SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-04-21 21:54:13 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Update developer guide

Browse Source
This commit is contained in:
Matt Nadareski
2023-01-13 15:34:10 -08:00
parent c835e04722
commit aa37449bbf
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Developer Guide.md
View File

@@ -9,9 +9,12 @@ This is a guide for any developers who wish to research protections, implement n
| Project | Description |
| --- | --- |
| `BurnOutSharp` | Main library that contains all supported file format, packer, and protection checks. It also houses most of the utilities, interfaces, and structures needed when `BurnOutSharp` is used by another project. Most code additions will happen here. |
| `BurnOutSharp.ASN1` | Library containing classes and methods associated with Abstract Syntax Notation One and OID parsing. |
| `BurnOutSharp.Builder` | Library containing classes that assist in populating the various object models defined in `BurnOutSharp.Models`. Builders can work with either byte arrays or streams for input. At the time of writing, the following executable types have builders: **MS-DOS**, **New Executable**, **Portable Executable**. |
| `BurnOutSharp.Compression` | Library containing classes that deal with different compression formats. This library is used extensively by the wrappers in `BurnOutSharp.Wrappers`. |
| `BurnOutSharp.Matching` | Library containing models and logic for generic searching and matching. This library is used extensively by the packer and protection checks in `BurnOutSharp`. |
| `BurnOutSharp.Models` | Library containing object models that represent various pieces of known executable formats. At the time of writing, the following executable types have models: **MS-DOS**, **New Executable**, **Linear Executable (partial)**, **Portable Executable**. |
| `BurnOutSharp.Utilities` | Library containing helper and extension methods that don't rely on any other libraries. |
| `BurnOutSharp.Wrappers` | Library that acts as a custom wrapper around both `BurnOutSharp.Builder` and `BurnOutSharp.Models` that allows for easier access to executable information. Each of the wrappers may also include additional functionality that would not otherwise be found in the models, e.g. Data and string reading from sections. |
| `psxt001z` | **Ported External Library** Handles detection of PS1 protections. See the README for a link to the repository. |
| `Test` | Testing executable that allows for standalone testing of the library. Includes the ability to scan files for protection as well as output executable information. |
@@ -22,7 +25,7 @@ Researching copy protections and packers can be a massive undertaking. Some can
| Tool / Method | Description |
| --- | --- |
| `Test.exe --info <path>` | The `--info` option on the test executable is a really good way of getting started with investigation. The output of `--info` contains nearly all immediately parsable information from any executable that has a wrapper defined in `BurnOutSharp.Wrappers`. In general, the newer the executable format, the more information will be immediately available. For the most basic of protections and packers, this may be as far as you need to go for your research. |
| `Test.exe --info [--json] <path>` | The `--info` option on the test executable is a really good way of getting started with investigation. The output of `--info` contains nearly all immediately parsable information from any executable that has a wrapper defined in `BurnOutSharp.Wrappers`. In general, the newer the executable format, the more information will be immediately available. For the most basic of protections and packers, this may be as far as you need to go for your research. Additionally, the `--json` flag allows for a formatted JSON output of the information for later parsing. This is only available in .NET 6+ builds. |
| `Test.exe [--debug] <path>` | Running `Test.exe` without any options runs the existing set of packer and protection checks. The output of this will be all detected packers and protections on the given file, with optional debug information where applicable. This is helpful in research because a protection you are investigating may be related to (or obscured by) another existing packer or protection. Having this information will make it easier to filter the results of `Test.exe --info <path>` as well. |
| **Add and debug** | This starts getting into more serious territory. Creating a skeleton for the packer or protection that you want to add and then messing around in code is a great way to start seeing what sort of stuff the library can see that's not normally output. See the table below for extension properties and methods that you may use in addition to the models defined in `BurnOutSharp.Models`. |
| **Hex Editor / External Programs** | As an advanced port of call, using a hex editor and external protection scanning programs (sometimes in conjunction) can help you get a better idea of the protection you're looking into. For example, **TheRogueArchivist** used that combination to narrow down the exact check for a very stubborn protection. |