From cab200e89333d91a82bc302bbca43e7ca45d666a Mon Sep 17 00:00:00 2001
From: Matt Nadareski <mnadareski@outlook.com>
Date: Tue, 15 Mar 2022 22:44:10 -0700
Subject: [PATCH] Add Shrinker PE detection

---
 BurnOutSharp/PackerType/Shrinker.cs | 27 +++++++++++++++++++++++++++
 README.md                           |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 BurnOutSharp/PackerType/Shrinker.cs

diff --git a/BurnOutSharp/PackerType/Shrinker.cs b/BurnOutSharp/PackerType/Shrinker.cs
new file mode 100644
index 00000000..3bc4cba6
--- /dev/null
+++ b/BurnOutSharp/PackerType/Shrinker.cs
@@ -0,0 +1,27 @@
+using System.Collections.Generic;
+using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Matching;
+
+namespace BurnOutSharp.PackerType
+{
+    // TODO: Add extraction
+    public class Shrinker : IPEContentCheck
+    {
+        /// <inheritdoc/>
+        public string CheckPEContents(string file, PortableExecutable pex, bool includeDebug)
+        {
+            // Get the sections from the executable, if possible
+            var sections = pex?.SectionTable;
+            if (sections == null)
+                return null;
+
+            // Get the .shrink0 and .shrink2 sections, if they exist -- TODO: Confirm if both are needed or either/or is fine
+            bool shrink0Section = pex.ContainsSection(".shrink0", true);
+            bool shrink2Section = pex.ContainsSection(".shrink2", true);
+            if (shrink0Section || shrink2Section)
+                return "Shrinker";
+
+            return null;
+        }
+    }
+}
diff --git a/README.md b/README.md
index d2cb2665..2ccd5539 100644
--- a/README.md
+++ b/README.md
@@ -126,6 +126,7 @@ Below is a list of executable packers detected by BurnOutSharp. The three column
 | PECompact | Yes | No | No |
 | PEtite | Yes | No | No |
 | Setup Factory | Yes | No | No |
+| Shrinker | Yes | No | No |
 | UPX and UPX (NOS Variant) | Yes | No | No |
 | WinRAR SFX | Yes | No | Yes |
 | WinZip SFX | Yes | No | Yes |