mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-04-21 21:54:13 +00:00
Cleanup and bugfixes; additional notes
This commit is contained in:
Matt Nadareski
@@ -74,7 +74,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
rde.Reserved = stream.ReadUInt32();
|
||||
|
||||
int realOffsetToData = (int)PortableExecutable.ConvertVirtualAddress(rde.OffsetToData, sections);
|
||||
if (realOffsetToData > -1 && realOffsetToData < stream.Length)
|
||||
if (realOffsetToData > -1 && realOffsetToData < stream.Length && (int)rde.Size > 0 && realOffsetToData + (int)rde.Size < stream.Length)
|
||||
{
|
||||
long lastPosition = stream.Position;
|
||||
stream.Seek(realOffsetToData, SeekOrigin.Begin);
|
||||
@@ -95,7 +95,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
rde.Reserved = BitConverter.ToUInt32(content, offset); offset += 4;
|
||||
|
||||
int realOffsetToData = (int)PortableExecutable.ConvertVirtualAddress(rde.OffsetToData, sections);
|
||||
if (realOffsetToData > -1 && realOffsetToData < content.Length)
|
||||
if (realOffsetToData > -1 && realOffsetToData < content.Length && (int)rde.Size > 0 && realOffsetToData + (int)rde.Size < content.Length)
|
||||
rde.Data = new ArraySegment<byte>(content, realOffsetToData, (int)rde.Size).ToArray();
|
||||
|
||||
return rde;
|
||||
|
||||
@@ -27,6 +27,9 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
var rds = new ResourceDirectoryString();
|
||||
|
||||
rds.Length = stream.ReadUInt16();
|
||||
if (rds.Length + stream.Position > stream.Length)
|
||||
return null;
|
||||
|
||||
rds.UnicodeString = new string(stream.ReadChars(rds.Length, Encoding.Unicode));
|
||||
|
||||
return rds;
|
||||
@@ -37,6 +40,9 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
var rds = new ResourceDirectoryString();
|
||||
|
||||
rds.Length = BitConverter.ToUInt16(content, offset); offset += 2;
|
||||
if (rds.Length + offset > content.Length)
|
||||
return null;
|
||||
|
||||
rds.UnicodeString = Encoding.Unicode.GetString(content, offset, rds.Length); offset += rds.Length;
|
||||
|
||||
return rds;
|
||||
|
||||
@@ -100,12 +100,12 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Get the section based on name, if possible
|
||||
/// Get the first section based on name, if possible
|
||||
/// </summary>
|
||||
/// <param name="sectionName">Name of the section to check for</param>
|
||||
/// <param name="exact">True to enable exact matching of names, false for starts-with</param>
|
||||
/// <returns>Section data on success, null on error</returns>
|
||||
public SectionHeader GetSection(string sectionName, bool exact = false)
|
||||
public SectionHeader GetFirstSection(string sectionName, bool exact = false)
|
||||
{
|
||||
// If we have no sections, we can't do anything
|
||||
if (SectionTable == null || !SectionTable.Any())
|
||||
@@ -120,6 +120,27 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
return SectionTable.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).Trim('\0').StartsWith(sectionName));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Get the last section based on name, if possible
|
||||
/// </summary>
|
||||
/// <param name="sectionName">Name of the section to check for</param>
|
||||
/// <param name="exact">True to enable exact matching of names, false for starts-with</param>
|
||||
/// <returns>Section data on success, null on error</returns>
|
||||
public SectionHeader GetLastSection(string sectionName, bool exact = false)
|
||||
{
|
||||
// If we have no sections, we can't do anything
|
||||
if (SectionTable == null || !SectionTable.Any())
|
||||
return null;
|
||||
|
||||
// If we're checking exactly, return only exact matches (with nulls trimmed)
|
||||
if (exact)
|
||||
return SectionTable.LastOrDefault(s => Encoding.ASCII.GetString(s.Name).Trim('\0').Equals(sectionName));
|
||||
|
||||
// Otherwise, check if section name starts with the value
|
||||
else
|
||||
return SectionTable.LastOrDefault(s => Encoding.ASCII.GetString(s.Name).Trim('\0').StartsWith(sectionName));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Get the list of section names
|
||||
/// </summary>
|
||||
@@ -210,11 +231,10 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
// }
|
||||
|
||||
// Resource Table
|
||||
var table = pex.GetSection(".rsrc", true);
|
||||
var table = pex.GetLastSection(".rsrc", true);
|
||||
if (table != null && table.VirtualSize > 0)
|
||||
{
|
||||
int tableAddress = (int)ConvertVirtualAddress(table.VirtualAddress, pex.SectionTable);
|
||||
stream.Seek(tableAddress, SeekOrigin.Begin);
|
||||
int tableAddress = (int)table.PointerToRawData;
|
||||
pex.ResourceSection = ResourceSection.Deserialize(stream, pex.SectionTable);
|
||||
}
|
||||
}
|
||||
@@ -276,10 +296,10 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
// }
|
||||
|
||||
// Resource Table
|
||||
var table = pex.GetSection(".rsrc", true);
|
||||
var table = pex.GetLastSection(".rsrc", true);
|
||||
if (table != null && table.VirtualSize > 0)
|
||||
{
|
||||
int tableAddress = (int)ConvertVirtualAddress(table.VirtualAddress, pex.SectionTable);
|
||||
int tableAddress = (int)table.PointerToRawData;
|
||||
pex.ResourceSection = ResourceSection.Deserialize(content, ref tableAddress, pex.SectionTable);
|
||||
}
|
||||
}
|
||||
@@ -307,10 +327,14 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
if (sections[i] == null)
|
||||
continue;
|
||||
|
||||
// If the section "starts" at 0, just skip it
|
||||
if (sections[i].PointerToRawData == 0)
|
||||
continue;
|
||||
|
||||
// Attempt to derive the physical address from the current section
|
||||
var section = sections[i];
|
||||
if (virtualAddress >= section.VirtualAddress && virtualAddress <= section.VirtualAddress + section.VirtualSize)
|
||||
return section.PointerToRawData + virtualAddress - section.VirtualAddress;
|
||||
return section.PointerToRawData + virtualAddress - section.VirtualAddress;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Text;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
using System;
|
||||
using System.IO;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft.Tables;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Sections
|
||||
|
||||
@@ -6,7 +6,6 @@ using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
@@ -104,19 +103,6 @@ namespace BurnOutSharp.FileType
|
||||
if (ShouldAddProtection(contentCheckClass, scanner, protection))
|
||||
Utilities.AppendToDictionary(protections, file, protection);
|
||||
|
||||
// If we didn't find anything in a custom check, use the content match sets
|
||||
if (!foundProtection)
|
||||
{
|
||||
var contentMatchSets = contentCheckClass.GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
{
|
||||
protection = MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, scanner.IncludeDebug);
|
||||
foundProtection |= !string.IsNullOrWhiteSpace(protection);
|
||||
if (ShouldAddProtection(contentCheckClass, scanner, protection))
|
||||
Utilities.AppendToDictionary(protections, file, protection);
|
||||
}
|
||||
}
|
||||
|
||||
// If we have an IScannable implementation
|
||||
if (contentCheckClass is IScannable scannable)
|
||||
{
|
||||
|
||||
@@ -1,7 +1,4 @@
|
||||
using System.Collections.Generic;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp
|
||||
namespace BurnOutSharp
|
||||
{
|
||||
// TODO: This should either include an override that takes a Stream instead of the byte[]
|
||||
// OR have a completely separate check for when it's an executable specifically
|
||||
@@ -9,15 +6,8 @@ namespace BurnOutSharp
|
||||
// and DOS Executable, then add an override for `CheckContents` that takes an executable type
|
||||
// as one of the arguments. This will reduce the amount of times the same file will be parsed
|
||||
// into an in-memory header
|
||||
// TODO: Once all checks are converted over to executable section based, remove the `GetContentMatchSets` from this
|
||||
internal interface IContentCheck
|
||||
{
|
||||
/// <summary>
|
||||
/// Get a list of content match sets that represent a protection
|
||||
/// </summary>
|
||||
/// <returns>List of content match sets, null if not applicable</returns>
|
||||
List<ContentMatchSet> GetContentMatchSets();
|
||||
|
||||
/// <summary>
|
||||
/// Check a path for protections based on file contents
|
||||
/// </summary>
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.PackerType
|
||||
// TODO: Add extraction and verify that all versions are detected
|
||||
public class AdvancedInstaller : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.PackerType
|
||||
public class Armadillo : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
private List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
// {
|
||||
// // TODO: Remove this if the below section check is proven
|
||||
// return new List<ContentMatchSet>
|
||||
@@ -52,6 +52,10 @@ namespace BurnOutSharp.PackerType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -13,8 +14,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
{
|
||||
// %Wo<57>a6.<2E>a6.<2E>a6.<2E>a6.<2E>{6.<2E>.).<2E>f6.<2E><>).<2E>`6.<2E><>0.<2E>`6.<2E>
|
||||
@@ -32,7 +34,14 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.PackerType
|
||||
public class EXEStealth : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -24,6 +25,13 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,9 +14,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -13,9 +13,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
//TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds.
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -11,9 +7,6 @@ namespace BurnOutSharp.PackerType
|
||||
// TODO: Add extraction, seems to primarily use MSZip compression.
|
||||
public class IntelInstallationFramework : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -16,9 +16,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -9,28 +9,16 @@ namespace BurnOutSharp.PackerType
|
||||
{
|
||||
public class NSIS : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
// TODO: Implement resource finding instead of using the built in methods
|
||||
// Assembly information lives in the .rsrc section
|
||||
// I need to find out how to navigate the resources in general
|
||||
// as well as figure out the specific resources for both
|
||||
// file info and MUI (XML) info. Once I figure this out,
|
||||
// that also opens the doors to easier assembly XML checks.
|
||||
|
||||
// TODO: Use this instead of the seek inside of `.rsrc` when that's fixed
|
||||
//string description = Utilities.GetManifestDescription(fileContent);
|
||||
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -11,9 +8,6 @@ namespace BurnOutSharp.PackerType
|
||||
// TODO: Add extraction and better version detection
|
||||
public class PECompact : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,11 +1,7 @@
|
||||
using System;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -15,9 +11,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.PackerType
|
||||
{
|
||||
public class UPX : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -17,9 +17,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -18,9 +18,6 @@ namespace BurnOutSharp.PackerType
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -17,7 +17,7 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Keep this around until it can be confirmed with NE checks as well
|
||||
// TODO: This _may_ actually over-match. See msvbvm50.exe for an example
|
||||
@@ -35,7 +35,13 @@ namespace BurnOutSharp.PackerType
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
{
|
||||
var neMatchSets = GetContentMatchSets();
|
||||
if (neMatchSets != null && neMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
// Get the .data section, if it exists
|
||||
var dataSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".data"));
|
||||
@@ -75,6 +81,10 @@ namespace BurnOutSharp.PackerType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.PackerType
|
||||
public class dotFuscator : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -22,6 +23,13 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class ActiveMARK : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -53,6 +53,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class AlphaROM : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -17,6 +18,13 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -29,7 +30,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
||||
|
||||
@@ -53,6 +53,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CDCops : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -59,6 +59,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
// return "CD-Cops (Unknown Version)";
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,18 +1,11 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class CDKey : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class CDLock : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CDSHiELDSE : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -17,6 +18,13 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CactusDataShield : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Both of these are found in Mac binaries
|
||||
return new List<ContentMatchSet>
|
||||
@@ -58,6 +58,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CengaProtectDVD : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
private List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
// {
|
||||
// // TODO: Remove this if the below section check is proven
|
||||
// return new List<ContentMatchSet>
|
||||
@@ -33,6 +33,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
if (cenegaSection != null)
|
||||
return "Cenega ProtectDVD";
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CodeLock : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -30,13 +30,23 @@ namespace BurnOutSharp.ProtectionType
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
{
|
||||
var neMatchSets = GetContentMatchSets();
|
||||
if (neMatchSets != null && neMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, neMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
// If there are more than 2 icd-prefixed sections, then we have a match
|
||||
int icdSectionCount = sections.Count(s => Encoding.ASCII.GetString(s.Name).StartsWith("icd"));
|
||||
if (icdSectionCount >= 2)
|
||||
return "CodeLock";
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -7,7 +8,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CopyKiller : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -22,7 +23,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class DVDCops : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -24,7 +24,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
|
||||
/// TODO: Does this look for the `.grand` section like CD-Cops?
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public static string GetVersion(string file, byte[] fileContent, List<int> positions)
|
||||
{
|
||||
|
||||
@@ -15,7 +15,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
// - Reference to `EASTL` and `EAStdC` are standard for EA products and does not indicate Cucko by itself
|
||||
// - There's little information outside of PiD detection that actually knows about Cucko
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -75,6 +75,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
@@ -147,6 +148,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,9 +11,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class GFWL : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -12,9 +12,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
// This is intentional, as that protection is highly related to Impulse Reactor
|
||||
public class ImpulseReactor : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -24,9 +24,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
* - NO NESTED PRMS SUPPORTED - 4E 4F 20 4E 45 53 54 45 44 20 50 52 4D 53 20 53 55 50 50 4F 52 54 45 44
|
||||
*/
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
@@ -36,6 +33,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
|
||||
@@ -12,9 +12,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
// that now outputs a version of v1.4+.
|
||||
public class JoWood : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class KeyLock : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -21,6 +22,13 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,9 +13,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class LaserLok : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class MediaMaxCD3 : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
@@ -44,6 +41,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
|
||||
@@ -1,18 +1,11 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class OnlineRegistration : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -7,7 +8,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class Origin : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -24,7 +25,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class PSXAntiModchip : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Detect Red Hand protection
|
||||
return new List<ContentMatchSet>
|
||||
|
||||
@@ -10,9 +10,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
// This protection was called VOB ProtectCD / ProtectDVD in versions prior to 6
|
||||
public class ProtectDISC : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -6,7 +7,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class RingPROTECH : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -21,6 +22,13 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,17 +1,10 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
// TODO: Figure out how versions/version ranges work for this protection
|
||||
public class SVKProtector : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -10,7 +11,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class SafeCast : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -38,7 +39,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
||||
|
||||
@@ -39,9 +39,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
new PathMatchSet(".SafeDiscDVD.bundle", "SafeDisc for Macintosh"),
|
||||
};
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -7,7 +8,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class SafeLock : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -18,7 +19,14 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false) => null;
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
||||
|
||||
@@ -13,9 +13,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
// TODO: Does the ".shr" section in the code have anything to do with this?
|
||||
public class SecuROM : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -11,9 +11,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class SmartE : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -25,7 +25,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
};
|
||||
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -92,6 +92,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
@@ -142,6 +143,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using System;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
@@ -11,9 +10,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class StarForce : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
@@ -32,6 +28,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
if (!string.IsNullOrWhiteSpace(name) && name.Contains("Protected Module"))
|
||||
return $"StarForce 5";
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class Sysiphus : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class TAGES : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -65,6 +65,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,28 +1,11 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class ThreePLock : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
// {
|
||||
// return new List<ContentMatchSet>
|
||||
// {
|
||||
// //This produced false positives in some DirectX 9.0c installer files
|
||||
// //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
|
||||
// new ContentMatchSet(new byte?[]
|
||||
// {
|
||||
// 0x59, 0xC3, 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x30,
|
||||
// 0x53, 0x56, 0x57
|
||||
// }, "3PLock"),
|
||||
// };
|
||||
// }
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
@@ -32,6 +15,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
//This produced false positives in some DirectX 9.0c installer files
|
||||
//"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
|
||||
|
||||
// Get the .ldr and .ldt sections, if they exist -- TODO: Confirm if both are needed or either/or is fine
|
||||
var cmsdSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldr"));
|
||||
var cmstSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldt"));
|
||||
|
||||
@@ -1,18 +1,13 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class ThreeTwoOneStudios : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
@@ -21,7 +16,8 @@ namespace BurnOutSharp.ProtectionType
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
|
||||
// TODO: Find this inside of the .rsrc section using the executable header
|
||||
// Get the .rsrc section, if it exists
|
||||
var rsrcSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".rsrc"));
|
||||
if (rsrcSection != null)
|
||||
|
||||
@@ -9,9 +9,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class WTMCDProtect : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
{
|
||||
|
||||
@@ -14,7 +14,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class XCP : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public List<ContentMatchSet> GetContentMatchSets()
|
||||
private List<ContentMatchSet> GetContentMatchSets()
|
||||
{
|
||||
// TODO: Obtain a sample to find where this string is in a typical executable
|
||||
return new List<ContentMatchSet>
|
||||
@@ -73,6 +73,10 @@ namespace BurnOutSharp.ProtectionType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -181,7 +181,7 @@ namespace BurnOutSharp.Tools
|
||||
|
||||
#endregion
|
||||
|
||||
#region Protection
|
||||
#region Executable Information
|
||||
|
||||
/// <summary>
|
||||
/// Get the company name as reported by the filesystem
|
||||
@@ -373,7 +373,7 @@ namespace BurnOutSharp.Tools
|
||||
/// <param name="dataStart">String to use if checking for data starting with a string</param>
|
||||
/// <param name="dataContains">String to use if checking for data contains a string</param>
|
||||
/// <returns>Full encoded resource data, null on error</returns>
|
||||
private static ResourceDataEntry FindResourceInSection(ResourceSection rs, string dataStart = null, string dataContains = null)
|
||||
public static ResourceDataEntry FindResourceInSection(ResourceSection rs, string dataStart = null, string dataContains = null)
|
||||
{
|
||||
if (rs == null)
|
||||
return null;
|
||||
@@ -435,7 +435,7 @@ namespace BurnOutSharp.Tools
|
||||
/// </summary>
|
||||
/// <param name="rs">ResourceSection from the executable</param>
|
||||
/// <returns>Full assembly manifest, null on error</returns>
|
||||
private static string FindAssemblyManifest(ResourceSection rs) => FindResourceInSection(rs, dataStart: "<assembly").DataAsUTF8String;
|
||||
private static string FindAssemblyManifest(ResourceSection rs) => FindResourceInSection(rs, dataStart: "<assembly")?.DataAsUTF8String;
|
||||
|
||||
/// <summary>
|
||||
/// Get the assembly identity node from an embedded manifest
|
||||
|
||||
Reference in New Issue
Block a user