mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-07-17 14:25:12 +00:00
Add PKLITE32 detection (fixes #100)
This commit is contained in:
21
BinaryObjectScanner/Packer/PKLite.cs
Normal file
21
BinaryObjectScanner/Packer/PKLite.cs
Normal file
@@ -0,0 +1,21 @@
|
||||
using BinaryObjectScanner.Interfaces;
|
||||
using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
/// <summary>
|
||||
/// PKLITE and PKLITE32
|
||||
/// </summary>
|
||||
public class PKLite : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// <see href="https://www.virustotal.com/gui/file/601573f263115035921f621598f7a81ace998bf325e081165aa698b981822013/details"/>
|
||||
if (pex.ContainsSection(".pklstb"))
|
||||
return "PKLITE32"; // TODO: Figure out how to determine version
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -47,7 +47,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return "Uniloc SoftAnchor";
|
||||
|
||||
// Found in Redump entry 114428
|
||||
if (Array.IndexOf(exe.SectionNames, "SAAC0") > -1)
|
||||
if (exe.ContainsSection("SAAC0"))
|
||||
return "Uniloc SoftAnchor";
|
||||
|
||||
return null;
|
||||
|
||||
@@ -165,6 +165,7 @@ Below is a list of executable packers detected by BinaryObjectScanner. The three
|
||||
| NSIS | Yes | No | No | |
|
||||
| PECompact | Yes | No | No | |
|
||||
| PEtite | Yes | No | No | |
|
||||
| PKLITE32 | Yes | No | No | |
|
||||
| Setup Factory | Yes | No | No | |
|
||||
| Shrinker | Yes | No | No | |
|
||||
| UPX and UPX (NOS Variant) | Yes | No | No | |
|
||||
|
||||
Reference in New Issue
Block a user