Add 7-zip SFX detection

2026-02-17 21:47:52 +00:00 · 2022-12-18 14:18:35 -08:00
parent 2f08940927
commit b2ed69ab78
2 changed files with 68 additions and 0 deletions
--- a/BurnOutSharp/PackerType/SevenZipSFX.cs
+++ b/BurnOutSharp/PackerType/SevenZipSFX.cs
@@ -0,0 +1,67 @@
+using System.Collections.Concurrent;
+using System.IO;
+using System.Linq;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
+
+namespace BurnOutSharp.PackerType
+{
+    // TODO: Add extraction
+    public class SevenZipSFX : IPortableExecutableCheck, IScannable
+    {
+        /// <inheritdoc/>
+        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
+        {
+            // Get the sections from the executable, if possible
+            var sections = pex?.SectionTable;
+            if (sections == null)
+                return null;
+
+            // Get the assembly description, if possible
+            if (pex.AssemblyDescription?.StartsWith("7-Zip Self-extracting Archive") == true)
+                return $"7-Zip SFX {pex.AssemblyDescription.Substring("7-Zip Self-extracting Archive ".Length)}";
+            
+            // Get the file description, if it exists
+            if (pex.FileDescription?.Equals("7z SFX") == true)
+                return "7-Zip SFX";
+            if (pex.FileDescription?.Equals("7z Self-Extract Setup") == true)
+                return "7-Zip SFX";
+
+            // Get the original filename, if it exists
+            if (pex.OriginalFilename?.Equals("7z.sfx.exe") == true)
+                return "7-Zip SFX";
+            else if (pex.OriginalFilename?.Equals("7zS.sfx") == true)
+                return "7-Zip SFX";
+
+            // Get the internal name, if it exists
+            if (pex.InternalName?.Equals("7z.sfx") == true)
+                return "7-Zip SFX";
+            else if (pex.InternalName?.Equals("7zS.sfx") == true)
+                return "7-Zip SFX";
+
+            // If any dialog boxes match
+            if (pex.FindDialogByTitle("7-Zip self-extracting archive").Any())
+                return "7-Zip SFX";
+
+            return null;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            return null;
+        }
+    }
+}
--- a/README.md
+++ b/README.md
@@ -132,6 +132,7 @@ Below is a list of executable packers detected by BurnOutSharp. The three column

 | Protection Name | Content Check | Path Check | Extractable |
 | --------------- | ------------- | ---------- | ----------- |
+| 7-zip SFX | Yes | No | No |
 | Advanced Installer / Caphyon Advanced Installer | Yes | No | No |
 | Armadillo | Yes | No | No |
 | ASPack | Yes | No | No |