Make packer and protection code more consistent

This commit is contained in:
Matt Nadareski
2025-09-20 18:41:58 -04:00
parent 981a5bb7b5
commit cc87d44e3f
63 changed files with 216 additions and 171 deletions

View File

@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Known to detect versions 5.0.0.3 - 8.1.0.0
var name = exe.ProductName;
string? name = exe.ProductName;
if (name.OptionalStartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase))
return $"AutoPlay Media Studio {GetVersion(exe)}";

View File

@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// <see href="https://www.virustotal.com/gui/file/0e0a93cba8163cef9c979cbb49a6f15604956b9441aba6fb9e9f0c6897cc73ed/details"/>
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("GP-Install"))
return "GP-Install";

View File

@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// <see href="https://www.virustotal.com/gui/file/867726b7afc1b2343651497bbbe35618f781bb82491a2a768922117c44a897d3/details"/>
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("GkWare Self extractor"))
return "GkWare SFX";

View File

@@ -11,7 +11,7 @@ namespace BinaryObjectScanner.Packer
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalStartsWith("InstallAnywhere Self Extractor", StringComparison.OrdinalIgnoreCase))
return $"InstallAnywhere {GetVersion(exe)}";

View File

@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase)
|| name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase))
{

View File

@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.InternalName;
string? name = exe.InternalName;
if (name.OptionalEquals("Wextract", StringComparison.OrdinalIgnoreCase))
return $"Microsoft CAB SFX {GetVersion(exe)}";

View File

@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.AssemblyDescription;
string? name = exe.AssemblyDescription;
if (name.OptionalStartsWith("Nullsoft Install System"))
return $"NSIS {name!.Substring("Nullsoft Install System".Length).Trim()}";

View File

@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Known to detect versions 7.0.5.1 - 9.1.0.0
var name = exe.LegalCopyright;
string? name = exe.LegalCopyright;
if (name.OptionalStartsWith("Setup Engine", StringComparison.OrdinalIgnoreCase))
return $"Setup Factory {GetVersion(exe)}";

View File

@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// <see href="https://www.virustotal.com/gui/file/43b5791a7d87830025efae0db8f1cc5a02b6001f4703b0189adf1412cdbe22ac/details"/>
var name = exe.AssemblyDescription;
string? name = exe.AssemblyDescription;
if (name.OptionalContains("Smart Install Maker"))
return "Smart Install Maker";

View File

@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// <see href="https://www.virustotal.com/gui/file/ad876d9aa59a2c51af776ce7c095af69f41f2947c6a46cfe87a724ecf8745084/details"/>
var name = exe.AssemblyDescription;
string? name = exe.AssemblyDescription;
if (name.OptionalEquals("Spoon Installer"))
return "Spoon Installer";

View File

@@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Packer
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.AssemblyDescription;
string? name = exe.AssemblyDescription;
if (name.OptionalContains("WinRAR archiver"))
return "WinRAR SFX";

View File

@@ -42,28 +42,33 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Found in "LineRider2.exe" in Redump entry 6236
var name = exe.FileDescription;
if (name.OptionalEquals("ByteShield Client"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
// Found in "LineRider2.exe" in Redump entry 6236
name = exe.InternalName;
// Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
// Found in "LineRider2.exe" in Redump entry 6236
name = exe.OriginalFilename;
// Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield.EXE"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
// Found in "LineRider2.exe" in Redump entry 6236
name = exe.ProductName;
// Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield Client"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
// Found in "ByteShield.dll" in Redump entry 6236
name = exe.ExportTable?.ExportDirectoryTable?.Name;
// Found in "ByteShield.dll" in Redump entry 6236
if (name.OptionalEquals("ByteShield Client"))
return "ByteShield Component Module";

View File

@@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.Comments;
string? name = exe.Comments;
if (name.OptionalContains("CDCheck utlity for Microsoft Game Studios"))
return "Microsoft Game Studios CD Check";

View File

@@ -181,7 +181,7 @@ namespace BinaryObjectScanner.Protection
// Found in "bib.dll" in IA item "https://archive.org/details/cover_202501"
// This contains the version section that the Content Check looked for. There are likely other sections
// that may contain it. Update when more are found.
var strs = exe.GetFirstSectionStrings("DATA");
var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");
if (strs != null)
{
var match = strs.Find(s => s.Contains(" ver. ") && (s.Contains("CD-Cops, ") || s.Contains("DVD-Cops, ")));

View File

@@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.InternalName;
string? name = exe.InternalName;
if (name.OptionalEquals("CDKey", StringComparison.OrdinalIgnoreCase))
return "CD-Key / Serial";

View File

@@ -25,8 +25,9 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.ProductName;
// Found in "AbeWincw.dll" in Redump entry 116358 and in "TOYSGMcw.dll" in the "TOYSTORY" installation folder from Redump entry 12354.
var name = exe.ProductName;
if (name.OptionalEquals("ChannelWare Utilities"))
return "Channelware";
@@ -43,11 +44,13 @@ namespace BinaryObjectScanner.Protection
return "Channelware";
name = exe.FileDescription;
// Found in "cwuninst.exe" in the "Channelware" folder installed from Redump entry 12354.
if (name.OptionalEquals("Channelware Launcher Uninstall"))
return "Channelware";
name = exe.LegalTrademarks;
// Found in "CWAuto.dll" and "Upgrader.exe" in the "TOYSTORY" installation folder from Redump entry 12354.
if (name.OptionalEquals("Channelware"))
return "Channelware";

View File

@@ -24,9 +24,10 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.ProductName;
// Found in "Code-Lock.ocx" in Code-Lock version 2.35.
// Also worth noting is the File Description for this file, which is "A future for you, a challenge for the rest.".
var name = exe.ProductName;
if (name.OptionalStartsWith("Code-Lock", StringComparison.OrdinalIgnoreCase))
return $"ChosenBytes Code-Lock {exe.ProductVersion}";

View File

@@ -20,9 +20,10 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.ProductName;
// TODO: Figure out why this check doesn't work.
// Found in "autorun.exe" in CopyKiller V3.64, V3.99, and V3.99a.
var name = exe.ProductName;
if (name.OptionalStartsWith("CopyKiller", StringComparison.OrdinalIgnoreCase))
return "CopyKiller V3.64+";

View File

@@ -62,10 +62,6 @@ namespace BinaryObjectScanner.Protection
// Checks for Professional
// PEX checks intentionally only detect Professional
var sections = exe.SectionTable;
if (sections == null)
return null;
if (exe.OverlayStrings != null)
{
// Checks if main executable contains reference to optgraph.dll.

View File

@@ -38,8 +38,9 @@ namespace BinaryObjectScanner.Protection
// Get the CrypKey version from the VersionInfo, if it exists
string version = exe.GetVersionInfoString("CrypKey Version") ?? string.Empty;
string? name = exe.CompanyName;
// Found in 'cki32k.dll'
var name = exe.CompanyName;
if (name.OptionalStartsWith("CrypKey"))
return $"CrypKey {version}".TrimEnd();
@@ -53,8 +54,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("CrypKey"))
return $"CrypKey {version}".TrimEnd();
// Found in 'cki32k.dll'
name = exe.LegalCopyright;
// Found in 'cki32k.dll'
if (name.OptionalContains("CrypKey"))
return $"CrypKey {version}".TrimEnd();

View File

@@ -36,8 +36,9 @@ namespace BinaryObjectScanner.Protection
{
// All current checks for Denuvo Anti-Cheat come from Doom Eternal Update 1 (Steam Depot 782332, Manifest 7064393210727378308).
string? name = exe.FileDescription;
// Found in "denuvo-anti-cheat.sys".
var name = exe.FileDescription;
if (name.OptionalEquals("Denuvo Anti-Cheat Driver", StringComparison.OrdinalIgnoreCase))
return $"Denuvo Anti-Cheat";
@@ -62,8 +63,7 @@ namespace BinaryObjectScanner.Protection
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/_denuvoComplete.2.sg
// Denuvo Protector
if (exe.OptionalHeader?.Magic == OHMN.PE32Plus
&& exe.EntryPointData != null)
if (exe.OptionalHeader?.Magic == OHMN.PE32Plus && exe.EntryPointData != null)
{
byte?[] denuvoProtector =
[
@@ -84,7 +84,7 @@ namespace BinaryObjectScanner.Protection
new byte[] {
0x44, 0x65, 0x6E, 0x75, 0x76, 0x6F, 0x20, 0x54,
0x69, 0x6D, 0x69, 0x6E, 0x67,
}, "Denuvo")
}, "Denuvo")
};
var timingMatch = MatchUtil.GetFirstMatch(file, exe.EntryPointData, timingMatchers, includeDebug);

View File

@@ -28,20 +28,23 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
var name = exe.FileDescription;
if (name.OptionalEquals("DigiGuard3 Client"))
return $"DigiGuard3";
string? name = exe.FileDescription;
// Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
if (name.OptionalEquals("DigiGuard3 Client"))
return "DigiGuard3";
name = exe.LegalTrademarks;
// Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
if (name.OptionalEquals("DigiGuard"))
return $"DigiGuard";
return "DigiGuard";
name = exe.ProductName;
// Found in "PJS3.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
name = exe.ProductName;
if (name.OptionalEquals("Greenleaf Wrapper3"))
return $"DigiGuard";
return "DigiGuard";
return null;
}

View File

@@ -40,8 +40,9 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
var name = exe.FileDescription;
if (name.OptionalStartsWith("IOSLinkNT", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";
@@ -49,13 +50,15 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("TTR Technologies DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return $"DiscGuard {GetVersion(exe)}";
// Found in "T29.dll" (Redump entry 31914).
name = exe.ProductName;
// Found in "T29.dll" (Redump entry 31914).
if (name.OptionalStartsWith("DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";
// Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
name = exe.ProductName;
// Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
if (name.OptionalStartsWith("TTR Technologies Ltd. DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";

View File

@@ -21,17 +21,20 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat"))
return "EA Anti Cheat";
name = exe.ProductName;
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat"))
return "EA Anti Cheat";
name = exe.InternalName;
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Equals("skyfall"))
return "EA Anti Cheat";

View File

@@ -24,7 +24,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Found in "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam).
if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)"))
return "Easy Anti-Cheat (EOS Version)";
@@ -51,6 +52,7 @@ namespace BinaryObjectScanner.Protection
// "EasyAntiCheat Service" -> "EasyAntiCheat.exe", which is found installed in "Program Files (x86)\EasyAntiCheat" and "EasyAntiCheat_Setup.exe" ("Intruder", Update 2287, Steam).
name = exe.ProductName;
// Found in multiple files, including "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam) and "start_protected_game.exe" ("VRChat", Version 2022.2.2p2, Oculus).
if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)"))
return "Easy Anti-Cheat (EOS Version)";

View File

@@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("EReg MFC Application"))
return $"EA CdKey Registration Module {exe.GetInternalVersion()}";
else if (name.OptionalContains("Registration code installer program"))
@@ -18,6 +19,7 @@ namespace BinaryObjectScanner.Protection
return $"EA DRM Protection {exe.GetInternalVersion()}";
name = exe.InternalName;
if (name.OptionalEquals("CDCode", StringComparison.Ordinal))
return $"EA CdKey Registration Module {exe.GetInternalVersion()}";

View File

@@ -13,7 +13,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalStartsWith("Games for Windows - LIVE Zero Day Piracy Protection", StringComparison.OrdinalIgnoreCase))
return $"Games for Windows LIVE - Zero Day Piracy Protection Module {exe.GetInternalVersion()}";
else if (name.OptionalStartsWith("Games for Windows", StringComparison.OrdinalIgnoreCase))

View File

@@ -34,9 +34,10 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// TODO: Fix the following checks, as this information is visible via Windows Explorer but isn't currently being seen by BOS.
// Found in "HCPSMng.exe".
var name = exe.FileDescription;
if (name.OptionalStartsWith("HCPS Manager", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
@@ -44,8 +45,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("HCPS Loader", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
// Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe".
name = exe.ProductName;
// Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe".
if (name.OptionalStartsWith("HCPS", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
@@ -57,7 +59,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
// Get the code/CODE section strings, if they exist
strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE");
if (strs != null)
@@ -66,7 +68,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
// Get the UPX1 section strings, if they exist
strs = exe.GetFirstSectionStrings("UPX1");
if (strs != null)
@@ -75,7 +77,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
return null;
}

View File

@@ -15,15 +15,18 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("ImpulseReactor Dynamic Link Library"))
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
name = exe.ProductName;
if (name.OptionalContains("ImpulseReactor Dynamic Link Library"))
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
name = exe.OriginalFilename;
if (name.OptionalContains("ReactorActivate.exe"))
return $"Stardock Product Activation {exe.GetInternalVersion()}";
@@ -45,7 +48,7 @@ namespace BinaryObjectScanner.Protection
if (containsCheck && containsCheck2)
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
else if (containsCheck && !containsCheck2)
return $"Impulse Reactor";
return "Impulse Reactor";
return null;
}

View File

@@ -50,13 +50,11 @@ namespace BinaryObjectScanner.Protection
}
// Get the HC09 section, if it exists
bool hc09Section = exe.ContainsSection("HC09 ", exact: true);
if (hc09Section)
if (exe.ContainsSection("HC09 ", exact: true))
return "JoWood X-Prot v2"; // TODO: Can we get more granular with the version?
// Get the XPROT section, if it exists
var xprotSection = exe.ContainsSection("XPROT ", exact: true);
if (xprotSection)
if (exe.ContainsSection("XPROT ", exact: true))
return "JoWood X-Prot v1.4+"; // TODO: Can we get more granular with the version?
return null;

View File

@@ -26,7 +26,7 @@ namespace BinaryObjectScanner.Protection
// TODO: Investigate if there are any viable checks for the game EXE itself.
// "Styx" is found as the File Description and Product Name in "KalypsoLauncher.dll", but checks aren't included due to the risk of false positives.
var name = exe.InternalName;
string? name = exe.InternalName;
// Found in "KalypsoLauncher.dll" in Redump entry 95617.
if (name.OptionalContains("KalypsoLauncher.dll"))

View File

@@ -21,14 +21,16 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Should be present on all LabelGate CD2 discs (Redump entry 95010 and product ID SVWC-7185).
var name = exe.FileDescription;
if (name.OptionalStartsWith("MAGIQLIP2 Installer", StringComparison.OrdinalIgnoreCase))
return $"LabelGate CD2 Media Player";
return "LabelGate CD2 Media Player";
name = exe.ProductName;
if (name.OptionalStartsWith("MQSTART", StringComparison.OrdinalIgnoreCase))
return $"LabelGate CD2 Media Player";
return "LabelGate CD2 Media Player";
// Get the .data/DATA section strings, if they exist
var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");

View File

@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.ProductName;
string? name = exe.ProductName;
// Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001".
if (name.OptionalEquals("MGI Registration Utility", StringComparison.Ordinal))

View File

@@ -62,7 +62,7 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
internal static string? CDillaCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Found in in "cdilla52.dll" from C-Dilla LMS version 3.24.010.
if (name.OptionalEquals("32-bit C-Dilla DLL", StringComparison.OrdinalIgnoreCase))

View File

@@ -47,10 +47,11 @@ namespace BinaryObjectScanner.Protection
if (exe.FindGenericResource("CactusPJ").Count > 0)
return "PlayJ Music Player (Cactus Data Shield 200)";
string? name = exe.ProductName;
// Found in various files in "Les Paul & Friends" (Barcode 4 98806 834170).
var name = exe.ProductName;
if (name.OptionalEquals("CDS300", StringComparison.OrdinalIgnoreCase))
return $"Cactus Data Shield 300";
return "Cactus Data Shield 300";
return null;
}

View File

@@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
internal static string? FLEXnetCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.ProductName;
string? name = exe.ProductName;
// Found in "IsSvcInstDanceEJay7.dll" in IA item "computer200709dvd" (Dance eJay 7).
if (name.OptionalEquals("FLEXnet Activation Toolkit", StringComparison.OrdinalIgnoreCase))

View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.IO;
using SabreTools.Hashing;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -21,31 +20,24 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
internal static string? RipGuardCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
var name = exe.FileDescription;
if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
// Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
name = exe.ProductName;
// Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
if (!string.IsNullOrEmpty(file) && File.Exists(file))
// So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash.
if (exe.Length == 49_152)
{
try
{
var fi = new FileInfo(file);
// So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash.
if (fi.Length == 49_152)
{
var sha1 = HashTool.GetFileHash(file, HashType.SHA1);
if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
}
}
catch { }
var sha1 = HashTool.GetFileHash(file, HashType.SHA1);
if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
}
return null;

View File

@@ -97,23 +97,24 @@ namespace BinaryObjectScanner.Protection
return "SafeCast";
}
string? name = exe.FileDescription;
// Found in "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)".
var name = exe.FileDescription;
if (name.OptionalEquals("SafeCast2", StringComparison.OrdinalIgnoreCase))
return "SafeCast";
// Found in "cdac01ba.dll" from IA item "ejay_nestle_trial".
// TODO: Figure out a reasonable way to parse version.
if (name.OptionalEquals("CdaC01BA", StringComparison.OrdinalIgnoreCase))
return $"SafeCast";
return "SafeCast";
// Found in "C2CDEL.EXE" in IA item "britney-spears-special-edition-cd-rom".
if (name.OptionalEquals("32-bit SafeCast Copy To Clear Delete", StringComparison.OrdinalIgnoreCase))
return $"SafeCast";
return "SafeCast";
// Found in "C2C.DLL" in IA item "britney-spears-special-edition-cd-rom".
if (name.OptionalEquals("32-bit SafeCast Shell Copy To Clear DLL", StringComparison.OrdinalIgnoreCase))
return $"SafeCast";
return "SafeCast";
// Found in "SCRfrsh.exe" in Redump entry 102979.
if (name.OptionalEquals("32-bit SafeCast Toolkit", StringComparison.OrdinalIgnoreCase))
@@ -121,14 +122,15 @@ namespace BinaryObjectScanner.Protection
// Found in "CDAC14BA.DLL" in Redump entry 95524.
if (name.OptionalEquals("32-bit SafeCast Anchor Installer", StringComparison.OrdinalIgnoreCase))
return $"SafeCast";
return "SafeCast";
// Found in "CDAC21BA.DLL" in Redump entry 95524.
if (name.OptionalEquals("32-bit CdaC20BA", StringComparison.OrdinalIgnoreCase))
return $"SafeCast";
return "SafeCast";
name = exe.ProductName;
// Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)".
name = exe.ProductName;
if (name.OptionalEquals("SafeCast Windows NT", StringComparison.OrdinalIgnoreCase))
return "SafeCast";

View File

@@ -81,7 +81,8 @@ namespace BinaryObjectScanner.Protection
return "Macrovision SecDrv Update Installer";
}
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Present in "Diag.exe" files from SafeDisc 4.50.000+.
if (name.OptionalEquals("SafeDisc SRV Tool APP", StringComparison.OrdinalIgnoreCase))
return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(exe)}";
@@ -90,8 +91,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase))
return "Macrovision SecDrv Update Installer";
// Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
name = exe.ProductName;
// Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
if (name.OptionalEquals("SafeDisc CDROM Protection System", StringComparison.OrdinalIgnoreCase))
return "SafeDisc 1.00.025-1.01.044";
@@ -109,9 +111,10 @@ namespace BinaryObjectScanner.Protection
else if (name.OptionalEquals("SafeDisc AuthServ APP", StringComparison.OrdinalIgnoreCase))
return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(exe)}";
name = exe.FileDescription;
// Present on all "CLOKSPL.EXE" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
// Only found so far on SafeDisc 1.00.025-1.01.044, but the report is currently left generic due to the generic nature of the check.
name = exe.FileDescription;
if (name.OptionalEquals("SafeDisc", StringComparison.OrdinalIgnoreCase))
return "SafeDisc";

View File

@@ -47,7 +47,7 @@ namespace BinaryObjectScanner.Protection
var resultsList = new List<string>();
// Check for generic indications of Macrovision protections first.
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Present in "secdrv.sys" files found in SafeDisc 2.80.010+.
if (name.OptionalEquals("Macrovision SECURITY Driver", StringComparison.OrdinalIgnoreCase))

View File

@@ -18,15 +18,17 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
var name = exe.FileDescription;
if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase))
return $"MediaCloQ";
string? name = exe.FileDescription;
// Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase))
return "MediaCloQ";
name = exe.ProductName;
// Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
if (name.OptionalStartsWith("scvfy Application", StringComparison.OrdinalIgnoreCase))
return $"MediaCloQ";
return "MediaCloQ";
return null;
}

View File

@@ -18,12 +18,14 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Used to detect "LicGen.exe", found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6)
var name = exe.FileDescription;
if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase))
return $"MediaMax CD-3";
name = exe.ProductName;
if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase))
return $"MediaMax CD-3";

View File

@@ -31,7 +31,7 @@ namespace BinaryObjectScanner.Protection
if (exe.ContainsSection(".neac0", exact: true) || exe.ContainsSection(".neac1", exact: true))
return "NEAC Protect";
var name = exe.ProductName;
string? name = exe.ProductName;
// Found in "NeacSafe64.sys" and "NeacSafe.sys".
// TODO: Fix Product Name not being properly grabbed from the file.

View File

@@ -35,7 +35,7 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Investigate if there are any viable checks for the game EXE itself.
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Found in "GameGuard.des" in Redump entry 90526 and 99598, and "Soulworker" (Steam Depot 1377581, Manifest 5092481117079359342).
if (name.OptionalContains("nProtect GameGuard Launcher"))

View File

@@ -9,8 +9,9 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.InternalName;
// TODO: Is this too broad in general?
var name = exe.InternalName;
if (name.OptionalStartsWith("EReg", StringComparison.OrdinalIgnoreCase))
return $"Executable-Based Online Registration {exe.GetInternalVersion()}";

View File

@@ -19,41 +19,43 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.LegalTrademarks;
// Found in many different OpenMG related files ("Touch" by Amerie).
var name = exe.LegalTrademarks;
if (name.OptionalStartsWith("OpenMG", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
name = exe.FileDescription;
// Found in "OMGDBP.OCX" ("Touch" by Amerie).
name = exe.FileDescription;
if (name.OptionalStartsWith("LGDiscComp Module", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "OMGDWRAP.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("LGDSimplePlayer Module", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "OMGLGD.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("omglgd Module", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "OMGUTILS.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("OpenMG Utility", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "SALWRAP.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("Secure Application Loader Wrapper", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "SDKHM.DLL" ("Touch" by Amerie).
// Not every copy of this file has this File Description (Redump entry 95010).
if (name.OptionalStartsWith("SDKHM (KEEP)", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
// Found in "SDKHM.EXE" ("Touch" by Amerie).
// Not every copy of this file has this File Description (Redump entry 95010).
if (name.OptionalStartsWith("SDKHM (KEPT)", StringComparison.OrdinalIgnoreCase))
return $"OpenMG";
return "OpenMG";
return null;
}

View File

@@ -12,11 +12,13 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase))
return "Origin";
name = exe.ProductName;
if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase))
return "Origin";

View File

@@ -16,20 +16,23 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
var name = exe.FileDescription;
if (name.OptionalStartsWith("PlayJ Music Player", StringComparison.OrdinalIgnoreCase))
return $"PlayJ Music Player";
return "PlayJ Music Player";
name = exe.FileDescription;
// Found in "PJSTREAM.DLL" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
name = exe.FileDescription;
if (name.OptionalStartsWith("EVAUX32 Module", StringComparison.OrdinalIgnoreCase))
return $"PlayJ Music Player Component";
return "PlayJ Music Player Component";
name = exe.ProductName;
// Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
name = exe.ProductName;
if (name.OptionalStartsWith("PlayJ", StringComparison.OrdinalIgnoreCase))
return $"PlayJ";
return "PlayJ";
return null;
}

View File

@@ -131,7 +131,7 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", "SNTI386.DLL", and "SX32W.DL_"/"SX32W.DLL" aren't getting read properly, causing checks for these files to not work.
var name = exe.FileDescription;
string? name = exe.FileDescription;
// Found in "RNBOVTMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
if (name.OptionalEquals("Rainbow Technologies Virtual Device Driver", StringComparison.OrdinalIgnoreCase))

View File

@@ -18,8 +18,14 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Get the .data section strings, if they exist
var strs = exe.GetFirstSectionStrings(".data");
string? name = exe.FileDescription;
// Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA".
if (name.OptionalContains("RngInterstitial"))
return "RealArcade";
// Get the .data/DATA section strings, if they exist
var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");
if (strs != null)
{
// Found in "rebound.exe" in the installation directory for "Rebound" in IA item "Nova_RealArcadeCD_USA".
@@ -27,11 +33,6 @@ namespace BinaryObjectScanner.Protection
return "RealArcade";
}
// Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA".
var name = exe.FileDescription;
if (name.OptionalContains("RngInterstitial"))
return "RealArcade";
return null;
}

View File

@@ -116,7 +116,7 @@ namespace BinaryObjectScanner.Protection
}
// Alf.dll
var name = exe.ProductName;
string? name = exe.ProductName;
if (name.OptionalEquals("DFA Unlock Dll"))
return $"SecuROM DFA Unlock v{exe.GetInternalVersion()}";
@@ -453,7 +453,7 @@ namespace BinaryObjectScanner.Protection
/// </summary>
private static string? CheckProductActivation(PortableExecutable exe)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("SecuROM PA"))
return $"SecuROM Product Activation v{exe.GetInternalVersion()}";

View File

@@ -11,9 +11,11 @@ namespace BinaryObjectScanner.Protection
{
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.InternalName;
// Only works on stub generated from running the program yourself
if (exe.InternalName.OptionalEquals("SmarteSECURE"))
return "SmartE";
if (name.OptionalEquals("SmarteSECURE"))
return "SmartE";
var sections = exe.SectionTable ?? [];

View File

@@ -16,13 +16,15 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.InternalName;
// Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
var name = exe.InternalName;
if (name.OptionalEquals("Softlock Protected Application"))
return "SoftLock";
// Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
name = exe.Comments;
// Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
if (name.OptionalEquals("Softlock Protected Application"))
return "SoftLock";
@@ -56,8 +58,8 @@ namespace BinaryObjectScanner.Protection
// and dialog boxes. See if any of those are unique to SoftLock.
// Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP"
var strings = exe.GetFirstSectionStrings(".section") ?? [];
if (strings.Exists(s => s.Contains("SOFTLOCKPROTECTION")))
var strs = exe.GetFirstSectionStrings(".section") ?? [];
if (strs.Exists(s => s.Contains("SOFTLOCKPROTECTION")))
return "SoftLock";
// Investigate if the ".section" section is an indicator of SoftLock

View File

@@ -17,7 +17,8 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166.
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalStartsWith("DVM Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield {exe.GetInternalVersion()}";
@@ -36,9 +37,9 @@ namespace BinaryObjectScanner.Protection
return $"SolidShield {GetInternalVersion(exe)}";
name = exe.ProductName;
if (name.OptionalStartsWith("Solidshield Activation Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield Core.dll {exe.GetInternalVersion()}";
else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield Core.dll {exe.GetInternalVersion()}";

View File

@@ -19,9 +19,7 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
#region File Description
var name = exe.FileDescription;
string? name = exe.FileDescription;
// There are some File Description checks that are currently too generic to use.
// "Host Library" - Found in "protect.dll" in Redump entry 81756.
@@ -30,7 +28,7 @@ namespace BinaryObjectScanner.Protection
// Found in "sfdrvrem.exe" in Redump entry 102677.
if (name.OptionalContains("FrontLine Drivers Removal Tool"))
return $"StarForce FrontLine Driver Removal Tool";
return "StarForce FrontLine Driver Removal Tool";
// Found in "protect.exe" in Redump entry 94805.
if (name.OptionalContains("FrontLine Protection GUI Application"))
@@ -46,27 +44,21 @@ namespace BinaryObjectScanner.Protection
// TODO: Find a sample of this check.
if (name.OptionalContains("Protected Module"))
return $"StarForce 5";
#endregion
#region Legal Copyright
return "StarForce 5";
name = exe.LegalCopyright;
if (name.OptionalStartsWith("(c) Protection Technology")) // (c) Protection Technology (StarForce)?
return $"StarForce {exe.GetInternalVersion()}";
else if (name.OptionalContains("Protection Technology")) // Protection Technology (StarForce)?
return $"StarForce {exe.GetInternalVersion()}";
#endregion
#region Trade Name
name = exe.TradeName;
// FrontLine ProActive (digital activation), samples:
// https://dbox.tools/titles/pc/46450FA4/
// https://dbox.tools/titles/pc/4F430FA0/
// https://dbox.tools/titles/pc/53450FA1/
name = exe.TradeName;
if (name.OptionalContains("FL ProActive"))
return "FrontLine ProActive";
@@ -75,10 +67,6 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalContains("SF Crypto"))
return "StarForce Crypto";
#endregion
#region Internal Name
// TODO: Decide if internal name checks are safe to use.
name = exe.InternalName;
@@ -98,8 +86,6 @@ namespace BinaryObjectScanner.Protection
// else if (name.OptionalEquals("protect.exe", StringComparison.Ordinal))
// return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}";
#endregion
// Check the export name table
if (exe.ExportTable?.ExportNameTable?.Strings != null)
{

View File

@@ -11,7 +11,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("Steam Autorun Setup"))
return "Steam";
else if (name.OptionalContains("Steam Client API"))
@@ -22,6 +23,7 @@ namespace BinaryObjectScanner.Protection
return "Steam";
name = exe.ProductName;
if (name.OptionalContains("Steam Autorun Setup"))
return "Steam";
else if (name.OptionalContains("Steam Client API"))

View File

@@ -24,13 +24,15 @@ namespace BinaryObjectScanner.Protection
// - TagesClient.exe
// - TagesClient.dat (Does not always exist)
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalStartsWith("TagesSetup", StringComparison.OrdinalIgnoreCase))
return $"TAGES Driver Setup {GetVersion(exe)}";
else if (name.OptionalStartsWith("Tagès activation client", StringComparison.OrdinalIgnoreCase))
return $"TAGES Activation Client {GetVersion(exe)}";
name = exe.ProductName;
if (name.OptionalStartsWith("Application TagesSetup", StringComparison.OrdinalIgnoreCase))
return $"TAGES Driver Setup {GetVersion(exe)}";
else if (name.OptionalStartsWith("T@GES", StringComparison.OrdinalIgnoreCase))

View File

@@ -10,9 +10,9 @@ namespace BinaryObjectScanner.Protection
{
// Check the dialog box resources
if (exe.FindDialogByTitle("321Studios Activation").Count > 0)
return $"321Studios Online Activation";
return "321Studios Online Activation";
else if (exe.FindDialogByTitle("321Studios Phone Activation").Count > 0)
return $"321Studios Online Activation";
return "321Studios Online Activation";
return null;
}

View File

@@ -23,31 +23,36 @@ namespace BinaryObjectScanner.Protection
// TODO: Add version number finding
// TODO: Come to an agreement as to what the version should be
string? name = exe.CompanyName;
// Found in Redump entry 114428
// Found in Alpha Protocol -- TODO: Get Redump ID(s)
var name = exe.CompanyName;
if (name.OptionalStartsWith("Uniloc USA"))
return "Uniloc SoftAnchor";
// Found in Alpha Protocol -- TODO: Get Redump ID(s)
name = exe.InternalName;
// Found in Alpha Protocol -- TODO: Get Redump ID(s)
if (name.OptionalStartsWith("saAudit"))
return "Uniloc SoftAnchor";
// Found in Redump entry 114428
name = exe.LegalCopyright;
// Found in Redump entry 114428
if (name.OptionalContains("Uniloc"))
return "Uniloc SoftAnchor";
// Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
name = exe.OriginalFilename;
// Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
if (name.OptionalEquals("saAudit.dll"))
return "Uniloc SoftAnchor";
if (name.OptionalEquals("saui.dll"))
return "Uniloc SoftAnchor";
// Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
name = exe.ProductName;
// Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
if (name.OptionalStartsWith("saAudit"))
return "Uniloc SoftAnchor";

View File

@@ -14,7 +14,8 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("Ubisoft Connect Installer"))
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Ubisoft Connect Service"))
@@ -29,9 +30,10 @@ namespace BinaryObjectScanner.Protection
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Uplay launcher"))
return "Uplay / Ubisoft Connect";
name = exe.ProductName;
// There's also a variant that looks like "Uplay <version> installer"
name = exe.ProductName;
if (name.OptionalContains("Ubisoft Connect"))
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Uplay"))

View File

@@ -18,8 +18,9 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
string? name = exe.FileDescription;
// Found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6)
var name = exe.FileDescription;
if (name.OptionalStartsWith("Windows Media Data Session Licensing Engine", StringComparison.OrdinalIgnoreCase))
return "Windows Media Data Session DRM";

View File

@@ -12,15 +12,18 @@ namespace BinaryObjectScanner.Protection
/// <inheritdoc/>
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
var name = exe.FileDescription;
string? name = exe.FileDescription;
if (name.OptionalContains("Copy Protection Viewer"))
return "WTM Protection Viewer";
name = exe.LegalTrademarks;
if (name.OptionalContains("WTM Copy Protection"))
return "WTM Protection Viewer";
name = exe.ProductName;
if (name.OptionalContains("WTM Copy Protection Viewer"))
return "WTM Protection Viewer";

View File

@@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Get the .rdata section strings, if they exist
List<string>? strs = exe.GetFirstSectionStrings(".rdata");
var strs = exe.GetFirstSectionStrings(".rdata");
if (strs != null)
{
if (strs.Exists(s => s.Contains("XCP.DAT")))