From 513e799aa3715e75ce0e9b471d8fe3dcd88f97b3 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Mon, 14 Mar 2022 11:20:11 -0700 Subject: [PATCH] Migrate protections to new interfaces --- BurnOutSharp/IContentCheck.cs | 3 +- BurnOutSharp/PackerType/EXEStealth.cs | 47 ++++++----- BurnOutSharp/PackerType/InnoSetup.cs | 1 + BurnOutSharp/PackerType/WinZipSFX.cs | 1 + BurnOutSharp/PackerType/WiseInstaller.cs | 1 + BurnOutSharp/ProtectionType/ActiveMARK.cs | 42 +++++----- BurnOutSharp/ProtectionType/AlphaROM.cs | 5 +- BurnOutSharp/ProtectionType/CDCheck.cs | 5 +- BurnOutSharp/ProtectionType/CDDVDCops.cs | 78 ++++++++++--------- BurnOutSharp/ProtectionType/CDKey.cs | 5 +- BurnOutSharp/ProtectionType/CDLock.cs | 5 +- BurnOutSharp/ProtectionType/CDSHiELDSE.cs | 5 +- .../ProtectionType/CactusDataShield.cs | 26 ++++--- .../ProtectionType/CenegaProtectDVD.cs | 7 +- BurnOutSharp/ProtectionType/CodeLock.cs | 28 ++++--- BurnOutSharp/ProtectionType/ElectronicArts.cs | 5 +- BurnOutSharp/ProtectionType/GFWL.cs | 5 +- BurnOutSharp/ProtectionType/ImpulseReactor.cs | 5 +- BurnOutSharp/ProtectionType/Intenium.cs | 7 +- BurnOutSharp/ProtectionType/JoWood.cs | 5 +- BurnOutSharp/ProtectionType/LaserLok.cs | 5 +- BurnOutSharp/ProtectionType/MediaMaxCD3.cs | 5 +- .../ProtectionType/OnlineRegistration.cs | 5 +- BurnOutSharp/ProtectionType/Origin.cs | 5 +- BurnOutSharp/ProtectionType/ProtectDisc.cs | 5 +- BurnOutSharp/ProtectionType/SafeDisc.cs | 5 +- BurnOutSharp/ProtectionType/SecuROM.cs | 5 +- BurnOutSharp/ProtectionType/SmartE.cs | 5 +- BurnOutSharp/ProtectionType/SolidShield.cs | 5 +- BurnOutSharp/ProtectionType/StarForce.cs | 5 +- BurnOutSharp/ProtectionType/Sysiphus.cs | 5 +- BurnOutSharp/ProtectionType/Tages.cs | 50 ++++++------ BurnOutSharp/ProtectionType/ThreePLock.cs | 7 +- .../ProtectionType/ThreeTwoOneStudios.cs | 7 +- BurnOutSharp/ProtectionType/WTMCDProtect.cs | 5 +- BurnOutSharp/ProtectionType/XCP.cs | 5 +- 36 files changed, 215 insertions(+), 200 deletions(-) diff --git a/BurnOutSharp/IContentCheck.cs b/BurnOutSharp/IContentCheck.cs index 9a1083d0..4f602f27 100644 --- a/BurnOutSharp/IContentCheck.cs +++ b/BurnOutSharp/IContentCheck.cs @@ -4,8 +4,7 @@ using BurnOutSharp.ExecutableType.Microsoft.PE; namespace BurnOutSharp { // TODO: This should either include an override that takes a Stream instead of the byte[] - // OR have a completely separate check for when it's an executable specifically - // TODO: Separate CheckContents into a separate check for each executalbe type; separate interfaces? + // TODO: This should be retired in lieu of the I*ContentCheck interfaces internal interface IContentCheck { /// diff --git a/BurnOutSharp/PackerType/EXEStealth.cs b/BurnOutSharp/PackerType/EXEStealth.cs index c602ed54..b7942697 100644 --- a/BurnOutSharp/PackerType/EXEStealth.cs +++ b/BurnOutSharp/PackerType/EXEStealth.cs @@ -1,4 +1,5 @@ using System.Collections.Generic; +using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; @@ -7,8 +8,33 @@ namespace BurnOutSharp.PackerType // TODO: Figure out how to more granularly determine versions like PiD, // at least for the 2.41 -> 2.75 range // TODO: Detect 3.15 and up (maybe looking for `Metamorphism`) - public class EXEStealth : IPEContentCheck + public class EXEStealth : IContentCheck, IPEContentCheck { + /// + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + { + // TODO: Obtain a sample to find where this string is in a typical executable + if (includeDebug) + { + var contentMatchSets = new List + { + // ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;?? + new ContentMatchSet(new byte?[] + { + 0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B, + 0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F, + 0x3F + }, "EXE Stealth"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + } + + return null; + } + /// public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { @@ -32,25 +58,6 @@ namespace BurnOutSharp.PackerType if (rsrrSection) return "EXE Stealth 2.76"; - // TODO: Obtain a sample to find where this string is in a typical executable - if (includeDebug) - { - var contentMatchSets = new List - { - // ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;?? - new ContentMatchSet(new byte?[] - { - 0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B, - 0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F, - 0x3F - }, "EXE Stealth"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - } - return null; } } diff --git a/BurnOutSharp/PackerType/InnoSetup.cs b/BurnOutSharp/PackerType/InnoSetup.cs index a6f1e9d4..0605e301 100644 --- a/BurnOutSharp/PackerType/InnoSetup.cs +++ b/BurnOutSharp/PackerType/InnoSetup.cs @@ -39,6 +39,7 @@ namespace BurnOutSharp.PackerType /// public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { + // Get the sections from the executable, if possible var sections = pex?.SectionTable; if (sections == null) return null; diff --git a/BurnOutSharp/PackerType/WinZipSFX.cs b/BurnOutSharp/PackerType/WinZipSFX.cs index 6b51dbb1..aa1d7a94 100644 --- a/BurnOutSharp/PackerType/WinZipSFX.cs +++ b/BurnOutSharp/PackerType/WinZipSFX.cs @@ -39,6 +39,7 @@ namespace BurnOutSharp.PackerType /// public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { + // Get the sections from the executable, if possible var sections = pex?.SectionTable; if (sections == null) return null; diff --git a/BurnOutSharp/PackerType/WiseInstaller.cs b/BurnOutSharp/PackerType/WiseInstaller.cs index 1f63a2b3..8ba6316b 100644 --- a/BurnOutSharp/PackerType/WiseInstaller.cs +++ b/BurnOutSharp/PackerType/WiseInstaller.cs @@ -37,6 +37,7 @@ namespace BurnOutSharp.PackerType /// public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { + // Get the sections from the executable, if possible var sections = pex?.SectionTable; if (sections == null) return null; diff --git a/BurnOutSharp/ProtectionType/ActiveMARK.cs b/BurnOutSharp/ProtectionType/ActiveMARK.cs index 46cda77c..761cb6c6 100644 --- a/BurnOutSharp/ProtectionType/ActiveMARK.cs +++ b/BurnOutSharp/ProtectionType/ActiveMARK.cs @@ -6,10 +6,33 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { // TODO: Figure out how to get version numbers - public class ActiveMARK : IContentCheck + public class ActiveMARK : IContentCheck, IPEContentCheck { /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + { + // TODO: Obtain a sample to find where this string is in a typical executable + if (includeDebug) + { + var contentMatchSets = new List + { + // " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00, + 0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00, + 0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00 + }, "ActiveMARK 5"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + } + + return null; + } + + /// + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; @@ -31,23 +54,6 @@ namespace BurnOutSharp.ProtectionType return match; } - // TODO: Obtain a sample to find where this string is in a typical executable - if (includeDebug) - { - var contentMatchSets = new List - { - // " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00, - 0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00, - 0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00 - }, "ActiveMARK 5"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - } - return null; } } diff --git a/BurnOutSharp/ProtectionType/AlphaROM.cs b/BurnOutSharp/ProtectionType/AlphaROM.cs index 0724fdb4..83c2f57f 100644 --- a/BurnOutSharp/ProtectionType/AlphaROM.cs +++ b/BurnOutSharp/ProtectionType/AlphaROM.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; @@ -12,10 +11,10 @@ namespace BurnOutSharp.ProtectionType // - SETTEC0000SETTEC1111 // - SOFTWARE\SETTEC // TODO: Are there version numbers? - public class AlphaROM : IContentCheck + public class AlphaROM : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CDCheck.cs b/BurnOutSharp/ProtectionType/CDCheck.cs index a2a4094b..9ea3eb52 100644 --- a/BurnOutSharp/ProtectionType/CDCheck.cs +++ b/BurnOutSharp/ProtectionType/CDCheck.cs @@ -1,14 +1,13 @@ using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class CDCheck : IContentCheck + public class CDCheck : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CDDVDCops.cs b/BurnOutSharp/ProtectionType/CDDVDCops.cs index 5bb9da0c..ac8c4ba0 100644 --- a/BurnOutSharp/ProtectionType/CDDVDCops.cs +++ b/BurnOutSharp/ProtectionType/CDDVDCops.cs @@ -8,45 +8,11 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class CDDVDCops : IContentCheck, IPathCheck + public class CDDVDCops : IContentCheck, INEContentCheck, IPEContentCheck, IPathCheck { /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { - // Try to read the contents as a PE executable - if (pex != null) - { - var sections = pex?.SectionTable; - if (sections == null) - return null; - - // Get the .grand section, if it exists -- TODO: Confirm is this is in DVD-Cops as well - bool grandSection = pex.ContainsSection(".grand", exact: true); - if (grandSection) - return "CD-Cops"; - } - - // Try to read the contents as an NE executable - if (nex != null) - { - // TODO: Do something with these strings in the NE header(?) - // - CDCOPS - // - CDcops assembly-language DLL - - // TODO: Figure out what NE section this lives in - var neMatchSets = new List - { - // CD-Cops, ver. - new ContentMatchSet(new byte?[] - { - 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, - 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 - }, GetVersion, "CD-Cops"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug); - } - // TODO: Obtain a sample to find where this string is in a typical executable if (includeDebug) { @@ -74,6 +40,48 @@ namespace BurnOutSharp.ProtectionType return null; } + /// + public string CheckNEContents(string file, byte[] fileContent, bool includeDebug, NewExecutable nex) + { + // Get the DOS stub from the executable, if possible + var stub = nex?.DOSStubHeader; + if (stub == null) + return null; + + // TODO: Do something with these strings in the NE header(?) + // - CDCOPS + // - CDcops assembly-language DLL + + // TODO: Figure out what NE section this lives in + var neMatchSets = new List + { + // CD-Cops, ver. + new ContentMatchSet(new byte?[] + { + 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, + 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 + }, GetVersion, "CD-Cops"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug); + } + + /// + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) + { + // Get the sections from the executable, if possible + var sections = pex?.SectionTable; + if (sections == null) + return null; + + // Get the .grand section, if it exists -- TODO: Confirm is this is in DVD-Cops as well + bool grandSection = pex.ContainsSection(".grand", exact: true); + if (grandSection) + return "CD-Cops"; + + return null; + } + /// public ConcurrentQueue CheckDirectoryPath(string path, IEnumerable files) { diff --git a/BurnOutSharp/ProtectionType/CDKey.cs b/BurnOutSharp/ProtectionType/CDKey.cs index 86f302c7..c8a6b9df 100644 --- a/BurnOutSharp/ProtectionType/CDKey.cs +++ b/BurnOutSharp/ProtectionType/CDKey.cs @@ -1,14 +1,13 @@ using System; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class CDKey : IContentCheck + public class CDKey : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CDLock.cs b/BurnOutSharp/ProtectionType/CDLock.cs index 76aa4f20..9bc0e0f4 100644 --- a/BurnOutSharp/ProtectionType/CDLock.cs +++ b/BurnOutSharp/ProtectionType/CDLock.cs @@ -1,15 +1,14 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class CDLock : IContentCheck, IPathCheck + public class CDLock : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs index c67b8644..b70241a4 100644 --- a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs +++ b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs @@ -1,14 +1,13 @@ using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class CDSHiELDSE : IContentCheck + public class CDSHiELDSE : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CactusDataShield.cs b/BurnOutSharp/ProtectionType/CactusDataShield.cs index 81246047..e3d94512 100644 --- a/BurnOutSharp/ProtectionType/CactusDataShield.cs +++ b/BurnOutSharp/ProtectionType/CactusDataShield.cs @@ -10,7 +10,7 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class CactusDataShield : IContentCheck, IPathCheck + public class CactusDataShield : IContentCheck, IPEContentCheck, IPathCheck { /// private List GetContentMatchSets() @@ -28,6 +28,21 @@ namespace BurnOutSharp.ProtectionType /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + { + // TODO: Limit these checks to Mac binaries + // TODO: Obtain a sample to find where this string is in a typical executable + if (includeDebug) + { + var contentMatchSets = GetContentMatchSets(); + if (contentMatchSets != null && contentMatchSets.Any()) + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + } + + return null; + } + + /// + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; @@ -51,15 +66,6 @@ namespace BurnOutSharp.ProtectionType return match; } - // TODO: Limit these checks to Mac binaries - // TODO: Obtain a sample to find where this string is in a typical executable - if (includeDebug) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - } - return null; } diff --git a/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs b/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs index f08ea83f..9717fa2d 100644 --- a/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs +++ b/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs @@ -1,12 +1,11 @@ -using BurnOutSharp.ExecutableType.Microsoft.NE; -using BurnOutSharp.ExecutableType.Microsoft.PE; +using BurnOutSharp.ExecutableType.Microsoft.PE; namespace BurnOutSharp.ProtectionType { - public class CengaProtectDVD : IContentCheck + public class CengaProtectDVD : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/CodeLock.cs b/BurnOutSharp/ProtectionType/CodeLock.cs index 5b66b354..294937f7 100644 --- a/BurnOutSharp/ProtectionType/CodeLock.cs +++ b/BurnOutSharp/ProtectionType/CodeLock.cs @@ -7,21 +7,11 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { // CodeLock / CodeLok / CopyLok - public class CodeLock : IContentCheck + public class CodeLock : IContentCheck, IPEContentCheck { /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { - // Get the sections from the executable, if possible - var sections = pex?.SectionTable; - if (sections == null) - return null; - - // If there are more than 2 icd-prefixed sections, then we have a match - int icdSectionCount = pex.GetSectionNames().Count(s => s.StartsWith("icd")); - if (icdSectionCount >= 2) - return "CodeLock / CodeLok / CopyLok"; - // TODO: Obtain a sample to find where this string is in a typical executable if (includeDebug) { @@ -40,5 +30,21 @@ namespace BurnOutSharp.ProtectionType return null; } + + /// + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) + { + // Get the sections from the executable, if possible + var sections = pex?.SectionTable; + if (sections == null) + return null; + + // If there are more than 2 icd-prefixed sections, then we have a match + int icdSectionCount = pex.GetSectionNames().Count(s => s.StartsWith("icd")); + if (icdSectionCount >= 2) + return "CodeLock / CodeLok / CopyLok"; + + return null; + } } } diff --git a/BurnOutSharp/ProtectionType/ElectronicArts.cs b/BurnOutSharp/ProtectionType/ElectronicArts.cs index bf452d5f..6d259bab 100644 --- a/BurnOutSharp/ProtectionType/ElectronicArts.cs +++ b/BurnOutSharp/ProtectionType/ElectronicArts.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -13,10 +12,10 @@ namespace BurnOutSharp.ProtectionType // - Look into `ccinstall`, `Services/EACOM`, `TSLHost`, `SIGS/UploadThread/exchangeAuthToken`, // `blazeURL`, `psapi.dll`, `DasmX86Dll.dll`, `NVCPL.dll`, `iphlpapi.dll`, `dbghelp.dll`, // `WS2_32.dll`, - public class ElectronicArts : IContentCheck + public class ElectronicArts : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/GFWL.cs b/BurnOutSharp/ProtectionType/GFWL.cs index 4313235f..4737aecf 100644 --- a/BurnOutSharp/ProtectionType/GFWL.cs +++ b/BurnOutSharp/ProtectionType/GFWL.cs @@ -1,17 +1,16 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class GFWL : IContentCheck, IPathCheck + public class GFWL : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/ImpulseReactor.cs b/BurnOutSharp/ProtectionType/ImpulseReactor.cs index d502556a..7bce7478 100644 --- a/BurnOutSharp/ProtectionType/ImpulseReactor.cs +++ b/BurnOutSharp/ProtectionType/ImpulseReactor.cs @@ -1,6 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -9,10 +8,10 @@ namespace BurnOutSharp.ProtectionType { // Note that this set of checks also contains "Stardock Product Activation" // This is intentional, as that protection is highly related to Impulse Reactor - public class ImpulseReactor : IContentCheck, IPathCheck + public class ImpulseReactor : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/Intenium.cs b/BurnOutSharp/ProtectionType/Intenium.cs index 4fb4ec8f..40864bd6 100644 --- a/BurnOutSharp/ProtectionType/Intenium.cs +++ b/BurnOutSharp/ProtectionType/Intenium.cs @@ -1,10 +1,9 @@ -using BurnOutSharp.ExecutableType.Microsoft.NE; -using BurnOutSharp.ExecutableType.Microsoft.PE; +using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class Intenium : IContentCheck + public class Intenium : IPEContentCheck { /* * Possible strings for finding INTENIUM Trial & Buy Protection @@ -23,7 +22,7 @@ namespace BurnOutSharp.ProtectionType */ /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/JoWood.cs b/BurnOutSharp/ProtectionType/JoWood.cs index 47ee250d..b359c720 100644 --- a/BurnOutSharp/ProtectionType/JoWood.cs +++ b/BurnOutSharp/ProtectionType/JoWood.cs @@ -1,7 +1,6 @@ using System; using System.Collections.Generic; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; @@ -10,10 +9,10 @@ namespace BurnOutSharp.ProtectionType // Interesting note: the former protection "Xtreme-Protector" was found to be a // subset of the JoWood X-Prot checks, more specifically the XPROT section check // that now outputs a version of v1.4+. - public class JoWood : IContentCheck + public class JoWood : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/LaserLok.cs b/BurnOutSharp/ProtectionType/LaserLok.cs index 172587d6..e41d878f 100644 --- a/BurnOutSharp/ProtectionType/LaserLok.cs +++ b/BurnOutSharp/ProtectionType/LaserLok.cs @@ -3,17 +3,16 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class LaserLok : IContentCheck, IPathCheck + public class LaserLok : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // TODO: Additional checks that may or may not be useful with the below // diff --git a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs index 1decbd97..78558047 100644 --- a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs +++ b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs @@ -1,16 +1,15 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class MediaMaxCD3 : IContentCheck, IPathCheck + public class MediaMaxCD3 : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/OnlineRegistration.cs b/BurnOutSharp/ProtectionType/OnlineRegistration.cs index 32c7a82a..cd550c23 100644 --- a/BurnOutSharp/ProtectionType/OnlineRegistration.cs +++ b/BurnOutSharp/ProtectionType/OnlineRegistration.cs @@ -1,14 +1,13 @@ using System; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class OnlineRegistration : IContentCheck + public class OnlineRegistration : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/Origin.cs b/BurnOutSharp/ProtectionType/Origin.cs index 6bd212d3..47f7c49d 100644 --- a/BurnOutSharp/ProtectionType/Origin.cs +++ b/BurnOutSharp/ProtectionType/Origin.cs @@ -1,17 +1,16 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class Origin : IContentCheck, IPathCheck + public class Origin : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent,bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/ProtectDisc.cs b/BurnOutSharp/ProtectionType/ProtectDisc.cs index 9ae041da..e8e9759d 100644 --- a/BurnOutSharp/ProtectionType/ProtectDisc.cs +++ b/BurnOutSharp/ProtectionType/ProtectDisc.cs @@ -1,17 +1,16 @@ using System; using System.Collections.Generic; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { // This protection was called VOB ProtectCD / ProtectDVD in versions prior to 6 - public class ProtectDISC : IContentCheck + public class ProtectDISC : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/SafeDisc.cs b/BurnOutSharp/ProtectionType/SafeDisc.cs index 2c178b4d..a6a2dc92 100644 --- a/BurnOutSharp/ProtectionType/SafeDisc.cs +++ b/BurnOutSharp/ProtectionType/SafeDisc.cs @@ -2,7 +2,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -11,7 +10,7 @@ namespace BurnOutSharp.ProtectionType { // TODO: Figure out how to properly distinguish SafeDisc and SafeCast since both use // the same generic BoG_ string. The current combination check doesn't seem consistent - public class SafeDisc : IContentCheck, IPathCheck + public class SafeDisc : IPEContentCheck, IPathCheck { /// /// Set of all PathMatchSets for this protection @@ -48,7 +47,7 @@ namespace BurnOutSharp.ProtectionType }; /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/SecuROM.cs b/BurnOutSharp/ProtectionType/SecuROM.cs index 6154b3b9..f62dc09b 100644 --- a/BurnOutSharp/ProtectionType/SecuROM.cs +++ b/BurnOutSharp/ProtectionType/SecuROM.cs @@ -3,7 +3,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; using System.Text; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -13,10 +12,10 @@ namespace BurnOutSharp.ProtectionType // TODO: Investigate why White Label v8 doesn't get detected - http://redump.org/disc/48997/ // TODO: Does the ".shr" section in the code have anything to do with this? // TODO: Investigate SecuROM for Macintosh - public class SecuROM : IContentCheck, IPathCheck + public class SecuROM : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/SmartE.cs b/BurnOutSharp/ProtectionType/SmartE.cs index e3bb8f5f..f265d4d4 100644 --- a/BurnOutSharp/ProtectionType/SmartE.cs +++ b/BurnOutSharp/ProtectionType/SmartE.cs @@ -1,17 +1,16 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.ExecutableType.Microsoft.PE.Headers; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class SmartE : IContentCheck, IPathCheck + public class SmartE : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/SolidShield.cs b/BurnOutSharp/ProtectionType/SolidShield.cs index d44f1b67..97888d1b 100644 --- a/BurnOutSharp/ProtectionType/SolidShield.cs +++ b/BurnOutSharp/ProtectionType/SolidShield.cs @@ -2,7 +2,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -11,7 +10,7 @@ namespace BurnOutSharp.ProtectionType { // TODO: Not matching all SolidShield Wrapper v1 (See JackKeane) // TODO: Not matching all SolidShield Wrapper v1 (See NFS11) - public class SolidShield : IContentCheck, IPathCheck + public class SolidShield : IPEContentCheck, IPathCheck { /// /// Set of all PathMatchSets for this protection @@ -25,7 +24,7 @@ namespace BurnOutSharp.ProtectionType }; /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/StarForce.cs b/BurnOutSharp/ProtectionType/StarForce.cs index 3b8bf593..dcdea386 100644 --- a/BurnOutSharp/ProtectionType/StarForce.cs +++ b/BurnOutSharp/ProtectionType/StarForce.cs @@ -1,17 +1,16 @@ using System; using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class StarForce : IContentCheck, IPathCheck + public class StarForce : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/Sysiphus.cs b/BurnOutSharp/ProtectionType/Sysiphus.cs index 01218755..fbb369ad 100644 --- a/BurnOutSharp/ProtectionType/Sysiphus.cs +++ b/BurnOutSharp/ProtectionType/Sysiphus.cs @@ -1,16 +1,15 @@ using System; using System.Collections.Generic; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class Sysiphus : IContentCheck + public class Sysiphus : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/Tages.cs b/BurnOutSharp/ProtectionType/Tages.cs index dbcba9cd..2e407590 100644 --- a/BurnOutSharp/ProtectionType/Tages.cs +++ b/BurnOutSharp/ProtectionType/Tages.cs @@ -10,10 +10,37 @@ using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class TAGES : IContentCheck, IPathCheck + public class TAGES : IPEContentCheck, IPathCheck { /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + { + // TODO: Obtain a sample to find where this string is in a typical executable + if (includeDebug) + { + var contentMatchSets = new List + { + // protected-tages-runtime.exe + new ContentMatchSet(new byte?[] + { + 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, + 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, + 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, + 0x65, 0x78, 0x65 + }, Utilities.GetFileVersion, "TAGES [DEBUG]"), + + // This check seems to currently be broken, as files that appear to have this string aren't being detected. + // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 + new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES [DEBUG]"), + }; + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + } + + return null; + } + + /// + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; @@ -42,27 +69,6 @@ namespace BurnOutSharp.ProtectionType else if (!string.IsNullOrWhiteSpace(name) && name.StartsWith("T@GES", StringComparison.OrdinalIgnoreCase)) return $"TAGES Activation Client {GetVersion(pex)}"; - // TODO: Obtain a sample to find where this string is in a typical executable - if (includeDebug) - { - var contentMatchSets = new List - { - // protected-tages-runtime.exe - new ContentMatchSet(new byte?[] - { - 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, - 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, - 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, - 0x65, 0x78, 0x65 - }, Utilities.GetFileVersion, "TAGES [DEBUG]"), - - // This check seems to currently be broken, as files that appear to have this string aren't being detected. - // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 - new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES [DEBUG]"), - }; - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - } - return null; } diff --git a/BurnOutSharp/ProtectionType/ThreePLock.cs b/BurnOutSharp/ProtectionType/ThreePLock.cs index 781039f9..e6b20609 100644 --- a/BurnOutSharp/ProtectionType/ThreePLock.cs +++ b/BurnOutSharp/ProtectionType/ThreePLock.cs @@ -1,12 +1,11 @@ -using BurnOutSharp.ExecutableType.Microsoft.NE; -using BurnOutSharp.ExecutableType.Microsoft.PE; +using BurnOutSharp.ExecutableType.Microsoft.PE; namespace BurnOutSharp.ProtectionType { - public class ThreePLock : IContentCheck + public class ThreePLock : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs index 28c0e9e0..3b05324a 100644 --- a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs +++ b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs @@ -1,13 +1,12 @@ -using BurnOutSharp.ExecutableType.Microsoft.NE; -using BurnOutSharp.ExecutableType.Microsoft.PE; +using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Tools; namespace BurnOutSharp.ProtectionType { - public class ThreeTwoOneStudios : IContentCheck + public class ThreeTwoOneStudios : IPEContentCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/WTMCDProtect.cs b/BurnOutSharp/ProtectionType/WTMCDProtect.cs index 37f6125a..9f8d4f59 100644 --- a/BurnOutSharp/ProtectionType/WTMCDProtect.cs +++ b/BurnOutSharp/ProtectionType/WTMCDProtect.cs @@ -1,15 +1,14 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { - public class WTMCDProtect : IContentCheck, IPathCheck + public class WTMCDProtect : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable; diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs index beeb5ee4..c4feea03 100644 --- a/BurnOutSharp/ProtectionType/XCP.cs +++ b/BurnOutSharp/ProtectionType/XCP.cs @@ -3,7 +3,6 @@ using System.Collections.Concurrent; using System.Collections.Generic; using System.IO; using System.Linq; -using BurnOutSharp.ExecutableType.Microsoft.NE; using BurnOutSharp.ExecutableType.Microsoft.PE; using BurnOutSharp.FileType; using BurnOutSharp.Matching; @@ -11,10 +10,10 @@ using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { // TODO: Figure out how to use path check framework here - public class XCP : IContentCheck, IPathCheck + public class XCP : IPEContentCheck, IPathCheck { /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) + public string CheckPEContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex) { // Get the sections from the executable, if possible var sections = pex?.SectionTable;