mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-04-24 15:13:23 +00:00
Only deserialze a file once per round of checks
This commit is contained in:
Matt Nadareski
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Otherwise, the field is a forwarder RVA, which names a symbol in another DLL.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-address-table</remarks>
|
||||
internal class ExportAddressTableEntry
|
||||
public class ExportAddressTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// The address of the exported symbol when loaded into memory, relative to the image base.
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Otherwise, the field is a forwarder RVA, which names a symbol in another DLL.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-pdata-section</remarks>
|
||||
internal class FunctionTableEntry
|
||||
public class FunctionTableEntry
|
||||
{
|
||||
#region 32-bit MIPS
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Each entry in the hint/name table has the following format
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#hintname-table</remarks>
|
||||
internal class HintNameTableEntry
|
||||
public class HintNameTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// An index into the export name pointer table.
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Each import address entry has the following format
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-address-table</remarks>
|
||||
internal class ImportAddressTableEntry
|
||||
public class ImportAddressTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// The RVA of the import lookup table.
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Each import directory entry has the following format
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-directory-table</remarks>
|
||||
internal class ImportDirectoryTableEntry
|
||||
public class ImportDirectoryTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// The RVA of the import lookup table.
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// <summary>
|
||||
/// Resource type and name strings
|
||||
/// </summary>
|
||||
internal class NEResourceNameString
|
||||
public class NEResourceNameString
|
||||
{
|
||||
/// <summary>
|
||||
/// Length of the type or name string that follows. A zero value
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// <summary>
|
||||
/// A table of resources for this type
|
||||
/// </summary>
|
||||
internal class NEResourceTableEntry
|
||||
public class NEResourceTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// File offset to the contents of the resource data,
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// EXE header. The first entry in the segment table is segment number 1.
|
||||
/// The following is the structure of a segment table entry.
|
||||
/// </summary>
|
||||
internal class NESegmentTableEntry
|
||||
public class NESegmentTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// Logical-sector offset (n byte) to the contents of the segment
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// <summary>
|
||||
/// Each Resource Data entry describes an actual unit of raw data in the Resource Data area.
|
||||
/// </summary>
|
||||
internal class ResourceDataEntry
|
||||
public class ResourceDataEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// The address of a unit of resource data in the Resource Data area.
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// These strings are stored together after the last Resource Directory entry and before the first Resource Data entry.
|
||||
/// This minimizes the impact of these variable-length strings on the alignment of the fixed-size directory entries.
|
||||
/// </summary>
|
||||
internal class ResourceDirectoryString
|
||||
public class ResourceDirectoryString
|
||||
{
|
||||
/// <summary>
|
||||
/// The size of the string, not including length field itself.
|
||||
|
||||
@@ -18,7 +18,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// Offsets are relative to the address in the IMAGE_DIRECTORY_ENTRY_RESOURCE DataDirectory.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#resource-directory-entries</remarks>
|
||||
internal class ResourceDirectoryTableEntry
|
||||
public class ResourceDirectoryTableEntry
|
||||
{
|
||||
/// <summary>
|
||||
/// The offset of a string that gives the Type, Name, or Language ID entry, depending on level of table.
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Entries
|
||||
/// <summary>
|
||||
/// Resource type information block
|
||||
/// </summary>
|
||||
internal class ResourceTypeInformationBlock
|
||||
public class ResourceTypeInformationBlock
|
||||
{
|
||||
/// <summary>
|
||||
/// Type ID. This is an integer type if the high-order bit is
|
||||
|
||||
@@ -2,7 +2,7 @@ using System;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
{
|
||||
internal enum ExecutableType
|
||||
public enum ExecutableType
|
||||
{
|
||||
Unknown,
|
||||
NE,
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#dll-characteristics
|
||||
[Flags]
|
||||
internal enum DllCharacteristics : ushort
|
||||
public enum DllCharacteristics : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// Reserved, must be zero.
|
||||
@@ -91,7 +91,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#optional-header-data-directories-image-only
|
||||
internal enum ImageDirectory : byte
|
||||
public enum ImageDirectory : byte
|
||||
{
|
||||
/// <summary>
|
||||
/// The export table address and size. (.edata)
|
||||
@@ -177,7 +177,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#characteristics
|
||||
[Flags]
|
||||
internal enum ImageObjectCharacteristics : ushort
|
||||
public enum ImageObjectCharacteristics : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// Image only, Windows CE, and Microsoft Windows NT and later.
|
||||
@@ -276,7 +276,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#machine-types
|
||||
internal enum MachineType : ushort
|
||||
public enum MachineType : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// The content of this field is assumed to be applicable to any machine type
|
||||
@@ -423,7 +423,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
/// s Solo data
|
||||
/// </summary>
|
||||
[Flags]
|
||||
internal enum NeFlags : ushort
|
||||
public enum NeFlags : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// Not a process
|
||||
@@ -509,7 +509,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
/// rr Reference type
|
||||
/// </summary>
|
||||
[Flags]
|
||||
internal enum NrFlags : byte
|
||||
public enum NrFlags : byte
|
||||
{
|
||||
/// <summary>
|
||||
/// Additive fixup
|
||||
@@ -550,7 +550,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
////
|
||||
/// </summary>
|
||||
[Flags]
|
||||
internal enum NrStype : byte
|
||||
public enum NrStype : byte
|
||||
{
|
||||
/// <summary>
|
||||
/// Source type mask
|
||||
@@ -589,7 +589,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#optional-header-image-only
|
||||
internal enum OptionalHeaderType : ushort
|
||||
public enum OptionalHeaderType : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// ROM image
|
||||
@@ -609,7 +609,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
|
||||
/// http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm
|
||||
[Flags]
|
||||
internal enum ResourceTableEntryFlags : ushort
|
||||
public enum ResourceTableEntryFlags : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// Resource is not fixed.
|
||||
@@ -630,7 +630,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
/// <summary>
|
||||
/// Predefined Resource Types
|
||||
/// </summary>
|
||||
internal enum ResourceTypes : ushort
|
||||
public enum ResourceTypes : ushort
|
||||
{
|
||||
RT_CURSOR = 1,
|
||||
RT_BITMAP = 2,
|
||||
@@ -662,7 +662,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#section-flags
|
||||
[Flags]
|
||||
internal enum SectionCharacteristics : uint
|
||||
public enum SectionCharacteristics : uint
|
||||
{
|
||||
/// <summary>
|
||||
/// Reserved for future use.
|
||||
@@ -878,7 +878,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
|
||||
/// http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm
|
||||
[Flags]
|
||||
internal enum SegmentTableEntryFlags : ushort
|
||||
public enum SegmentTableEntryFlags : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// Segment-type field.
|
||||
@@ -962,7 +962,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
[Flags]
|
||||
internal enum TargetOperatingSystems : byte
|
||||
public enum TargetOperatingSystems : byte
|
||||
{
|
||||
/// <summary>
|
||||
/// Unknown (any "new-format" OS)
|
||||
@@ -991,7 +991,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
}
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#windows-subsystem
|
||||
internal enum WindowsSubsystem : ushort
|
||||
public enum WindowsSubsystem : ushort
|
||||
{
|
||||
/// <summary>
|
||||
/// An unknown subsystem
|
||||
|
||||
@@ -4,7 +4,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
{
|
||||
internal class CommonObjectFileFormatHeader
|
||||
public class CommonObjectFileFormatHeader
|
||||
{
|
||||
/// <summary>
|
||||
/// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file.
|
||||
|
||||
@@ -4,7 +4,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
{
|
||||
internal class DataDirectoryHeader
|
||||
public class DataDirectoryHeader
|
||||
{
|
||||
/// <summary>
|
||||
/// The first field, VirtualAddress, is actually the RVA of the table.
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
/// and PE executables, usually as stubs so that when they are ran under DOS, they display a warning.
|
||||
/// </summary>
|
||||
/// <remarks>https://wiki.osdev.org/MZ</remarks>
|
||||
internal class MSDOSExecutableHeader
|
||||
public class MSDOSExecutableHeader
|
||||
{
|
||||
#region Standard Fields
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
/// Because of the age of the format some items are unclear in meaning.
|
||||
/// </summary>
|
||||
/// <remarks>http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm</remarks>
|
||||
internal class NewExecutableHeader
|
||||
public class NewExecutableHeader
|
||||
{
|
||||
/// <summary>
|
||||
/// Signature word. [00]
|
||||
|
||||
@@ -18,7 +18,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
/// a particular data directory entry goes beyond the optional header.
|
||||
/// In addition, it is important to validate the optional header magic number for format compatibility.
|
||||
/// </summary>
|
||||
internal class OptionalHeader
|
||||
public class OptionalHeader
|
||||
{
|
||||
#region Standard Fields
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Headers
|
||||
/// Instead, the location of the section table is determined by calculating the location of the first byte after the headers.
|
||||
/// Make sure to use the size of the optional header as specified in the file header.
|
||||
/// </summary>
|
||||
internal class SectionHeader
|
||||
public class SectionHeader
|
||||
{
|
||||
/// <summary>
|
||||
/// An 8-byte, null-padded UTF-8 encoded string.
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
/// The WIN-NE executable format, designed for Windows 3.x, was the "NE", or "New Executable" format.
|
||||
/// Again, a 16bit format, it alleviated the maximum size restrictions that the MZ format had.
|
||||
/// </summary>
|
||||
internal class NewExecutable
|
||||
public class NewExecutable
|
||||
{
|
||||
#region Headers
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft
|
||||
/// A COFF object file header consists of a COFF file header and an optional header.
|
||||
/// In both cases, the file headers are followed immediately by section headers.
|
||||
/// </summary>
|
||||
internal class PortableExecutable
|
||||
public class PortableExecutable
|
||||
{
|
||||
#region Headers
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class FixedFileInfo
|
||||
public class FixedFileInfo
|
||||
{
|
||||
/// <summary>
|
||||
/// Contains the value 0xFEEF04BD.
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
/// Either high-order or low-order word can be zero, indicating that the file is language or code page independent.
|
||||
/// If the Var structure is omitted, the file will be interpreted as both language and code page independent.
|
||||
/// </summary>
|
||||
internal class LanguageCodePage
|
||||
public class LanguageCodePage
|
||||
{
|
||||
/// <summary>
|
||||
/// The low-order word of each DWORD must contain a Microsoft language identifier
|
||||
|
||||
@@ -6,7 +6,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class Resource
|
||||
public class Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// The length, in bytes, of the resource structure.
|
||||
|
||||
@@ -2,7 +2,7 @@ using System.IO;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class StringFileInfo : Resource
|
||||
public class StringFileInfo : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// An array of one or more StringTable structures.
|
||||
|
||||
@@ -4,7 +4,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class StringStruct : Resource
|
||||
public class StringStruct : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// Typically contains a list of languages that the application or DLL supports.
|
||||
|
||||
@@ -3,7 +3,7 @@ using System.IO;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class StringTable : Resource
|
||||
public class StringTable : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// An array of one or more String structures.
|
||||
|
||||
@@ -2,7 +2,7 @@ using System.IO;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class Var : Resource
|
||||
public class Var : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// An array of one or more values that are language and code page identifier pairs.
|
||||
|
||||
@@ -2,7 +2,7 @@ using System.IO;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class VarFileInfo : Resource
|
||||
public class VarFileInfo : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// Typically contains a list of languages that the application or DLL supports.
|
||||
|
||||
@@ -2,7 +2,7 @@ using System.IO;
|
||||
|
||||
namespace BurnOutSharp.ExecutableType.Microsoft.Resources
|
||||
{
|
||||
internal class VersionInfo : Resource
|
||||
public class VersionInfo : Resource
|
||||
{
|
||||
/// <summary>
|
||||
/// Arbitrary data associated with this VS_VERSIONINFO structure.
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Sections
|
||||
/// The target platform determines which of the three function table entry format variations described below is used.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only</remarks>
|
||||
internal class ExceptionHandlingSection
|
||||
public class ExceptionHandlingSection
|
||||
{
|
||||
/// <summary>
|
||||
/// Array of function table entries that are used for exception handling
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Sections
|
||||
/// Exported symbols are generally found in DLLs, but DLLs can also import symbols.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only</remarks>
|
||||
internal class ExportDataSection
|
||||
public class ExportDataSection
|
||||
{
|
||||
/// <summary>
|
||||
/// A table with just one row (unlike the debug directory).
|
||||
|
||||
@@ -18,7 +18,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Sections
|
||||
/// Hint-Name Table
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-idata-section</remarks>
|
||||
internal class ImportDataSection
|
||||
public class ImportDataSection
|
||||
{
|
||||
/// <summary>
|
||||
/// Import directory table
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Sections
|
||||
// then that table lists directory entries at the next level down
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-rsrc-section</remarks>
|
||||
internal class ResourceSection
|
||||
public class ResourceSection
|
||||
{
|
||||
/// <summary>
|
||||
/// A table with just one row (unlike the debug directory).
|
||||
|
||||
@@ -8,7 +8,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// An ordinal number is used as an index into the export address table.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-address-table</remarks>
|
||||
internal class ExportAddressTable
|
||||
public class ExportAddressTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public ExportAddressTableEntry[] Entries;
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The export directory table contains address information that is used to resolve imports to the entry points within this image.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-directory-table</remarks>
|
||||
internal class ExportDirectoryTable
|
||||
public class ExportDirectoryTable
|
||||
{
|
||||
/// <summary>
|
||||
/// Reserved, must be 0.
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The pointers are ordered lexically to allow binary searches.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-name-pointer-table</remarks>
|
||||
internal class ExportNamePointerTable
|
||||
public class ExportNamePointerTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public uint[] Entries;
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// These public export names are not necessarily the same as the private symbol names that the symbols have in their own image file and source code, although they can be.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-ordinal-table</remarks>
|
||||
internal class ExportNameTable
|
||||
public class ExportNameTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public string[] Entries;
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// In other words, the ordinal base must be subtracted from the ordinals to obtain true indexes into the export address table.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-ordinal-table</remarks>
|
||||
internal class ExportOrdinalTable
|
||||
public class ExportOrdinalTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public ushort[] Entries;
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The target platform determines which of the three function table entry format variations described below is used.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-pdata-section</remarks>
|
||||
internal class FunctionTable
|
||||
public class FunctionTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public FunctionTableEntry[] Entries;
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// One hint/name table suffices for the entire import section.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#hintname-table</remarks>
|
||||
internal class HintNameTable
|
||||
public class HintNameTable
|
||||
{
|
||||
/// <remarks>Number of entries is defined externally</remarks>
|
||||
public HintNameTableEntry[] Entries;
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The loader typically processes the binding.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-address-table</remarks>
|
||||
internal class ImportAddressTable
|
||||
public class ImportAddressTable
|
||||
{
|
||||
/// <remarks>Number of entries is known after parsing</remarks>
|
||||
public ImportAddressTableEntry[] Entries;
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The last directory entry is empty (filled with null values), which indicates the end of the directory table.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-directory-table</remarks>
|
||||
internal class ImportDirectoryTable
|
||||
public class ImportDirectoryTable
|
||||
{
|
||||
/// <remarks>Number of entries is known after parsing</remarks>
|
||||
public ImportDirectoryTableEntry[] Entries;
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// The last entry is set to zero (NULL) to indicate the end of the table.
|
||||
/// </summary>
|
||||
/// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-lookup-table</remarks>
|
||||
internal class ImportLookupTable
|
||||
public class ImportLookupTable
|
||||
{
|
||||
/// <remarks>Number of entries is known after parsing</remarks>
|
||||
public uint[] EntriesPE32;
|
||||
|
||||
@@ -16,7 +16,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// resource. It also defines the location and size of the resource.
|
||||
/// </summary>
|
||||
/// <remarks>http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm</remarks>
|
||||
internal class NEResourceTable
|
||||
public class NEResourceTable
|
||||
{
|
||||
/// <summary>
|
||||
/// Alignment shift count for resource data.
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.Tables
|
||||
/// This data structure should be considered the heading of a table
|
||||
/// because the table actually consists of directory entries and this structure
|
||||
/// </summary>
|
||||
internal class ResourceDirectoryTable
|
||||
public class ResourceDirectoryTable
|
||||
{
|
||||
/// <summary>
|
||||
/// Resource flags.
|
||||
|
||||
@@ -8,7 +8,7 @@ using SharpCompress.Compressors.Deflate;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class BFPK : IScannable
|
||||
public class BFPK : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Compressors.BZip2;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class BZip2 : IScannable
|
||||
public class BZip2 : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -6,11 +6,12 @@ using System.Linq;
|
||||
using System.Reflection;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class Executable : IScannable
|
||||
public class Executable : IScannable
|
||||
{
|
||||
/// <summary>
|
||||
/// Cache for all IContentCheck types
|
||||
@@ -88,8 +89,9 @@ namespace BurnOutSharp.FileType
|
||||
if (stream.CanSeek)
|
||||
stream.Seek(0, SeekOrigin.Begin);
|
||||
|
||||
// TODO: Find a way to combine the outputs of GetContentMatchSet to make this more efficient
|
||||
// If they can be combined, we can have it do a Unique check per file
|
||||
// Create PortableExecutable and NewExecutable objects for use in the checks
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
NewExecutable nex = NewExecutable.Deserialize(fileContent, 0);
|
||||
|
||||
// Iterate through all content checks
|
||||
Parallel.ForEach(contentCheckClasses, contentCheckClass =>
|
||||
@@ -98,7 +100,7 @@ namespace BurnOutSharp.FileType
|
||||
bool foundProtection = false;
|
||||
|
||||
// Check using custom content checks first
|
||||
string protection = contentCheckClass.CheckContents(file, fileContent, scanner.IncludeDebug);
|
||||
string protection = contentCheckClass.CheckContents(file, fileContent, scanner.IncludeDebug, pex, nex);
|
||||
foundProtection |= !string.IsNullOrWhiteSpace(protection);
|
||||
if (ShouldAddProtection(contentCheckClass, scanner, protection))
|
||||
Utilities.AppendToDictionary(protections, file, protection);
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Archives.GZip;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class GZIP : IScannable
|
||||
public class GZIP : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -8,7 +8,7 @@ using UnshieldSharp.Archive;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class InstallShieldArchiveV3 : IScannable
|
||||
public class InstallShieldArchiveV3 : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using UnshieldSharp.Cabinet;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class InstallShieldCAB : IScannable
|
||||
public class InstallShieldCAB : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -6,7 +6,7 @@ using StormLibSharp;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class MPQ : IScannable
|
||||
public class MPQ : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -6,7 +6,7 @@ using WixToolset.Dtf.WindowsInstaller;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class MSI : IScannable
|
||||
public class MSI : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using LibMSPackN;
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
// Specification available at http://download.microsoft.com/download/5/0/1/501ED102-E53F-4CE0-AA6B-B0F93629DDC6/Exchange/%5BMS-CAB%5D.pdf
|
||||
internal class MicrosoftCAB : IScannable
|
||||
public class MicrosoftCAB : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Archives.Zip;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class PKZIP : IScannable
|
||||
public class PKZIP : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Archives.Rar;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class RAR : IScannable
|
||||
public class RAR : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Archives.SevenZip;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class SevenZip : IScannable
|
||||
public class SevenZip : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using SharpCompress.Archives.Tar;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class TapeArchive : IScannable
|
||||
public class TapeArchive : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -6,7 +6,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class Textfile : IScannable
|
||||
public class Textfile : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -7,7 +7,7 @@ using BurnOutSharp.Tools;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class Valve : IScannable
|
||||
public class Valve : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -6,7 +6,7 @@ using SharpCompress.Compressors.Xz;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class XZ : IScannable
|
||||
public class XZ : IScannable
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public bool ShouldScan(byte[] magic)
|
||||
|
||||
@@ -1,20 +1,19 @@
|
||||
namespace BurnOutSharp
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
|
||||
namespace BurnOutSharp
|
||||
{
|
||||
// TODO: This should either include an override that takes a Stream instead of the byte[]
|
||||
// OR have a completely separate check for when it's an executable specifically
|
||||
// TODO: Once more checks have been converted over to using PortableExecutable, NewExecutable,
|
||||
// and DOS Executable, then add an override for `CheckContents` that takes an executable type
|
||||
// as one of the arguments. This will reduce the amount of times the same file will be parsed
|
||||
// into an in-memory header
|
||||
internal interface IContentCheck
|
||||
{
|
||||
/// <summary>
|
||||
/// Check a path for protections based on file contents
|
||||
/// </summary>
|
||||
/// <param name="pex">PortableExecutable representing the read-in file</param>
|
||||
/// <param name="file">File to check for protection indicators</param>
|
||||
/// <param name="fileContent">Byte array representing the file contents</param>
|
||||
/// <param name="includeDebug">True to include debug data, false otherwise</param>
|
||||
/// <returns>String containing any protections found in the file</returns>
|
||||
string CheckContents(string file, byte[] fileContent, bool includeDebug);
|
||||
string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BurnOutSharp.Matching
|
||||
/// <summary>
|
||||
/// Path matching criteria
|
||||
/// </summary>
|
||||
internal class PathMatch : IMatch<string>
|
||||
public class PathMatch : IMatch<string>
|
||||
{
|
||||
/// <summary>
|
||||
/// String to match
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BurnOutSharp.Matching
|
||||
/// <summary>
|
||||
/// A set of path matches that work together
|
||||
/// </summary>
|
||||
internal class PathMatchSet : MatchSet<PathMatch, string>
|
||||
public class PathMatchSet : MatchSet<PathMatch, string>
|
||||
{
|
||||
/// <summary>
|
||||
/// Function to get a path version for this Matcher
|
||||
|
||||
@@ -10,10 +10,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class AdvancedInstaller : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -10,21 +10,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class Armadillo : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
private List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
// {
|
||||
// // TODO: Remove this if the below section check is proven
|
||||
// return new List<ContentMatchSet>
|
||||
// {
|
||||
// // .nicode + (char)0x00
|
||||
// new ContentMatchSet(new byte?[] { 0x2E, 0x6E, 0x69, 0x63, 0x6F, 0x64, 0x65, 0x00 }, "Armadillo"),
|
||||
// };
|
||||
// }
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
@@ -52,10 +40,6 @@ namespace BurnOutSharp.PackerType
|
||||
return match;
|
||||
}
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -34,7 +35,7 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -25,7 +26,7 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -15,10 +15,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -15,10 +15,9 @@ namespace BurnOutSharp.PackerType
|
||||
|
||||
//TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds.
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -8,10 +8,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class IntelInstallationFramework : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -17,10 +17,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -10,10 +10,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class NSIS : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -9,10 +9,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class PECompact : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -12,10 +12,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -10,10 +10,9 @@ namespace BurnOutSharp.PackerType
|
||||
public class UPX : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -18,10 +18,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -19,10 +19,9 @@ namespace BurnOutSharp.PackerType
|
||||
public bool ShouldScan(byte[] magic) => true;
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Try to read the contents as a PE executable
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
if (pex != null)
|
||||
{
|
||||
var sections = pex?.SectionTable;
|
||||
@@ -111,7 +110,6 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
// Try to read the contents as an NE executable
|
||||
NewExecutable nex = NewExecutable.Deserialize(fileContent, 0);
|
||||
if (nex != null)
|
||||
{
|
||||
string version = GetNEHeaderVersion(nex);
|
||||
|
||||
@@ -29,10 +29,9 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
{
|
||||
@@ -56,10 +55,6 @@ namespace BurnOutSharp.PackerType
|
||||
new ContentMatch(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, start: sectionAddr, end: sectionEnd),
|
||||
"Wise Installation Wizard Module"),
|
||||
};
|
||||
|
||||
string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug);
|
||||
if (!string.IsNullOrWhiteSpace(match))
|
||||
return match;
|
||||
}
|
||||
|
||||
// Get the .rdata section, if it exists
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.PackerType
|
||||
@@ -23,7 +24,7 @@ namespace BurnOutSharp.PackerType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -26,10 +26,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -18,7 +19,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -30,7 +31,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -22,10 +22,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -26,10 +26,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -7,10 +7,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CDKey : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -10,10 +10,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class CDLock : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -18,7 +19,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -26,10 +26,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -1,29 +1,15 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
{
|
||||
public class CengaProtectDVD : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
private List<ContentMatchSet> GetContentMatchSets() => null;
|
||||
// {
|
||||
// // TODO: Remove this if the below section check is proven
|
||||
// return new List<ContentMatchSet>
|
||||
// {
|
||||
// // .cenega
|
||||
// new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x65, 0x6E, 0x65, 0x67, 0x61 }, "Cenega ProtectDVD"),
|
||||
// };
|
||||
// }
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
@@ -33,10 +19,6 @@ namespace BurnOutSharp.ProtectionType
|
||||
if (cenegaSection != null)
|
||||
return "Cenega ProtectDVD";
|
||||
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,10 +24,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
{
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -23,7 +24,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -24,7 +25,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
|
||||
/// TODO: Does this look for the `.grand` section like CD-Cops?
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
@@ -34,10 +34,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -12,10 +12,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class GFWL : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -13,10 +13,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class ImpulseReactor : IContentCheck, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -25,10 +25,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
*/
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -13,10 +13,9 @@ namespace BurnOutSharp.ProtectionType
|
||||
public class JoWood : IContentCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
||||
var sections = pex?.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BurnOutSharp.ExecutableType.Microsoft;
|
||||
using BurnOutSharp.Matching;
|
||||
|
||||
namespace BurnOutSharp.ProtectionType
|
||||
@@ -22,7 +23,7 @@ namespace BurnOutSharp.ProtectionType
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
||||
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
|
||||
{
|
||||
var contentMatchSets = GetContentMatchSets();
|
||||
if (contentMatchSets != null && contentMatchSets.Any())
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user