SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-04-23 06:34:03 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Partially convert SecuROM to string finding

Browse Source
This commit is contained in:
Matt Nadareski
2022-12-09 21:22:55 -08:00
parent 886284b42f
commit 847fa7d2ad
1 changed files with 8 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
BurnOutSharp/ProtectionType/SecuROM.cs
View File

@@ -1,6 +1,7 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
@@ -88,24 +89,14 @@ namespace BurnOutSharp.ProtectionType
}
}
// Get the .rdata section, if it exists
if (pex.ContainsSection(".rdata"))
// Get the .rdata section strings, if they exist
List<string> strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
var matchers = new List<ContentMatchSet>
{
// The following 2 checks are unique:
// Both have the identifier found within `.rdata` but the version is within `.data`
// So, we use the placeholder "WHITELABEL" to see if we got a match
// /secuexp
new ContentMatchSet(new byte?[] { 0x2F, 0x73, 0x65, 0x63, 0x75, 0x65, 0x78, 0x70 }, "WHITELABEL"),
// SecuExp.exe
new ContentMatchSet(new byte?[] { 0x53, 0x65, 0x63, 0x75, 0x45, 0x78, 0x70 }, "WHITELABEL"),
};
string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
// Both have the identifier found within `.rdata` but the version is within `.data`
if (strs.Any(s => s.Contains("/secuexp")))
return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)";
else if (strs.Any(s => s.Contains("SecuExp.exe")))
return $"SecuROM {GetV8WhiteLabelVersion(pex)} (White Label)";
}