals("SmarteSECURE")) + if (exe.InternalName.OptionalEquals("SmarteSECURE")) return "SmartE"; - var sections = pex.Model.SectionTable ?? []; + var sections = exe.Model.SectionTable ?? []; if (sections.Length > 0) { // Get the last section data, if it exists - var lastSectionData = pex.GetSectionData(sections.Length - 1); + var lastSectionData = exe.GetSectionData(sections.Length - 1); if (lastSectionData != null) { // All sections seen so far are the last sections, so this is "technically" diff --git a/BinaryObjectScanner/Protection/SoftLock.cs b/BinaryObjectScanner/Protection/SoftLock.cs index 61414598..90f9bbb8 100644 --- a/BinaryObjectScanner/Protection/SoftLock.cs +++ b/BinaryObjectScanner/Protection/SoftLock.cs @@ -14,49 +14,49 @@ namespace BinaryObjectScanner.Protection public class SoftLock : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - var name = pex.InternalName; + var name = exe.InternalName; if (name.OptionalEquals("Softlock Protected Application")) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - name = pex.Comments; + name = exe.Comments; if (name.OptionalEquals("Softlock Protected Application")) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindStringTableByEntry("Softlock CD").Count > 0) + if (exe.FindStringTableByEntry("Softlock CD").Count > 0) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindStringTableByEntry("Softlock USB Key").Count > 0) + if (exe.FindStringTableByEntry("Softlock USB Key").Count > 0) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindDialogByTitle("Softlock Protection Kit").Count > 0) + if (exe.FindDialogByTitle("Softlock Protection Kit").Count > 0) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindDialogByTitle("About Softlock Protected Application").Count > 0) + if (exe.FindDialogByTitle("About Softlock Protected Application").Count > 0) return "SoftLock"; // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindDialogBoxByItemTitle("www.softlock.net").Count > 0) + if (exe.FindDialogBoxByItemTitle("www.softlock.net").Count > 0) return "SoftLock"; // TODO: See if the version number is anywhere else // TODO: Parse the version number out of the dialog box item // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - if (pex.FindDialogBoxByItemTitle("Softlock Protected Application Version 1.0").Count > 0) + if (exe.FindDialogBoxByItemTitle("Softlock Protected Application Version 1.0").Count > 0) return "SoftLock"; // There are many mentions of USB dongle and CD protection in the various string tables // and dialog boxes. See if any of those are unique to SoftLock. // Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP" - var strings = pex.GetFirstSectionStrings(".section") ?? []; + var strings = exe.GetFirstSectionStrings(".section") ?? []; if (strings.Exists(s => s.Contains("SOFTLOCKPROTECTION"))) return "SoftLock"; diff --git a/BinaryObjectScanner/Protection/SolidShield.cs b/BinaryObjectScanner/Protection/SolidShield.cs index a1aa4175..89004b75 100644 --- a/BinaryObjectScanner/Protection/SolidShield.cs +++ b/BinaryObjectScanner/Protection/SolidShield.cs @@ -13,46 +13,46 @@ namespace BinaryObjectScanner.Protection public class SolidShield : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166. - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("DVM Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield {pex.GetInternalVersion()}"; + return $"SolidShield {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Solidshield Activation Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Core.dll {pex.GetInternalVersion()}"; + return $"SolidShield Core.dll {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Activation Manager", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Activation Manager Module {GetInternalVersion(pex)}"; + return $"SolidShield Activation Manager Module {GetInternalVersion(exe)}"; // Found in Redump entry 63719. else if (name.OptionalStartsWith("Solidshield - Activation Wizard", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Activation Manager Module {GetInternalVersion(pex)}"; + return $"SolidShield Activation Manager Module {GetInternalVersion(exe)}"; // Found in "tvdm.dll" in Redump entry 68166. else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield {GetInternalVersion(pex)}"; + return $"SolidShield {GetInternalVersion(exe)}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("Solidshield Activation Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Core.dll {pex.GetInternalVersion()}"; + return $"SolidShield Core.dll {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Core.dll {pex.GetInternalVersion()}"; + return $"SolidShield Core.dll {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Activation Manager", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield Activation Manager Module {GetInternalVersion(pex)}"; + return $"SolidShield Activation Manager Module {GetInternalVersion(exe)}"; // Found in "tvdm.dll" in Redump entry 68166. else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase)) - return $"SolidShield {GetInternalVersion(pex)}"; + return $"SolidShield {GetInternalVersion(exe)}"; // Get the .init section, if it exists - if (pex.ContainsSection(".init")) + if (exe.ContainsSection(".init")) { - var initData = pex.GetFirstSectionData(".init"); + var initData = exe.GetFirstSectionData(".init"); if (initData != null) { var matchers = new List @@ -71,15 +71,15 @@ namespace BinaryObjectScanner.Protection } // Get the wrapper resource, if it exists - if (pex.FindResourceByNamedType("BIN, IDR_SGT").Count > 0) + if (exe.FindResourceByNamedType("BIN, IDR_SGT").Count > 0) return "SolidShield EXE Wrapper v1"; // Search the last two available sections - var sections = pex.Model.SectionTable ?? []; + var sections = exe.Model.SectionTable ?? []; for (int i = Math.Max(sections.Length - 2, 0); i < sections.Length; i++) { // Get the nth section strings, if they exist - var strs = pex.GetSectionStrings(i); + var strs = exe.GetSectionStrings(i); if (strs != null) { var str = strs.Find(s => s.Contains("Solidshield ")); @@ -89,15 +89,15 @@ namespace BinaryObjectScanner.Protection } // Get the import directory table, if it exists - if (pex.Model.ImportTable?.ImportDirectoryTable != null) + if (exe.Model.ImportTable?.ImportDirectoryTable != null) { - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "dvm.dll")) + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "dvm.dll")) return "SolidShield EXE Wrapper v1"; - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x86.dll")) + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x86.dll")) return "SolidShield EXE Wrapper v2"; - if (Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x64.dll")) + if (Array.Exists(exe.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name == "activation.x64.dll")) return "SolidShield EXE Wrapper v2"; } @@ -216,11 +216,11 @@ namespace BinaryObjectScanner.Protection return string.Empty; } - private static string GetInternalVersion(PortableExecutable pex) + private static string GetInternalVersion(PortableExecutable exe) { - var companyName = pex.CompanyName?.ToLowerInvariant(); + var companyName = exe.CompanyName?.ToLowerInvariant(); if (!string.IsNullOrEmpty(companyName) && (companyName!.Contains("solidshield") || companyName.Contains("tages"))) - return pex.GetInternalVersion() ?? string.Empty; + return exe.GetInternalVersion() ?? string.Empty; return string.Empty; } diff --git a/BinaryObjectScanner/Protection/StarForce.cs b/BinaryObjectScanner/Protection/StarForce.cs index 88c21f20..960209a8 100644 --- a/BinaryObjectScanner/Protection/StarForce.cs +++ b/BinaryObjectScanner/Protection/StarForce.cs @@ -17,10 +17,10 @@ namespace BinaryObjectScanner.Protection // "Replay.exe" not detected, doesn't detect "[FL Disc]" (Redump entry 81756). // Doesn't detect "[Pro]" (Redump entry 91336). /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // TODO: Find what fvinfo field actually maps to this - var name = pex.FileDescription; + var name = exe.FileDescription; // There are some File Description checks that are currently too generic to use. // "Host Library" - Found in "protect.dll" in Redump entry 81756. @@ -33,71 +33,71 @@ namespace BinaryObjectScanner.Protection // Found in "protect.exe" in Redump entry 94805. if (name.OptionalContains("FrontLine Protection GUI Application")) - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; // Found in "protect.dll" in Redump entry 94805. if (name.OptionalContains("FrontLine Protection Library")) - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; // Found in "protect.x64" and "protect.x86" in Redump entry 94805. if (name.OptionalContains("FrontLine Helper")) - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; // TODO: Find a sample of this check. if (name.OptionalContains("Protected Module")) return $"StarForce 5"; - name = pex.LegalCopyright; + name = exe.LegalCopyright; if (name.OptionalStartsWith("(c) Protection Technology")) // (c) Protection Technology (StarForce)? - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; else if (name.OptionalContains("Protection Technology")) // Protection Technology (StarForce)? - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; // FrontLine ProActive (digital activation), samples: // https://dbox.tools/titles/pc/46450FA4/ // https://dbox.tools/titles/pc/4F430FA0/ // https://dbox.tools/titles/pc/53450FA1/ - name = pex.TradeName; + name = exe.TradeName; if (name.OptionalContains("FL ProActive")) return $"FrontLine ProActive"; // TODO: Decide if internal name checks are safe to use. - name = pex.InternalName; + name = exe.InternalName; // Found in "protect.x64" and "protect.x86" in Redump entry 94805. if (name.OptionalEquals("CORE.ADMIN", StringComparison.Ordinal)) - return $"StarForce {pex.GetInternalVersion()}"; + return $"StarForce {exe.GetInternalVersion()}"; // These checks currently disabled due being possibly too generic: // Found in "protect.dll" in Redump entry 94805. // if (name.OptionalEquals("CORE.DLL", StringComparison.Ordinal)) - // return $"StarForce {Tools.Utilities.GetInternalVersion(pex)}"; + // return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}"; // // Found in "protect.exe" in Redump entry 94805. // if (name.OptionalEquals("CORE.EXE", StringComparison.Ordinal)) - // return $"StarForce {Tools.Utilities.GetInternalVersion(pex)}"; + // return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}"; // // else if (name.OptionalEquals("protect.exe", StringComparison.Ordinal)) - // return $"StarForce {Tools.Utilities.GetInternalVersion(pex)}"; + // return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}"; // Check the export name table - if (pex.Model.ExportTable?.ExportNameTable?.Strings != null) + if (exe.Model.ExportTable?.ExportNameTable?.Strings != null) { // TODO: Should we just check for "PSA_*" instead of a single entry? - if (Array.Exists(pex.Model.ExportTable.ExportNameTable.Strings, s => s == "PSA_GetDiscLabel")) - return $"StarForce {pex.GetInternalVersion()}"; + if (Array.Exists(exe.Model.ExportTable.ExportNameTable.Strings, s => s == "PSA_GetDiscLabel")) + return $"StarForce {exe.GetInternalVersion()}"; } // TODO: Check to see if there are any missing checks // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/StarForce.2.sg // Get the .brick section, if it exists - if (pex.ContainsSection(".brick", exact: true)) + if (exe.ContainsSection(".brick", exact: true)) return "StarForce 3-5"; // Get the .sforce* section, if it exists - if (pex.ContainsSection(".sforce", exact: false)) + if (exe.ContainsSection(".sforce", exact: false)) return "StarForce 3-5"; return null; diff --git a/BinaryObjectScanner/Protection/Steam.cs b/BinaryObjectScanner/Protection/Steam.cs index c5cb2899..9a3dacfe 100644 --- a/BinaryObjectScanner/Protection/Steam.cs +++ b/BinaryObjectScanner/Protection/Steam.cs @@ -9,19 +9,19 @@ namespace BinaryObjectScanner.Protection public class Steam : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("Steam Autorun Setup")) return "Steam"; else if (name.OptionalContains("Steam Client API")) return "Steam"; else if (name.OptionalContains("Steam Client Engine")) - return $"Steam Client Engine {pex.GetInternalVersion()}"; + return $"Steam Client Engine {exe.GetInternalVersion()}"; else if (name.OptionalContains("Steam Client Service")) return "Steam"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("Steam Autorun Setup")) return "Steam"; else if (name.OptionalContains("Steam Client API")) diff --git a/BinaryObjectScanner/Protection/Sysiphus.cs b/BinaryObjectScanner/Protection/Sysiphus.cs index c55f4110..011fc83f 100644 --- a/BinaryObjectScanner/Protection/Sysiphus.cs +++ b/BinaryObjectScanner/Protection/Sysiphus.cs @@ -7,10 +7,10 @@ namespace BinaryObjectScanner.Protection public class Sysiphus : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .data/DATA section strings, if they exist - var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { var str = strs.Find(s => s.Contains("V SUHPISYS")); diff --git a/BinaryObjectScanner/Protection/Tages.cs b/BinaryObjectScanner/Protection/Tages.cs index a57cc3e3..5756c3a8 100644 --- a/BinaryObjectScanner/Protection/Tages.cs +++ b/BinaryObjectScanner/Protection/Tages.cs @@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Protection public class TAGES : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Known TAGES Driver Setup filenames: // - DrvSetup.exe @@ -24,23 +24,23 @@ namespace BinaryObjectScanner.Protection // - TagesClient.exe // - TagesClient.dat (Does not always exist) - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("TagesSetup", StringComparison.OrdinalIgnoreCase)) - return $"TAGES Driver Setup {GetVersion(pex)}"; + return $"TAGES Driver Setup {GetVersion(exe)}"; else if (name.OptionalStartsWith("Tagès activation client", StringComparison.OrdinalIgnoreCase)) - return $"TAGES Activation Client {GetVersion(pex)}"; + return $"TAGES Activation Client {GetVersion(exe)}"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalStartsWith("Application TagesSetup", StringComparison.OrdinalIgnoreCase)) - return $"TAGES Driver Setup {GetVersion(pex)}"; + return $"TAGES Driver Setup {GetVersion(exe)}"; else if (name.OptionalStartsWith("T@GES", StringComparison.OrdinalIgnoreCase)) - return $"TAGES Activation Client {GetVersion(pex)}"; + return $"TAGES Activation Client {GetVersion(exe)}"; // TODO: Add entry point check // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Tages.2.sg // Get the .data/DATA section, if it exists - var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); + var dataSectionRaw = exe.GetFirstSectionData(".data") ?? exe.GetFirstSectionData("DATA"); if (dataSectionRaw != null) { var matchers = new List @@ -210,10 +210,10 @@ namespace BinaryObjectScanner.Protection return MatchUtil.GetFirstMatch(path, matchers, any: true); } - private static string GetVersion(PortableExecutable pex) + private static string GetVersion(PortableExecutable exe) { // Check the internal versions - var version = pex.GetInternalVersion(); + var version = exe.GetInternalVersion(); if (!string.IsNullOrEmpty(version)) return version!; diff --git a/BinaryObjectScanner/Protection/Themida.cs b/BinaryObjectScanner/Protection/Themida.cs index 51bde32f..42df3639 100644 --- a/BinaryObjectScanner/Protection/Themida.cs +++ b/BinaryObjectScanner/Protection/Themida.cs @@ -24,10 +24,10 @@ namespace BinaryObjectScanner.Protection public class Themida : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the "Arcsoft " section strings, if they exist - var strs = pex.GetFirstSectionStrings("Arcsoft "); + var strs = exe.GetFirstSectionStrings("Arcsoft "); if (strs != null) { // Found in "uDigital Theatre.exe" in http://downloads.fyxm.net/ArcSoft-TotalMedia-23085.html (https://web.archive.org/web/20221114042838/http://files.fyxm.net/23/23085/totalmediatheatre3platinum_retail_tbyb_all.exe). diff --git a/BinaryObjectScanner/Protection/ThreePLock.cs b/BinaryObjectScanner/Protection/ThreePLock.cs index 5fdc513d..53b50ce3 100644 --- a/BinaryObjectScanner/Protection/ThreePLock.cs +++ b/BinaryObjectScanner/Protection/ThreePLock.cs @@ -11,13 +11,13 @@ namespace BinaryObjectScanner.Protection public class ThreePLock : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // This produced false positives in some DirectX 9.0c installer files //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW" // Get the .ldr and .ldt sections, if they exist - if (pex.ContainsSection(".ldr", exact: true) && pex.ContainsSection(".ldt", exact: true)) + if (exe.ContainsSection(".ldr", exact: true) && exe.ContainsSection(".ldt", exact: true)) return $"3P-Lock Copy Protection"; return null; diff --git a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs index 15df9004..bf9bac54 100644 --- a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs +++ b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs @@ -6,12 +6,12 @@ namespace BinaryObjectScanner.Protection public class ThreeTwoOneStudios : IExecutableCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Check the dialog box resources - if (pex.FindDialogByTitle("321Studios Activation").Count > 0) + if (exe.FindDialogByTitle("321Studios Activation").Count > 0) return $"321Studios Online Activation"; - else if (pex.FindDialogByTitle("321Studios Phone Activation").Count > 0) + else if (exe.FindDialogByTitle("321Studios Phone Activation").Count > 0) return $"321Studios Online Activation"; return null; diff --git a/BinaryObjectScanner/Protection/Uplay.cs b/BinaryObjectScanner/Protection/Uplay.cs index 33a44f92..f1fa4d2c 100644 --- a/BinaryObjectScanner/Protection/Uplay.cs +++ b/BinaryObjectScanner/Protection/Uplay.cs @@ -10,9 +10,9 @@ namespace BinaryObjectScanner.Protection public class Uplay : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("Ubisoft Connect Installer")) return "Uplay / Ubisoft Connect"; else if (name.OptionalContains("Ubisoft Connect Service")) @@ -29,7 +29,7 @@ namespace BinaryObjectScanner.Protection return "Uplay / Ubisoft Connect"; // There's also a variant that looks like "Uplay installer" - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("Ubisoft Connect")) return "Uplay / Ubisoft Connect"; else if (name.OptionalContains("Uplay")) diff --git a/BinaryObjectScanner/Protection/WMDS.cs b/BinaryObjectScanner/Protection/WMDS.cs index f83837c0..8d278af4 100644 --- a/BinaryObjectScanner/Protection/WMDS.cs +++ b/BinaryObjectScanner/Protection/WMDS.cs @@ -16,19 +16,19 @@ namespace BinaryObjectScanner.Protection public class WMDS : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalStartsWith("Windows Media Data Session Licensing Engine", StringComparison.OrdinalIgnoreCase)) return "Windows Media Data Session DRM"; // Found in "autorun.exe" ("Touch" by Amerie). - if (pex.FindDialogBoxByItemTitle("If you attempt to play this content on a computer without a license, you will first have to acquire a license before it will play.").Count > 0) + if (exe.FindDialogBoxByItemTitle("If you attempt to play this content on a computer without a license, you will first have to acquire a license before it will play.").Count > 0) return "Windows Media Data Session DRM"; // Found in "autorun.exe" ("Touch" by Amerie). - if (pex.FindDialogBoxByItemTitle("You cannot generate a licence to play the protected Windows Media files without an original disc.").Count > 0) + if (exe.FindDialogBoxByItemTitle("You cannot generate a licence to play the protected Windows Media files without an original disc.").Count > 0) return "Windows Media Data Session DRM"; return null; diff --git a/BinaryObjectScanner/Protection/WTMCDProtect.cs b/BinaryObjectScanner/Protection/WTMCDProtect.cs index 3bfd5a45..fe059a72 100644 --- a/BinaryObjectScanner/Protection/WTMCDProtect.cs +++ b/BinaryObjectScanner/Protection/WTMCDProtect.cs @@ -10,22 +10,22 @@ namespace BinaryObjectScanner.Protection public class WTMCDProtect : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = pex.FileDescription; + var name = exe.FileDescription; if (name.OptionalContains("Copy Protection Viewer")) return "WTM Protection Viewer"; - name = pex.LegalTrademarks; + name = exe.LegalTrademarks; if (name.OptionalContains("WTM Copy Protection")) return "WTM Protection Viewer"; - name = pex.ProductName; + name = exe.ProductName; if (name.OptionalContains("WTM Copy Protection Viewer")) return "WTM Protection Viewer"; // Get the code/CODE section strings, if they exist - var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); + var strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) { if (strs.Exists(s => s.Contains("wtmdum.imp"))) @@ -33,7 +33,7 @@ namespace BinaryObjectScanner.Protection } // Get the .text section strings, if they exist - strs = pex.GetFirstSectionStrings(".text"); + strs = exe.GetFirstSectionStrings(".text"); if (strs != null) { if (strs.Exists(s => s.Contains("WTM DIGITAL Photo Protect"))) diff --git a/BinaryObjectScanner/Protection/XCP.cs b/BinaryObjectScanner/Protection/XCP.cs index eea19cd9..161d8ada 100644 --- a/BinaryObjectScanner/Protection/XCP.cs +++ b/BinaryObjectScanner/Protection/XCP.cs @@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection public class XCP : IExecutableCheck, IPathCheck { /// - public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) + public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .rdata section strings, if they exist - List? strs = pex.GetFirstSectionStrings(".rdata"); + List? strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { if (strs.Exists(s => s.Contains("XCP.DAT")))