diff --git a/BurnOutSharp/FileType/Executable.cs b/BurnOutSharp/FileType/Executable.cs index f1001684..a20d96ad 100644 --- a/BurnOutSharp/FileType/Executable.cs +++ b/BurnOutSharp/FileType/Executable.cs @@ -113,7 +113,7 @@ namespace BurnOutSharp.FileType // NewExecutable nex = new NewExecutable(stream); // stream.Seek(0, SeekOrigin.Begin); - // Iterate through all content checks + // Iterate through all generic content checks Parallel.ForEach(contentCheckClasses, contentCheckClass => { // Track if any protection is found @@ -137,9 +137,65 @@ namespace BurnOutSharp.FileType } }); + // If we have a NE executable, iterate through all NE content checks + if (nex != null) + { + Parallel.ForEach(neContentCheckClasses, contentCheckClass => + { + // Track if any protection is found + bool foundProtection = false; + + // Check using custom content checks first + string protection = contentCheckClass.CheckNEContents(file, fileContent, scanner.IncludeDebug, nex); + foundProtection |= !string.IsNullOrWhiteSpace(protection); + if (ShouldAddProtection(contentCheckClass, scanner, protection)) + Utilities.AppendToDictionary(protections, file, protection); + + // If we have an IScannable implementation + if (contentCheckClass is IScannable scannable) + { + if (file != null && !string.IsNullOrEmpty(protection)) + { + var subProtections = scannable.Scan(scanner, null, file); + Utilities.PrependToKeys(subProtections, file); + Utilities.AppendToDictionary(protections, subProtections); + } + } + }); + } + + // If we have a PE executable, iterate through all PE content checks + if (pex != null) + { + Parallel.ForEach(peContentCheckClasses, contentCheckClass => + { + // Track if any protection is found + bool foundProtection = false; + + // Check using custom content checks first + string protection = contentCheckClass.CheckPEContents(file, fileContent, scanner.IncludeDebug, pex); + foundProtection |= !string.IsNullOrWhiteSpace(protection); + if (ShouldAddProtection(contentCheckClass, scanner, protection)) + Utilities.AppendToDictionary(protections, file, protection); + + // If we have an IScannable implementation + if (contentCheckClass is IScannable scannable) + { + if (file != null && !string.IsNullOrEmpty(protection)) + { + var subProtections = scannable.Scan(scanner, null, file); + Utilities.PrependToKeys(subProtections, file); + Utilities.AppendToDictionary(protections, subProtections); + } + } + }); + } + return protections; } + #region Helpers + /// /// Initialize all IContentCheck implementations /// @@ -187,5 +243,43 @@ namespace BurnOutSharp.FileType return false; } + + /// + /// Check to see if a protection should be added or not + /// + /// Class that was last used to check + /// Scanner object for state tracking + /// The protection result to be checked + private bool ShouldAddProtection(INEContentCheck neContentCheckClass, Scanner scanner, string protection) + { + // If we have a valid content check based on settings + if (!neContentCheckClass.GetType().Namespace.ToLowerInvariant().Contains("packertype") || scanner.ScanPackers) + { + if (!string.IsNullOrWhiteSpace(protection)) + return true; + } + + return false; + } + + /// + /// Check to see if a protection should be added or not + /// + /// Class that was last used to check + /// Scanner object for state tracking + /// The protection result to be checked + private bool ShouldAddProtection(IPEContentCheck peContentCheckClass, Scanner scanner, string protection) + { + // If we have a valid content check based on settings + if (!peContentCheckClass.GetType().Namespace.ToLowerInvariant().Contains("packertype") || scanner.ScanPackers) + { + if (!string.IsNullOrWhiteSpace(protection)) + return true; + } + + return false; + } + + #endregion } }