Add CExe detection (#30)

* Add CExe detection

* Optimize check
This commit is contained in:
SilasLaspada
2021-03-21 22:39:01 -06:00
committed by GitHub
parent fad7d87282
commit 557114d92d
2 changed files with 45 additions and 0 deletions

View File

@@ -0,0 +1,44 @@
using System.Collections.Generic;
using System.IO;
namespace BurnOutSharp.PackerType
{
// The official website for CExe also includes the source code (which does have to be retrieved by the Wayback Machine). http://www.scottlu.com/Content/CExe.html
public class CExe : IContentCheck, IScannable
{
/// <inheritdoc/>
public bool ShouldScan(byte[] magic) => true;
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includePosition = false)
{
// "%WoÁa6.a6.a6.a6.{6..).f6.’‰).`6.Ù0.`6."
byte?[] check = new byte?[] { 0x25, 0x57, 0x6F, 0xC1, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x00, 0x92, 0x7B, 0x36, 0x01, 0x92, 0x03, 0x29, 0x12, 0x92, 0x66, 0x36, 0x01, 0x92, 0x89, 0x29, 0x0A, 0x92, 0x60, 0x36, 0x01, 0x92, 0xD9, 0x30, 0x07, 0x92, 0x60, 0x36, 0x01, 0x92 };
if (fileContent.FirstPosition(check, out int position, end: 200))
{
return "CExe";
}
return null;
}
/// <inheritdoc/>
public Dictionary<string, List<string>> Scan(Scanner scanner, string file)
{
if (!File.Exists(file))
return null;
using (var fs = File.OpenRead(file))
{
return Scan(scanner, fs, file);
}
}
/// <inheritdoc/>
// TODO: Add extraction if viable
public Dictionary<string, List<string>> Scan(Scanner scanner, Stream stream, string file)
{
return null;
}
}
}

View File

@@ -89,6 +89,7 @@ Below is a list of the protections that can be detected using this code:
Below is a list of the executable packers that can be detected using this code:
- Armadillo
- CExe
- dotFuscator
- EXE Stealth
- Inno Setup