Use typed interface for extractable executables

This commit is contained in:
Matt Nadareski
2024-11-04 22:02:10 -05:00
parent 7d6248a3bf
commit 550fb70952
32 changed files with 40 additions and 100 deletions

View File

@@ -1,20 +1,20 @@
using SabreTools.Serialization.Wrappers;
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Interfaces
{
/// <summary>
/// Mark a LinearExecutable type as being able to be extracted
/// </summary>
public interface IExtractableLinearExecutable
public interface IExtractableExecutable<T> where T : WrapperBase
{
/// <summary>
/// Extract a LinearExecutable to a temporary path, if possible
/// Extract an Executable to a path, if possible
/// </summary>
/// <param name="file">Path to the input file</param>
/// <param name="lex">LinearExecutable representing the read-in file</param>
/// <param name="exe">Executable representing the read-in file</param>
/// <param name="outDir">Path to the output directory</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
/// <returns>Path to extracted files, null on error</returns>
bool Extract(string file, LinearExecutable lex, string outDir, bool includeDebug);
bool Extract(string file, T exe, string outDir, bool includeDebug);
}
}

View File

@@ -1,20 +0,0 @@
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Interfaces
{
/// <summary>
/// Mark a MSDOS type as being able to be extracted
/// </summary>
public interface IExtractableMSDOSExecutable
{
/// <summary>
/// Extract a MSDOS to a temporary path, if possible
/// </summary>
/// <param name="file">Path to the input file</param>
/// <param name="mz">MSDOS representing the read-in file</param>
/// <param name="outDir">Path to the output directory</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
/// <returns>Path to extracted files, null on error</returns>
bool Extract(string file, MSDOS mz, string outDir, bool includeDebug);
}
}

View File

@@ -1,20 +0,0 @@
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Interfaces
{
/// <summary>
/// Mark a NewExecutable type as being able to be extracted
/// </summary>
public interface IExtractableNewExecutable
{
/// <summary>
/// Extract a NewExecutable to a temporary path, if possible
/// </summary>
/// <param name="file">Path to the input file</param>
/// <param name="nex">NewExecutable representing the read-in file</param>
/// <param name="outDir">Path to the output directory</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
/// <returns>Path to extracted files, null on error</returns>
bool Extract(string file, NewExecutable nex, string outDir, bool includeDebug);
}
}

View File

@@ -1,20 +0,0 @@
using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Interfaces
{
/// <summary>
/// Mark a PortableExecutable type as being able to be extracted
/// </summary>
public interface IExtractablePortableExecutable
{
/// <summary>
/// Extract a PortableExecutable to a temporary path, if possible
/// </summary>
/// <param name="file">Path to the input file</param>
/// <param name="pex">PortableExecutable representing the read-in file</param>
/// <param name="outDir">Path to the output directory</param>
/// <param name="includeDebug">True to include debug data, false otherwise</param>
/// <returns>Path to extracted files, null on error</returns>
bool Extract(string file, PortableExecutable pex, string outDir, bool includeDebug);
}
}

View File

@@ -8,7 +8,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
public class ASPack : IExtractablePortableExecutable, IPortableExecutableCheck
public class ASPack : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
// TODO: Verify that all versions are detected
public class AdvancedInstaller : IExtractablePortableExecutable, IPortableExecutableCheck
public class AdvancedInstaller : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
// Created by IndigoRose (creators of Setup Factory), primarily to be used to create autorun menus for various media.
// Official website: https://www.autoplay.org/
// TODO: Add extraction
public class AutoPlayMediaStudio : IExtractablePortableExecutable, IPortableExecutableCheck
public class AutoPlayMediaStudio : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
// The official website for CExe also includes the source code (which does have to be retrieved by the Wayback Machine)
// http://www.scottlu.com/Content/CExe.html
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class CExe : IExtractablePortableExecutable, IPortableExecutableCheck
public class CExe : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
public class DotFuscator : IExtractablePortableExecutable, IPortableExecutableCheck
public class DotFuscator : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -15,7 +15,7 @@ namespace BinaryObjectScanner.Packer
///
/// Resource that could be useful for extraction: https://github.com/SychicBoy/NETReactorSlayer
/// </summary>
public class DotNetReactor : IExtractablePortableExecutable, IPortableExecutableCheck
public class DotNetReactor : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
// TODO: Detect 3.15 and up (maybe looking for `Metamorphism`)
// TODO: Add extraction
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class EXEStealth : IContentCheck, IExtractablePortableExecutable, IPortableExecutableCheck
public class EXEStealth : IContentCheck, IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckContents(string file, byte[] fileContent, bool includeDebug)

View File

@@ -11,7 +11,7 @@ namespace BinaryObjectScanner.Packer
/// Though not technically a packer, this detection is for any executables that include
/// others in their resources in some uncompressed manner to be used at runtime.
/// </summary>
public class EmbeddedExecutable : IExtractablePortableExecutable, IPortableExecutableCheck
public class EmbeddedExecutable : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class GenteeInstaller : IExtractablePortableExecutable, IPortableExecutableCheck
public class GenteeInstaller : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
// https://www.reddit.com/r/riseofincarnates/comments/m3vbnm/subreddit_revival_does_anyone_still_have_rise_of/
// https://steamcommunity.com/app/310950/discussions/0/4224890554455490819/
// https://github.com/horsicq/Detect-It-Easy/blob/63a1aa8bb23ca02d8a7fd5936db8dbc5c5d52dea/db/PE/HyperTech%20Crackproof.2.sg
public class HyperTechCrackProof : IExtractablePortableExecutable, IPortableExecutableCheck
public class HyperTechCrackProof : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction - https://github.com/dscharrer/InnoExtract
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class InnoSetup : IExtractablePortableExecutable, INewExecutableCheck, IPortableExecutableCheck
public class InnoSetup : IExtractableExecutable<PortableExecutable>, INewExecutableCheck, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)

View File

@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction, which may be possible with the current libraries but needs to be investigated further.
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class InstallAnywhere : IExtractablePortableExecutable, IPortableExecutableCheck
public class InstallAnywhere : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction - https://github.com/Bioruebe/UniExtract2
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class InstallerVISE : IExtractablePortableExecutable, IPortableExecutableCheck
public class InstallerVISE : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
//TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds.
/// <inheritdoc/>

View File

@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction, seems to primarily use MSZip compression.
public class IntelInstallationFramework : IExtractablePortableExecutable, IPortableExecutableCheck
public class IntelInstallationFramework : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction, which should be possible with LibMSPackN, but it refuses to extract due to SFX files lacking the typical CAB identifiers.
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class MicrosoftCABSFX : IExtractablePortableExecutable, IPortableExecutableCheck
public class MicrosoftCABSFX : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
public class NSIS : IExtractablePortableExecutable, IPortableExecutableCheck
public class NSIS : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
/// PEiD scanning definitions that include NeoLite: https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
/// Website listing various packers, including NeoLite: http://protools.narod.ru/packers.htm
/// </summary>
public class NeoLite : IExtractablePortableExecutable, IPortableExecutableCheck
public class NeoLite : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
// TODO: Find samples of NeoLite 1.X.
/// <inheritdoc/>

View File

@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Better version detection - https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
// TODO: Add extraction
public class PECompact : IExtractablePortableExecutable, IPortableExecutableCheck
public class PECompact : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class PEtite : IExtractablePortableExecutable, IPortableExecutableCheck
public class PEtite : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
// TODO: Add extraction, which is possible but the only tools available that can
// do this seem to be Universal Extractor 2 and InstallExplorer (https://totalcmd.net/plugring/InstallExplorer.html)
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class SetupFactory : IExtractablePortableExecutable, IPortableExecutableCheck
public class SetupFactory : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -4,7 +4,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
public class SevenZipSFX : IExtractablePortableExecutable, IPortableExecutableCheck
public class SevenZipSFX : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class Shrinker : IExtractablePortableExecutable, IPortableExecutableCheck
public class Shrinker : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
{
// TODO: Add extraction
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class UPX : IExtractablePortableExecutable, IPortableExecutableCheck
public class UPX : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
private static readonly Regex _oldUpxVersionMatch = new Regex(@"\$Id: UPX (.*?) Copyright \(C\)", RegexOptions.Compiled);

View File

@@ -4,7 +4,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
public class WinRARSFX : IExtractablePortableExecutable, IPortableExecutableCheck
public class WinRARSFX : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
namespace BinaryObjectScanner.Packer
{
public class WinZipSFX : IExtractableNewExecutable, IExtractablePortableExecutable, INewExecutableCheck, IPortableExecutableCheck
public class WinZipSFX : IExtractableExecutable<NewExecutable>, IExtractableExecutable<PortableExecutable>, INewExecutableCheck, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)

View File

@@ -13,7 +13,7 @@ using WiseUnpacker.EWISE;
namespace BinaryObjectScanner.Packer
{
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class WiseInstaller : IExtractableNewExecutable, IExtractablePortableExecutable, INewExecutableCheck, IPortableExecutableCheck
public class WiseInstaller : IExtractableExecutable<NewExecutable>, IExtractableExecutable<PortableExecutable>, INewExecutableCheck, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)

View File

@@ -18,7 +18,7 @@ namespace BinaryObjectScanner.Protection
// TODO: Add version checking, if possible
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
public class Armadillo : IExtractablePortableExecutable, IPortableExecutableCheck
public class Armadillo : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
{
/// <inheritdoc/>
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)

View File

@@ -481,8 +481,8 @@ namespace BinaryObjectScanner
// If we have any extractable packers
var extractables = classes
.Where(c => c is IExtractableMSDOSExecutable)
.Select(c => c as IExtractableMSDOSExecutable);
.Where(c => c is IExtractableExecutable<MSDOS>)
.Select(c => c as IExtractableExecutable<MSDOS>);
extractables.IterateWithAction(extractable =>
{
// If we have an invalid extractable somehow
@@ -547,8 +547,8 @@ namespace BinaryObjectScanner
// If we have any extractable packers
var extractables = classes
.Where(c => c is IExtractableLinearExecutable)
.Select(c => c as IExtractableLinearExecutable);
.Where(c => c is IExtractableExecutable<LinearExecutable>)
.Select(c => c as IExtractableExecutable<LinearExecutable>);
extractables.IterateWithAction(extractable =>
{
// If we have an invalid extractable somehow
@@ -613,8 +613,8 @@ namespace BinaryObjectScanner
// If we have any extractable packers
var extractables = classes
.Where(c => c is IExtractableNewExecutable)
.Select(c => c as IExtractableNewExecutable);
.Where(c => c is IExtractableExecutable<NewExecutable>)
.Select(c => c as IExtractableExecutable<NewExecutable>);
extractables.IterateWithAction(extractable =>
{
// If we have an invalid extractable somehow
@@ -679,8 +679,8 @@ namespace BinaryObjectScanner
// If we have any extractable packers
var extractables = classes
.Where(c => c is IExtractablePortableExecutable)
.Select(c => c as IExtractablePortableExecutable);
.Where(c => c is IExtractableExecutable<PortableExecutable>)
.Select(c => c as IExtractableExecutable<PortableExecutable>);
extractables.IterateWithAction(extractable =>
{
// If we have an invalid extractable somehow