mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-07-09 02:16:46 +00:00
Clean up after last few commits
This commit is contained in:
@@ -94,41 +94,49 @@ namespace BinaryObjectScanner.FileType
|
||||
if (wrapper is MSDOS mz)
|
||||
{
|
||||
// Standard checks
|
||||
var subProtections = RunExecutableChecks(file, mz, StaticChecks.MSDOSExecutableCheckClasses, includeDebug);
|
||||
var subProtections
|
||||
= RunExecutableChecks(file, mz, StaticChecks.MSDOSExecutableCheckClasses, includeDebug);
|
||||
protections.Append(file, subProtections.Values);
|
||||
|
||||
// Extractable checks
|
||||
var extractedProtections = HandleExtractableProtections(file, mz, subProtections.Keys, getProtections, includeDebug);
|
||||
var extractedProtections
|
||||
= HandleExtractableProtections(file, mz, subProtections.Keys, getProtections, includeDebug);
|
||||
protections.Append(extractedProtections);
|
||||
}
|
||||
else if (wrapper is LinearExecutable lex)
|
||||
{
|
||||
// Standard checks
|
||||
var subProtections = RunExecutableChecks(file, lex, StaticChecks.LinearExecutableCheckClasses, includeDebug);
|
||||
var subProtections
|
||||
= RunExecutableChecks(file, lex, StaticChecks.LinearExecutableCheckClasses, includeDebug);
|
||||
protections.Append(file, subProtections.Values);
|
||||
|
||||
// Extractable checks
|
||||
var extractedProtections = HandleExtractableProtections(file, lex, subProtections.Keys, getProtections, includeDebug);
|
||||
var extractedProtections
|
||||
= HandleExtractableProtections(file, lex, subProtections.Keys, getProtections, includeDebug);
|
||||
protections.Append(extractedProtections);
|
||||
}
|
||||
else if (wrapper is NewExecutable nex)
|
||||
{
|
||||
// Standard checks
|
||||
var subProtections = RunExecutableChecks(file, nex, StaticChecks.NewExecutableCheckClasses, includeDebug);
|
||||
var subProtections
|
||||
= RunExecutableChecks(file, nex, StaticChecks.NewExecutableCheckClasses, includeDebug);
|
||||
protections.Append(file, subProtections.Values);
|
||||
|
||||
// Extractable checks
|
||||
var extractedProtections = HandleExtractableProtections(file, nex, subProtections.Keys, getProtections, includeDebug);
|
||||
var extractedProtections
|
||||
= HandleExtractableProtections(file, nex, subProtections.Keys, getProtections, includeDebug);
|
||||
protections.Append(extractedProtections);
|
||||
}
|
||||
else if (wrapper is PortableExecutable pex)
|
||||
{
|
||||
// Standard checks
|
||||
var subProtections = RunExecutableChecks(file, pex, StaticChecks.PortableExecutableCheckClasses, includeDebug);
|
||||
var subProtections
|
||||
= RunExecutableChecks(file, pex, StaticChecks.PortableExecutableCheckClasses, includeDebug);
|
||||
protections.Append(file, subProtections.Values);
|
||||
|
||||
// Extractable checks
|
||||
var extractedProtections = HandleExtractableProtections(file, pex, subProtections.Keys, getProtections, includeDebug);
|
||||
var extractedProtections
|
||||
= HandleExtractableProtections(file, pex, subProtections.Keys, getProtections, includeDebug);
|
||||
protections.Append(extractedProtections);
|
||||
}
|
||||
|
||||
|
||||
@@ -22,8 +22,9 @@ namespace BinaryObjectScanner.Packer
|
||||
return null;
|
||||
|
||||
// Get the resources that have a PKZIP signature
|
||||
if (pex.ResourceData?.Any(kvp => kvp.Value is byte[] ba
|
||||
&& ba.StartsWith(SabreTools.Models.PKZIP.Constants.LocalFileHeaderSignatureBytes)) == true)
|
||||
if (pex.ResourceData != null
|
||||
&& pex.ResourceData.Values.Any(v => v is byte[] ba
|
||||
&& ba.StartsWith(SabreTools.Models.PKZIP.Constants.LocalFileHeaderSignatureBytes)))
|
||||
{
|
||||
return "Embedded Archive";
|
||||
}
|
||||
|
||||
@@ -22,8 +22,9 @@ namespace BinaryObjectScanner.Packer
|
||||
return null;
|
||||
|
||||
// Get the resources that have an executable signature
|
||||
if (pex.ResourceData?.Any(kvp => kvp.Value is byte[] ba
|
||||
&& ba.StartsWith(SabreTools.Models.MSDOS.Constants.SignatureBytes)) == true)
|
||||
if (pex.ResourceData != null
|
||||
&& pex.ResourceData.Values.Any(v => v is byte[] ba
|
||||
&& ba.StartsWith(SabreTools.Models.MSDOS.Constants.SignatureBytes)))
|
||||
{
|
||||
return "Embedded Executable";
|
||||
}
|
||||
|
||||
@@ -120,6 +120,10 @@ namespace BinaryObjectScanner.Protection
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
return match;
|
||||
|
||||
// Get the resident and non-resident name table strings
|
||||
var nrntStrs = Array.ConvertAll(nex.Model.NonResidentNameTable ?? [],
|
||||
nrnte => nrnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(nrnte.NameString));
|
||||
|
||||
// Check the imported-name table
|
||||
// Found in "h3blade.exe" in Redump entry 85077.
|
||||
bool intMatch = nex.Model.ImportedNameTable?.Values?
|
||||
@@ -130,10 +134,7 @@ namespace BinaryObjectScanner.Protection
|
||||
|
||||
// Check the nonresident-name table
|
||||
// Found in "CDCOPS.DLL" in Redump entry 85077.
|
||||
bool nrntMatch = nex.Model.NonResidentNameTable?
|
||||
.Select(nrnte => nrnte?.NameString == null ? string.Empty : Encoding.ASCII.GetString(nrnte.NameString))
|
||||
.Any(s => s.Contains("CDcops assembly-language DLL")) ?? false;
|
||||
if (nrntMatch)
|
||||
if (Array.Exists(nrntStrs, s => s.Contains("CDcops assembly-language DLL")))
|
||||
return "CD-Cops";
|
||||
|
||||
return null;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using BinaryObjectScanner.Interfaces;
|
||||
using SabreTools.IO.Extensions;
|
||||
using SabreTools.Matching;
|
||||
@@ -133,12 +132,12 @@ namespace BinaryObjectScanner.Protection
|
||||
using var stream = File.OpenRead(lightFiles[0]);
|
||||
byte[] block = stream.ReadBytes(1024);
|
||||
|
||||
// Samples: Redump ID 81628
|
||||
if (Array.TrueForAll(block, b => b == 0))
|
||||
protections.Add("copy-X");
|
||||
|
||||
var matchers = new List<ContentMatchSet>
|
||||
{
|
||||
// Checks if the file contains 0x00
|
||||
// Samples: Redump ID 81628
|
||||
new(Enumerable.Repeat<byte?>(0x00, 1024).ToArray(), "copy-X"),
|
||||
|
||||
// Checks for whatever this data is.
|
||||
// Samples: Redump ID 84759, Redump ID 107929. Professional discs also have this data, hence the exclusion check.
|
||||
new(
|
||||
|
||||
@@ -64,13 +64,9 @@ namespace BinaryObjectScanner.Protection
|
||||
];
|
||||
int endDosStub = (int)(pex.Model.Stub?.Header?.NewExeHeaderAddr ?? 0);
|
||||
int position = -1;
|
||||
#if NET20
|
||||
bool containsCheck = Extensions.FirstPosition(pex.StubExecutableData ?? [], check, out position);
|
||||
#else
|
||||
bool containsCheck = pex.StubExecutableData?.FirstPosition(check, out position) ?? false;
|
||||
#endif
|
||||
|
||||
// Check the executable tables
|
||||
bool containsCheck = pex.StubExecutableData?.FirstPosition(check, out position) ?? false;
|
||||
bool containsCheck2 = Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetModuleHandleA")
|
||||
&& Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "GetProcAddress")
|
||||
&& Array.Exists(pex.Model.ImportTable?.HintNameTable ?? [], hnte => hnte?.Name == "LoadLibraryA")
|
||||
@@ -94,11 +90,7 @@ namespace BinaryObjectScanner.Protection
|
||||
0x45, 0x4C, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
|
||||
0x00, 0xEB, 0x79, 0x01, null, null, null, null,
|
||||
];
|
||||
#if NET20
|
||||
containsCheck2 = Extensions.FirstPosition(pex.GetFirstSectionData(".text") ?? [], check2, out position2);
|
||||
#else
|
||||
containsCheck2 = pex.GetFirstSectionData(".text")?.FirstPosition(check2, out position2) ?? false;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -169,11 +161,7 @@ namespace BinaryObjectScanner.Protection
|
||||
0x55, 0x6E, 0x6B, 0x6F, 0x77, 0x6E, 0x00, 0x55,
|
||||
0x6E, 0x6B, 0x6F, 0x77, 0x6E
|
||||
];
|
||||
#if NET20
|
||||
if (!Extensions.FirstPosition(sectionContent, check, out int position))
|
||||
#else
|
||||
if (!sectionContent.FirstPosition(check, out int position))
|
||||
#endif
|
||||
return "(Build unknown)";
|
||||
|
||||
string year, month, day;
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BinaryObjectScanner.Interfaces;
|
||||
using SabreTools.Matching;
|
||||
@@ -160,17 +159,11 @@ namespace BinaryObjectScanner.Protection
|
||||
if (fileContent == null)
|
||||
return null;
|
||||
|
||||
string version, strBuild = string.Empty;
|
||||
string version;
|
||||
int index = positions[0] - 12;
|
||||
|
||||
// Version 6-7 with Build Number in plain text
|
||||
#if NET20 || NET35 || NET40
|
||||
byte[] temp = new byte[4];
|
||||
Array.Copy(fileContent, index, temp, 0, 4);
|
||||
if (temp.SequenceEqual(new byte[] { 0x0A, 0x0D, 0x0A, 0x0D }))
|
||||
#else
|
||||
if (new ArraySegment<byte>(fileContent, index, 4).SequenceEqual(new byte[] { 0x0A, 0x0D, 0x0A, 0x0D }))
|
||||
#endif
|
||||
if (fileContent[index] == 0x0A && fileContent[index + 1] == 0x0D && fileContent[index + 2] == 0x0A && fileContent[index + 3] == 0x0D)
|
||||
{
|
||||
index = positions[0] - 12 - 6;
|
||||
|
||||
@@ -198,7 +191,7 @@ namespace BinaryObjectScanner.Protection
|
||||
index -= 5;
|
||||
}
|
||||
|
||||
strBuild = Encoding.ASCII.GetString(fileContent, index, 6).Trim();
|
||||
string strBuild = Encoding.ASCII.GetString(fileContent, index, 6).Trim();
|
||||
if (!int.TryParse(strBuild, out int intBuild))
|
||||
strBuild = $"[Build {strBuild}]";
|
||||
else
|
||||
|
||||
@@ -162,15 +162,16 @@ namespace BinaryObjectScanner.Protection
|
||||
var id2 = new ArraySegment<byte>(fileContent, position + 16, 4);
|
||||
#endif
|
||||
|
||||
if (id1.SequenceEqual(new byte[] { 0x00, 0x00, 0x00 }) && id2.SequenceEqual(new byte[] { 0x00, 0x10, 0x00, 0x00 }))
|
||||
if (id1.SequenceEqual(new byte[] { 0x00, 0x00, 0x00 })
|
||||
&& id2.SequenceEqual(new byte[] { 0x00, 0x10, 0x00, 0x00 }))
|
||||
{
|
||||
return "v1";
|
||||
else if (id1.SequenceEqual(new byte[] { 0x2E, 0x6F, 0x26 }) && id2.SequenceEqual(new byte[] { 0xDB, 0xC5, 0x20, 0x3A })) // new byte[] { 0xDB, 0xC5, 0x20, 0x3A, 0xB9 }
|
||||
return "v2"; // TODO: Verify against other SolidShield 2 discs
|
||||
|
||||
if (id1.SequenceEqual(new byte[] { 0x00, 0x00, 0x00 }) && id2.SequenceEqual(new byte[] { 0x00, 0x10, 0x00, 0x00 }))
|
||||
return "v1";
|
||||
else if (id1.SequenceEqual(new byte[] { 0x2E, 0x6F, 0x26 }) && id2.SequenceEqual(new byte[] { 0xDB, 0xC5, 0x20, 0x3A })) // new byte[] { 0xDB, 0xC5, 0x20, 0x3A, 0xB9 }
|
||||
}
|
||||
else if (id1.SequenceEqual(new byte[] { 0x2E, 0x6F, 0x26 })
|
||||
&& id2.SequenceEqual(new byte[] { 0xDB, 0xC5, 0x20, 0x3A })) // [0xDB, 0xC5, 0x20, 0x3A, 0xB9]
|
||||
{
|
||||
return "v2"; // TODO: Verify against other SolidShield 2 discs
|
||||
}
|
||||
|
||||
return string.Empty;
|
||||
}
|
||||
@@ -209,11 +210,7 @@ namespace BinaryObjectScanner.Protection
|
||||
0x6C, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F,
|
||||
0x6E, 0x00, 0x00, 0x00, 0x00
|
||||
];
|
||||
#if NET20
|
||||
if (Extensions.FirstPosition(fileContent, check2, out int position2))
|
||||
#else
|
||||
if (fileContent.FirstPosition(check2, out int position2))
|
||||
#endif
|
||||
{
|
||||
position2--; // TODO: Verify this subtract
|
||||
return $"2 + Tagès {fileContent[position2 + 0x38]}.{fileContent[position2 + 0x38 + 4]}.{fileContent[position2 + 0x38 + 8]}.{fileContent[position + 0x38 + 12]}";
|
||||
|
||||
Reference in New Issue
Block a user