Add Gentee Installer detection (fixes #93)

2026-02-04 05:35:49 +00:00 · 2022-03-15 22:35:44 -07:00
parent 0acb29f2e9
commit c349f3a3c4
2 changed files with 46 additions and 1 deletions
--- a/BurnOutSharp/PackerType/GenteeInstaller.cs
+++ b/BurnOutSharp/PackerType/GenteeInstaller.cs
@@ -0,0 +1,44 @@
+using System.Collections.Generic;
+using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Matching;
+
+namespace BurnOutSharp.PackerType
+{
+    // TODO: Add extraction
+    public class GenteeInstaller : IPEContentCheck
+    {
+        /// <inheritdoc/>
+        public string CheckPEContents(string file, PortableExecutable pex, bool includeDebug)
+        {
+            // Get the sections from the executable, if possible
+            var sections = pex?.SectionTable;
+            if (sections == null)
+                return null;
+
+            // Get the .data section, if it exists
+            if (pex.DataSectionRaw != null)
+            {
+                var matchers = new List<ContentMatchSet>
+                {
+                    // Gentee installer
+                    new ContentMatchSet(new byte?[]
+                    {
+                        0x47, 0x65, 0x6E, 0x74, 0x65, 0x65, 0x20, 0x69,
+                        0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C, 0x65, 0x72,
+                    }, "Gentee Installer"),
+
+                    // ginstall.dll
+                    new ContentMatchSet(new byte?[]
+                    {
+                        0x67, 0x69, 0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C,
+                        0x2E, 0x64, 0x6C, 0x6C,
+                    }, "Gentee Installer"),
+                };
+
+                return MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+            }
+
+            return null;
+        }
+    }
+}
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ Below is a list of protections detected by BurnOutSharp. The two columns explain
 | Ring PROTECH / ProRing | True | True | Unconfirmed¹ |
 | SafeDisc / SafeCast | True | True | Can't distinguish between some versions of SafeDisc and SafeCast |
 | SafeLock | False | True | Unconfirmed¹ |
-| SecuROM | True | True | v8.x and White Label detected incorrectly² |
+| SecuROM | True | True | v8.x and White Label detected partially² |
 | SmartE | True | True | |
 | SoftLock | False | True | Unconfirmed¹ |
 | SolidShield | True | True | Some Wrapper v1 not detected² |
@@ -116,6 +116,7 @@ Below is a list of executable packers detected by BurnOutSharp. The three column
 | CExe | Yes | No | No |
 | dotFuscator | Yes | No | No |
 | EXE Stealth | Yes | No | No |
+| Gentee Installer | Yes | No | No |
 | Inno Setup | Yes | No | No |
 | InstallAnywhere | Yes | No | No |
 | Installer VISE | Yes | No | No |