SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-14 13:46:03 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Convert Advanced Installer to string finding

Browse Source
This commit is contained in:
Matt Nadareski
2022-12-09 12:35:58 -08:00
parent 9562a0eaf7
commit 97aabdca33
1 changed files with 6 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
BurnOutSharp/PackerType/AdvancedInstaller.cs
View File

@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
@@ -19,23 +19,12 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
// Get the .rdata section, if it exists
if (pex.ContainsSection(".rdata"))
// Get the .rdata section strings, if they exist
List<string> strs = pex.GetFirstSectionStrings(".rdata");
if (strs != null)
{
var matchers = new List<ContentMatchSet>
{
// Software\Caphyon\Advanced Installer
new ContentMatchSet(new byte?[]
{
0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E,
0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65,
0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C,
0x6C, 0x65, 0x72
}, "Caphyon Advanced Installer"),
};
return MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (strs.Any(s => s.Contains("Software\\Caphyon\\Advanced Installer")))
return "Caphyon Advanced Installer";
}
return null;