SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-04-29 01:50:24 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Migrate protections to new interfaces

Browse Source
This commit is contained in:
Matt Nadareski
2022-03-14 11:20:11 -07:00
parent fcbf006e4e
commit 513e799aa3
36 changed files with 215 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
BurnOutSharp/IContentCheck.cs
View File

@@ -4,8 +4,7 @@ using BurnOutSharp.ExecutableType.Microsoft.PE;
namespace BurnOutSharp
{
// TODO: This should either include an override that takes a Stream instead of the byte[]
// OR have a completely separate check for when it's an executable specifically
// TODO: Separate CheckContents into a separate check for each executalbe type; separate interfaces?
// TODO: This should be retired in lieu of the I*ContentCheck interfaces
internal interface IContentCheck
{
/// <summary>

47
BurnOutSharp/PackerType/EXEStealth.cs
View File

@@ -1,4 +1,5 @@
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
@@ -7,8 +8,33 @@ namespace BurnOutSharp.PackerType
// TODO: Figure out how to more granularly determine versions like PiD,
// at least for the 2.41 -> 2.75 range
// TODO: Detect 3.15 and up (maybe looking for `Metamorphism`)
public class EXEStealth : IPEContentCheck
public class EXEStealth : IContentCheck, IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;??
new ContentMatchSet(new byte?[]
{
0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B,
0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F,
0x3F
}, "EXE Stealth"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
@@ -32,25 +58,6 @@ namespace BurnOutSharp.PackerType
if (rsrrSection)
return "EXE Stealth 2.76";
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;??
new ContentMatchSet(new byte?[]
{
0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B,
0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F,
0x3F
}, "EXE Stealth"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
}

1
BurnOutSharp/PackerType/InnoSetup.cs
View File

@@ -39,6 +39,7 @@ namespace BurnOutSharp.PackerType
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;

1
BurnOutSharp/PackerType/WinZipSFX.cs
View File

@@ -39,6 +39,7 @@ namespace BurnOutSharp.PackerType
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;

1
BurnOutSharp/PackerType/WiseInstaller.cs
View File

@@ -37,6 +37,7 @@ namespace BurnOutSharp.PackerType
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;

42
BurnOutSharp/ProtectionType/ActiveMARK.cs
View File

@@ -6,10 +6,33 @@ using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
// TODO: Figure out how to get version numbers
public class ActiveMARK : IContentCheck
public class ActiveMARK : IContentCheck, IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00
new ContentMatchSet(new byte?[]
{
0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00,
0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00,
0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00
}, "ActiveMARK 5"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
@@ -31,23 +54,6 @@ namespace BurnOutSharp.ProtectionType
return match;
}
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00
new ContentMatchSet(new byte?[]
{
0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00,
0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00,
0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00
}, "ActiveMARK 5"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
}

5
BurnOutSharp/ProtectionType/AlphaROM.cs
View File

@@ -1,5 +1,4 @@
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
@@ -12,10 +11,10 @@ namespace BurnOutSharp.ProtectionType
// - SETTEC0000SETTEC1111
// - SOFTWARE\SETTEC
// TODO: Are there version numbers?
public class AlphaROM : IContentCheck
public class AlphaROM : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/CDCheck.cs
View File

@@ -1,14 +1,13 @@
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class CDCheck : IContentCheck
public class CDCheck : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

78
BurnOutSharp/ProtectionType/CDDVDCops.cs
View File

@@ -8,45 +8,11 @@ using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class CDDVDCops : IContentCheck, IPathCheck
public class CDDVDCops : IContentCheck, INEContentCheck, IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// Try to read the contents as a PE executable
if (pex != null)
{
var sections = pex?.SectionTable;
if (sections == null)
return null;
// Get the .grand section, if it exists -- TODO: Confirm is this is in DVD-Cops as well
bool grandSection = pex.ContainsSection(".grand", exact: true);
if (grandSection)
return "CD-Cops";
}
// Try to read the contents as an NE executable
if (nex != null)
{
// TODO: Do something with these strings in the NE header(?)
// - CDCOPS
// - CDcops assembly-language DLL
// TODO: Figure out what NE section this lives in
var neMatchSets = new List<ContentMatchSet>
{
// CD-Cops, ver.
new ContentMatchSet(new byte?[]
{
0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C,
0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
}, GetVersion, "CD-Cops"),
};
return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug);
}
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
@@ -74,6 +40,48 @@ namespace BurnOutSharp.ProtectionType
return null;
}
/// <inheritdoc/>
public string CheckNEContents(string file, byte[] fileContent, bool includeDebug, NewExecutable nex)
{
// Get the DOS stub from the executable, if possible
var stub = nex?.DOSStubHeader;
if (stub == null)
return null;
// TODO: Do something with these strings in the NE header(?)
// - CDCOPS
// - CDcops assembly-language DLL
// TODO: Figure out what NE section this lives in
var neMatchSets = new List<ContentMatchSet>
{
// CD-Cops, ver.
new ContentMatchSet(new byte?[]
{
0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C,
0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
}, GetVersion, "CD-Cops"),
};
return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug);
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;
// Get the .grand section, if it exists -- TODO: Confirm is this is in DVD-Cops as well
bool grandSection = pex.ContainsSection(".grand", exact: true);
if (grandSection)
return "CD-Cops";
return null;
}
/// <inheritdoc/>
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
{

5
BurnOutSharp/ProtectionType/CDKey.cs
View File

@@ -1,14 +1,13 @@
using System;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class CDKey : IContentCheck
public class CDKey : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/CDLock.cs
View File

@@ -1,15 +1,14 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class CDLock : IContentCheck, IPathCheck
public class CDLock : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/CDSHiELDSE.cs
View File

@@ -1,14 +1,13 @@
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class CDSHiELDSE : IContentCheck
public class CDSHiELDSE : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

26
BurnOutSharp/ProtectionType/CactusDataShield.cs
View File

@@ -10,7 +10,7 @@ using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class CactusDataShield : IContentCheck, IPathCheck
public class CactusDataShield : IContentCheck, IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
private List<ContentMatchSet> GetContentMatchSets()
@@ -28,6 +28,21 @@ namespace BurnOutSharp.ProtectionType
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Limit these checks to Mac binaries
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = GetContentMatchSets();
if (contentMatchSets != null && contentMatchSets.Any())
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
@@ -51,15 +66,6 @@ namespace BurnOutSharp.ProtectionType
return match;
}
// TODO: Limit these checks to Mac binaries
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = GetContentMatchSets();
if (contentMatchSets != null && contentMatchSets.Any())
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}

7
BurnOutSharp/ProtectionType/CenegaProtectDVD.cs
View File

@@ -1,12 +1,11 @@
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
namespace BurnOutSharp.ProtectionType
{
public class CengaProtectDVD : IContentCheck
public class CengaProtectDVD : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

28
BurnOutSharp/ProtectionType/CodeLock.cs
View File

@@ -7,21 +7,11 @@ using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
// CodeLock / CodeLok / CopyLok
public class CodeLock : IContentCheck
public class CodeLock : IContentCheck, IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;
// If there are more than 2 icd-prefixed sections, then we have a match
int icdSectionCount = pex.GetSectionNames().Count(s => s.StartsWith("icd"));
if (icdSectionCount >= 2)
return "CodeLock / CodeLok / CopyLok";
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
@@ -40,5 +30,21 @@ namespace BurnOutSharp.ProtectionType
return null;
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;
// If there are more than 2 icd-prefixed sections, then we have a match
int icdSectionCount = pex.GetSectionNames().Count(s => s.StartsWith("icd"));
if (icdSectionCount >= 2)
return "CodeLock / CodeLok / CopyLok";
return null;
}
}
}

5
BurnOutSharp/ProtectionType/ElectronicArts.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -13,10 +12,10 @@ namespace BurnOutSharp.ProtectionType
// - Look into `ccinstall`, `Services/EACOM`, `TSLHost`, `SIGS/UploadThread/exchangeAuthToken`,
// `blazeURL`, `psapi.dll`, `DasmX86Dll.dll`, `NVCPL.dll`, `iphlpapi.dll`, `dbghelp.dll`,
// `WS2_32.dll`,
public class ElectronicArts : IContentCheck
public class ElectronicArts : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/GFWL.cs
View File

@@ -1,17 +1,16 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class GFWL : IContentCheck, IPathCheck
public class GFWL : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/ImpulseReactor.cs
View File

@@ -1,6 +1,5 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -9,10 +8,10 @@ namespace BurnOutSharp.ProtectionType
{
// Note that this set of checks also contains "Stardock Product Activation"
// This is intentional, as that protection is highly related to Impulse Reactor
public class ImpulseReactor : IContentCheck, IPathCheck
public class ImpulseReactor : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

7
BurnOutSharp/ProtectionType/Intenium.cs
View File

@@ -1,10 +1,9 @@
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class Intenium : IContentCheck
public class Intenium : IPEContentCheck
{
/*
* Possible strings for finding INTENIUM Trial & Buy Protection
@@ -23,7 +22,7 @@ namespace BurnOutSharp.ProtectionType
*/
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/JoWood.cs
View File

@@ -1,7 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
@@ -10,10 +9,10 @@ namespace BurnOutSharp.ProtectionType
// Interesting note: the former protection "Xtreme-Protector" was found to be a
// subset of the JoWood X-Prot checks, more specifically the XPROT section check
// that now outputs a version of v1.4+.
public class JoWood : IContentCheck
public class JoWood : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/LaserLok.cs
View File

@@ -3,17 +3,16 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class LaserLok : IContentCheck, IPathCheck
public class LaserLok : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// TODO: Additional checks that may or may not be useful with the below
//

5
BurnOutSharp/ProtectionType/MediaMaxCD3.cs
View File

@@ -1,16 +1,15 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class MediaMaxCD3 : IContentCheck, IPathCheck
public class MediaMaxCD3 : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/OnlineRegistration.cs
View File

@@ -1,14 +1,13 @@
using System;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class OnlineRegistration : IContentCheck
public class OnlineRegistration : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/Origin.cs
View File

@@ -1,17 +1,16 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class Origin : IContentCheck, IPathCheck
public class Origin : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent,bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/ProtectDisc.cs
View File

@@ -1,17 +1,16 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
// This protection was called VOB ProtectCD / ProtectDVD in versions prior to 6
public class ProtectDISC : IContentCheck
public class ProtectDISC : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/SafeDisc.cs
View File

@@ -2,7 +2,6 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -11,7 +10,7 @@ namespace BurnOutSharp.ProtectionType
{
// TODO: Figure out how to properly distinguish SafeDisc and SafeCast since both use
// the same generic BoG_ string. The current combination check doesn't seem consistent
public class SafeDisc : IContentCheck, IPathCheck
public class SafeDisc : IPEContentCheck, IPathCheck
{
/// <summary>
/// Set of all PathMatchSets for this protection
@@ -48,7 +47,7 @@ namespace BurnOutSharp.ProtectionType
};
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/SecuROM.cs
View File

@@ -3,7 +3,6 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -13,10 +12,10 @@ namespace BurnOutSharp.ProtectionType
// TODO: Investigate why White Label v8 doesn't get detected - http://redump.org/disc/48997/
// TODO: Does the ".shr" section in the code have anything to do with this?
// TODO: Investigate SecuROM for Macintosh
public class SecuROM : IContentCheck, IPathCheck
public class SecuROM : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/SmartE.cs
View File

@@ -1,17 +1,16 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class SmartE : IContentCheck, IPathCheck
public class SmartE : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/SolidShield.cs
View File

@@ -2,7 +2,6 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -11,7 +10,7 @@ namespace BurnOutSharp.ProtectionType
{
// TODO: Not matching all SolidShield Wrapper v1 (See JackKeane)
// TODO: Not matching all SolidShield Wrapper v1 (See NFS11)
public class SolidShield : IContentCheck, IPathCheck
public class SolidShield : IPEContentCheck, IPathCheck
{
/// <summary>
/// Set of all PathMatchSets for this protection
@@ -25,7 +24,7 @@ namespace BurnOutSharp.ProtectionType
};
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/StarForce.cs
View File

@@ -1,17 +1,16 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class StarForce : IContentCheck, IPathCheck
public class StarForce : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/Sysiphus.cs
View File

@@ -1,16 +1,15 @@
using System;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class Sysiphus : IContentCheck
public class Sysiphus : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

50
BurnOutSharp/ProtectionType/Tages.cs
View File

@@ -10,10 +10,37 @@ using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class TAGES : IContentCheck, IPathCheck
public class TAGES : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// protected-tages-runtime.exe
new ContentMatchSet(new byte?[]
{
0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65,
0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D,
0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E,
0x65, 0x78, 0x65
}, Utilities.GetFileVersion, "TAGES [DEBUG]"),
// This check seems to currently be broken, as files that appear to have this string aren't being detected.
// (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8
new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES [DEBUG]"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}
/// <inheritdoc/>
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
@@ -42,27 +69,6 @@ namespace BurnOutSharp.ProtectionType
else if (!string.IsNullOrWhiteSpace(name) && name.StartsWith("T@GES", StringComparison.OrdinalIgnoreCase))
return $"TAGES Activation Client {GetVersion(pex)}";
// TODO: Obtain a sample to find where this string is in a typical executable
if (includeDebug)
{
var contentMatchSets = new List<ContentMatchSet>
{
// protected-tages-runtime.exe
new ContentMatchSet(new byte?[]
{
0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65,
0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D,
0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E,
0x65, 0x78, 0x65
}, Utilities.GetFileVersion, "TAGES [DEBUG]"),
// This check seems to currently be broken, as files that appear to have this string aren't being detected.
// (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8
new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES [DEBUG]"),
};
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
return null;
}

7
BurnOutSharp/ProtectionType/ThreePLock.cs
View File

@@ -1,12 +1,11 @@
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
namespace BurnOutSharp.ProtectionType
{
public class ThreePLock : IContentCheck
public class ThreePLock : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

7
BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs
View File

@@ -1,13 +1,12 @@
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Tools;
namespace BurnOutSharp.ProtectionType
{
public class ThreeTwoOneStudios : IContentCheck
public class ThreeTwoOneStudios : IPEContentCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/WTMCDProtect.cs
View File

@@ -1,15 +1,14 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class WTMCDProtect : IContentCheck, IPathCheck
public class WTMCDProtect : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;

5
BurnOutSharp/ProtectionType/XCP.cs
View File

@@ -3,7 +3,6 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft.NE;
using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.FileType;
using BurnOutSharp.Matching;
@@ -11,10 +10,10 @@ using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
// TODO: Figure out how to use path check framework here
public class XCP : IContentCheck, IPathCheck
public class XCP : IPEContentCheck, IPathCheck
{
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;