diff --git a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs
index 2ac994ae..3b2d56be 100644
--- a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs
+++ b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs
@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Known to detect versions 5.0.0.3 - 8.1.0.0
- var name = exe.ProductName;
+ string? name = exe.ProductName;
if (name.OptionalStartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase))
return $"AutoPlay Media Studio {GetVersion(exe)}";
diff --git a/BinaryObjectScanner/Packer/GPInstall.cs b/BinaryObjectScanner/Packer/GPInstall.cs
index c2033a18..c847f55a 100644
--- a/BinaryObjectScanner/Packer/GPInstall.cs
+++ b/BinaryObjectScanner/Packer/GPInstall.cs
@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
//
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
if (name.OptionalContains("GP-Install"))
return "GP-Install";
diff --git a/BinaryObjectScanner/Packer/GkWareSFX.cs b/BinaryObjectScanner/Packer/GkWareSFX.cs
index f6ded7ff..a7819de2 100644
--- a/BinaryObjectScanner/Packer/GkWareSFX.cs
+++ b/BinaryObjectScanner/Packer/GkWareSFX.cs
@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
//
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
if (name.OptionalContains("GkWare Self extractor"))
return "GkWare SFX";
diff --git a/BinaryObjectScanner/Packer/InstallAnywhere.cs b/BinaryObjectScanner/Packer/InstallAnywhere.cs
index a2d0cb22..dfcbf2dc 100644
--- a/BinaryObjectScanner/Packer/InstallAnywhere.cs
+++ b/BinaryObjectScanner/Packer/InstallAnywhere.cs
@@ -11,7 +11,7 @@ namespace BinaryObjectScanner.Packer
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
if (name.OptionalStartsWith("InstallAnywhere Self Extractor", StringComparison.OrdinalIgnoreCase))
return $"InstallAnywhere {GetVersion(exe)}";
diff --git a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs
index 82ee3370..d241f469 100644
--- a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs
+++ b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs
@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase)
|| name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase))
{
diff --git a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs
index 6ab0b19c..60d6bb06 100644
--- a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs
+++ b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs
@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.InternalName;
+ string? name = exe.InternalName;
if (name.OptionalEquals("Wextract", StringComparison.OrdinalIgnoreCase))
return $"Microsoft CAB SFX {GetVersion(exe)}";
diff --git a/BinaryObjectScanner/Packer/NSIS.cs b/BinaryObjectScanner/Packer/NSIS.cs
index 4d28a657..289d9ed0 100644
--- a/BinaryObjectScanner/Packer/NSIS.cs
+++ b/BinaryObjectScanner/Packer/NSIS.cs
@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.AssemblyDescription;
+ string? name = exe.AssemblyDescription;
if (name.OptionalStartsWith("Nullsoft Install System"))
return $"NSIS {name!.Substring("Nullsoft Install System".Length).Trim()}";
diff --git a/BinaryObjectScanner/Packer/SetupFactory.cs b/BinaryObjectScanner/Packer/SetupFactory.cs
index c3f0a69c..04a2680a 100644
--- a/BinaryObjectScanner/Packer/SetupFactory.cs
+++ b/BinaryObjectScanner/Packer/SetupFactory.cs
@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Known to detect versions 7.0.5.1 - 9.1.0.0
- var name = exe.LegalCopyright;
+ string? name = exe.LegalCopyright;
if (name.OptionalStartsWith("Setup Engine", StringComparison.OrdinalIgnoreCase))
return $"Setup Factory {GetVersion(exe)}";
diff --git a/BinaryObjectScanner/Packer/SmartInstallMaker.cs b/BinaryObjectScanner/Packer/SmartInstallMaker.cs
index 7a2ea774..a40a011c 100644
--- a/BinaryObjectScanner/Packer/SmartInstallMaker.cs
+++ b/BinaryObjectScanner/Packer/SmartInstallMaker.cs
@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
//
- var name = exe.AssemblyDescription;
+ string? name = exe.AssemblyDescription;
if (name.OptionalContains("Smart Install Maker"))
return "Smart Install Maker";
diff --git a/BinaryObjectScanner/Packer/SpoonInstaller.cs b/BinaryObjectScanner/Packer/SpoonInstaller.cs
index 16e11bb4..ed948d50 100644
--- a/BinaryObjectScanner/Packer/SpoonInstaller.cs
+++ b/BinaryObjectScanner/Packer/SpoonInstaller.cs
@@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
//
- var name = exe.AssemblyDescription;
+ string? name = exe.AssemblyDescription;
if (name.OptionalEquals("Spoon Installer"))
return "Spoon Installer";
diff --git a/BinaryObjectScanner/Packer/WinRARSFX.cs b/BinaryObjectScanner/Packer/WinRARSFX.cs
index bd4030b9..bc444c6f 100644
--- a/BinaryObjectScanner/Packer/WinRARSFX.cs
+++ b/BinaryObjectScanner/Packer/WinRARSFX.cs
@@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Packer
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.AssemblyDescription;
+ string? name = exe.AssemblyDescription;
if (name.OptionalContains("WinRAR archiver"))
return "WinRAR SFX";
diff --git a/BinaryObjectScanner/Protection/ByteShield.cs b/BinaryObjectScanner/Protection/ByteShield.cs
index 271c4906..656f7dae 100644
--- a/BinaryObjectScanner/Protection/ByteShield.cs
+++ b/BinaryObjectScanner/Protection/ByteShield.cs
@@ -42,28 +42,33 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Found in "LineRider2.exe" in Redump entry 6236
- var name = exe.FileDescription;
if (name.OptionalEquals("ByteShield Client"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
- // Found in "LineRider2.exe" in Redump entry 6236
name = exe.InternalName;
+
+ // Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
- // Found in "LineRider2.exe" in Redump entry 6236
name = exe.OriginalFilename;
+
+ // Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield.EXE"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
- // Found in "LineRider2.exe" in Redump entry 6236
name = exe.ProductName;
+
+ // Found in "LineRider2.exe" in Redump entry 6236
if (name.OptionalEquals("ByteShield Client"))
return $"ByteShield Activation Client {exe.GetInternalVersion()}";
- // Found in "ByteShield.dll" in Redump entry 6236
name = exe.ExportTable?.ExportDirectoryTable?.Name;
+
+ // Found in "ByteShield.dll" in Redump entry 6236
if (name.OptionalEquals("ByteShield Client"))
return "ByteShield Component Module";
diff --git a/BinaryObjectScanner/Protection/CDCheck.cs b/BinaryObjectScanner/Protection/CDCheck.cs
index b08754f8..3e1f9162 100644
--- a/BinaryObjectScanner/Protection/CDCheck.cs
+++ b/BinaryObjectScanner/Protection/CDCheck.cs
@@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.Comments;
+ string? name = exe.Comments;
if (name.OptionalContains("CDCheck utlity for Microsoft Game Studios"))
return "Microsoft Game Studios CD Check";
diff --git a/BinaryObjectScanner/Protection/CDDVDCops.cs b/BinaryObjectScanner/Protection/CDDVDCops.cs
index 8f1c71fa..a990936e 100644
--- a/BinaryObjectScanner/Protection/CDDVDCops.cs
+++ b/BinaryObjectScanner/Protection/CDDVDCops.cs
@@ -181,7 +181,7 @@ namespace BinaryObjectScanner.Protection
// Found in "bib.dll" in IA item "https://archive.org/details/cover_202501"
// This contains the version section that the Content Check looked for. There are likely other sections
// that may contain it. Update when more are found.
- var strs = exe.GetFirstSectionStrings("DATA");
+ var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");
if (strs != null)
{
var match = strs.Find(s => s.Contains(" ver. ") && (s.Contains("CD-Cops, ") || s.Contains("DVD-Cops, ")));
diff --git a/BinaryObjectScanner/Protection/CDKey.cs b/BinaryObjectScanner/Protection/CDKey.cs
index c49b62e5..8dbf6af2 100644
--- a/BinaryObjectScanner/Protection/CDKey.cs
+++ b/BinaryObjectScanner/Protection/CDKey.cs
@@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.InternalName;
+ string? name = exe.InternalName;
+
if (name.OptionalEquals("CDKey", StringComparison.OrdinalIgnoreCase))
return "CD-Key / Serial";
diff --git a/BinaryObjectScanner/Protection/Channelware.cs b/BinaryObjectScanner/Protection/Channelware.cs
index 16de028c..263b0124 100644
--- a/BinaryObjectScanner/Protection/Channelware.cs
+++ b/BinaryObjectScanner/Protection/Channelware.cs
@@ -25,8 +25,9 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.ProductName;
+
// Found in "AbeWincw.dll" in Redump entry 116358 and in "TOYSGMcw.dll" in the "TOYSTORY" installation folder from Redump entry 12354.
- var name = exe.ProductName;
if (name.OptionalEquals("ChannelWare Utilities"))
return "Channelware";
@@ -43,11 +44,13 @@ namespace BinaryObjectScanner.Protection
return "Channelware";
name = exe.FileDescription;
+
// Found in "cwuninst.exe" in the "Channelware" folder installed from Redump entry 12354.
if (name.OptionalEquals("Channelware Launcher Uninstall"))
return "Channelware";
name = exe.LegalTrademarks;
+
// Found in "CWAuto.dll" and "Upgrader.exe" in the "TOYSTORY" installation folder from Redump entry 12354.
if (name.OptionalEquals("Channelware"))
return "Channelware";
diff --git a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs
index 85013d7b..91932965 100644
--- a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs
+++ b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs
@@ -24,9 +24,10 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.ProductName;
+
// Found in "Code-Lock.ocx" in Code-Lock version 2.35.
// Also worth noting is the File Description for this file, which is "A future for you, a challenge for the rest.".
- var name = exe.ProductName;
if (name.OptionalStartsWith("Code-Lock", StringComparison.OrdinalIgnoreCase))
return $"ChosenBytes Code-Lock {exe.ProductVersion}";
diff --git a/BinaryObjectScanner/Protection/CopyKiller.cs b/BinaryObjectScanner/Protection/CopyKiller.cs
index 194cdb4a..40211748 100644
--- a/BinaryObjectScanner/Protection/CopyKiller.cs
+++ b/BinaryObjectScanner/Protection/CopyKiller.cs
@@ -20,9 +20,10 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.ProductName;
+
// TODO: Figure out why this check doesn't work.
// Found in "autorun.exe" in CopyKiller V3.64, V3.99, and V3.99a.
- var name = exe.ProductName;
if (name.OptionalStartsWith("CopyKiller", StringComparison.OrdinalIgnoreCase))
return "CopyKiller V3.64+";
diff --git a/BinaryObjectScanner/Protection/CopyX.cs b/BinaryObjectScanner/Protection/CopyX.cs
index 5f454b64..0abdb441 100644
--- a/BinaryObjectScanner/Protection/CopyX.cs
+++ b/BinaryObjectScanner/Protection/CopyX.cs
@@ -62,10 +62,6 @@ namespace BinaryObjectScanner.Protection
// Checks for Professional
// PEX checks intentionally only detect Professional
- var sections = exe.SectionTable;
- if (sections == null)
- return null;
-
if (exe.OverlayStrings != null)
{
// Checks if main executable contains reference to optgraph.dll.
diff --git a/BinaryObjectScanner/Protection/CrypKey.cs b/BinaryObjectScanner/Protection/CrypKey.cs
index 436b4d83..8be49176 100644
--- a/BinaryObjectScanner/Protection/CrypKey.cs
+++ b/BinaryObjectScanner/Protection/CrypKey.cs
@@ -38,8 +38,9 @@ namespace BinaryObjectScanner.Protection
// Get the CrypKey version from the VersionInfo, if it exists
string version = exe.GetVersionInfoString("CrypKey Version") ?? string.Empty;
+ string? name = exe.CompanyName;
+
// Found in 'cki32k.dll'
- var name = exe.CompanyName;
if (name.OptionalStartsWith("CrypKey"))
return $"CrypKey {version}".TrimEnd();
@@ -53,8 +54,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("CrypKey"))
return $"CrypKey {version}".TrimEnd();
- // Found in 'cki32k.dll'
name = exe.LegalCopyright;
+
+ // Found in 'cki32k.dll'
if (name.OptionalContains("CrypKey"))
return $"CrypKey {version}".TrimEnd();
diff --git a/BinaryObjectScanner/Protection/Denuvo.cs b/BinaryObjectScanner/Protection/Denuvo.cs
index 3d7b8af4..bc209af2 100644
--- a/BinaryObjectScanner/Protection/Denuvo.cs
+++ b/BinaryObjectScanner/Protection/Denuvo.cs
@@ -36,8 +36,9 @@ namespace BinaryObjectScanner.Protection
{
// All current checks for Denuvo Anti-Cheat come from Doom Eternal Update 1 (Steam Depot 782332, Manifest 7064393210727378308).
+ string? name = exe.FileDescription;
+
// Found in "denuvo-anti-cheat.sys".
- var name = exe.FileDescription;
if (name.OptionalEquals("Denuvo Anti-Cheat Driver", StringComparison.OrdinalIgnoreCase))
return $"Denuvo Anti-Cheat";
@@ -62,8 +63,7 @@ namespace BinaryObjectScanner.Protection
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/_denuvoComplete.2.sg
// Denuvo Protector
- if (exe.OptionalHeader?.Magic == OHMN.PE32Plus
- && exe.EntryPointData != null)
+ if (exe.OptionalHeader?.Magic == OHMN.PE32Plus && exe.EntryPointData != null)
{
byte?[] denuvoProtector =
[
@@ -84,7 +84,7 @@ namespace BinaryObjectScanner.Protection
new byte[] {
0x44, 0x65, 0x6E, 0x75, 0x76, 0x6F, 0x20, 0x54,
0x69, 0x6D, 0x69, 0x6E, 0x67,
- }, "Denuvo")
+ }, "Denuvo")
};
var timingMatch = MatchUtil.GetFirstMatch(file, exe.EntryPointData, timingMatchers, includeDebug);
diff --git a/BinaryObjectScanner/Protection/DigiGuard.cs b/BinaryObjectScanner/Protection/DigiGuard.cs
index a617b056..8fee3dd1 100644
--- a/BinaryObjectScanner/Protection/DigiGuard.cs
+++ b/BinaryObjectScanner/Protection/DigiGuard.cs
@@ -28,20 +28,23 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
- var name = exe.FileDescription;
- if (name.OptionalEquals("DigiGuard3 Client"))
- return $"DigiGuard3";
+ string? name = exe.FileDescription;
// Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
+ if (name.OptionalEquals("DigiGuard3 Client"))
+ return "DigiGuard3";
+
name = exe.LegalTrademarks;
+
+ // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
if (name.OptionalEquals("DigiGuard"))
- return $"DigiGuard";
+ return "DigiGuard";
+
+ name = exe.ProductName;
// Found in "PJS3.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588.
- name = exe.ProductName;
if (name.OptionalEquals("Greenleaf Wrapper3"))
- return $"DigiGuard";
+ return "DigiGuard";
return null;
}
diff --git a/BinaryObjectScanner/Protection/DiscGuard.cs b/BinaryObjectScanner/Protection/DiscGuard.cs
index 3ab1b441..117cf11a 100644
--- a/BinaryObjectScanner/Protection/DiscGuard.cs
+++ b/BinaryObjectScanner/Protection/DiscGuard.cs
@@ -40,8 +40,9 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
- var name = exe.FileDescription;
if (name.OptionalStartsWith("IOSLinkNT", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";
@@ -49,13 +50,15 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("TTR Technologies DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return $"DiscGuard {GetVersion(exe)}";
- // Found in "T29.dll" (Redump entry 31914).
name = exe.ProductName;
+
+ // Found in "T29.dll" (Redump entry 31914).
if (name.OptionalStartsWith("DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";
- // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
name = exe.ProductName;
+
+ // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374).
if (name.OptionalStartsWith("TTR Technologies Ltd. DiscGuard (tm)", StringComparison.OrdinalIgnoreCase))
return "DiscGuard";
diff --git a/BinaryObjectScanner/Protection/EAAntiCheat.cs b/BinaryObjectScanner/Protection/EAAntiCheat.cs
index d0cff257..e838a3a0 100644
--- a/BinaryObjectScanner/Protection/EAAntiCheat.cs
+++ b/BinaryObjectScanner/Protection/EAAntiCheat.cs
@@ -21,17 +21,20 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat"))
return "EA Anti Cheat";
name = exe.ProductName;
+
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat"))
return "EA Anti Cheat";
name = exe.InternalName;
+
// Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594).
if (!string.IsNullOrEmpty(name) && name!.Equals("skyfall"))
return "EA Anti Cheat";
diff --git a/BinaryObjectScanner/Protection/EasyAntiCheat.cs b/BinaryObjectScanner/Protection/EasyAntiCheat.cs
index a9a538d1..dce34cec 100644
--- a/BinaryObjectScanner/Protection/EasyAntiCheat.cs
+++ b/BinaryObjectScanner/Protection/EasyAntiCheat.cs
@@ -24,7 +24,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
// Found in "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam).
if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)"))
return "Easy Anti-Cheat (EOS Version)";
@@ -51,6 +52,7 @@ namespace BinaryObjectScanner.Protection
// "EasyAntiCheat Service" -> "EasyAntiCheat.exe", which is found installed in "Program Files (x86)\EasyAntiCheat" and "EasyAntiCheat_Setup.exe" ("Intruder", Update 2287, Steam).
name = exe.ProductName;
+
// Found in multiple files, including "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam) and "start_protected_game.exe" ("VRChat", Version 2022.2.2p2, Oculus).
if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)"))
return "Easy Anti-Cheat (EOS Version)";
diff --git a/BinaryObjectScanner/Protection/ElectronicArts.cs b/BinaryObjectScanner/Protection/ElectronicArts.cs
index 8f59fbd4..eecad80b 100644
--- a/BinaryObjectScanner/Protection/ElectronicArts.cs
+++ b/BinaryObjectScanner/Protection/ElectronicArts.cs
@@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalContains("EReg MFC Application"))
return $"EA CdKey Registration Module {exe.GetInternalVersion()}";
else if (name.OptionalContains("Registration code installer program"))
@@ -18,6 +19,7 @@ namespace BinaryObjectScanner.Protection
return $"EA DRM Protection {exe.GetInternalVersion()}";
name = exe.InternalName;
+
if (name.OptionalEquals("CDCode", StringComparison.Ordinal))
return $"EA CdKey Registration Module {exe.GetInternalVersion()}";
diff --git a/BinaryObjectScanner/Protection/GFWL.cs b/BinaryObjectScanner/Protection/GFWL.cs
index 27ba7aa2..e15bd539 100644
--- a/BinaryObjectScanner/Protection/GFWL.cs
+++ b/BinaryObjectScanner/Protection/GFWL.cs
@@ -13,7 +13,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalStartsWith("Games for Windows - LIVE Zero Day Piracy Protection", StringComparison.OrdinalIgnoreCase))
return $"Games for Windows LIVE - Zero Day Piracy Protection Module {exe.GetInternalVersion()}";
else if (name.OptionalStartsWith("Games for Windows", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/HexalockAutoLock.cs b/BinaryObjectScanner/Protection/HexalockAutoLock.cs
index 56eecf32..58b2e04d 100644
--- a/BinaryObjectScanner/Protection/HexalockAutoLock.cs
+++ b/BinaryObjectScanner/Protection/HexalockAutoLock.cs
@@ -34,9 +34,10 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// TODO: Fix the following checks, as this information is visible via Windows Explorer but isn't currently being seen by BOS.
// Found in "HCPSMng.exe".
- var name = exe.FileDescription;
if (name.OptionalStartsWith("HCPS Manager", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
@@ -44,8 +45,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalStartsWith("HCPS Loader", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
- // Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe".
name = exe.ProductName;
+
+ // Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe".
if (name.OptionalStartsWith("HCPS", StringComparison.OrdinalIgnoreCase))
return $"Hexalock AutoLock 4.5";
@@ -57,7 +59,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
-
+
// Get the code/CODE section strings, if they exist
strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE");
if (strs != null)
@@ -66,7 +68,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
-
+
// Get the UPX1 section strings, if they exist
strs = exe.GetFirstSectionStrings("UPX1");
if (strs != null)
@@ -75,7 +77,7 @@ namespace BinaryObjectScanner.Protection
if (strs.Exists(s => s.Contains("mfint.dll")))
return "Hexalock Autolock";
}
-
+
return null;
}
diff --git a/BinaryObjectScanner/Protection/ImpulseReactor.cs b/BinaryObjectScanner/Protection/ImpulseReactor.cs
index 54f504af..54f60d23 100644
--- a/BinaryObjectScanner/Protection/ImpulseReactor.cs
+++ b/BinaryObjectScanner/Protection/ImpulseReactor.cs
@@ -15,15 +15,18 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalContains("ImpulseReactor Dynamic Link Library"))
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
name = exe.ProductName;
+
if (name.OptionalContains("ImpulseReactor Dynamic Link Library"))
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
name = exe.OriginalFilename;
+
if (name.OptionalContains("ReactorActivate.exe"))
return $"Stardock Product Activation {exe.GetInternalVersion()}";
@@ -45,7 +48,7 @@ namespace BinaryObjectScanner.Protection
if (containsCheck && containsCheck2)
return $"Impulse Reactor Core Module {exe.GetInternalVersion()}";
else if (containsCheck && !containsCheck2)
- return $"Impulse Reactor";
+ return "Impulse Reactor";
return null;
}
diff --git a/BinaryObjectScanner/Protection/JoWood.cs b/BinaryObjectScanner/Protection/JoWood.cs
index d557a9e4..77eafa77 100644
--- a/BinaryObjectScanner/Protection/JoWood.cs
+++ b/BinaryObjectScanner/Protection/JoWood.cs
@@ -50,13 +50,11 @@ namespace BinaryObjectScanner.Protection
}
// Get the HC09 section, if it exists
- bool hc09Section = exe.ContainsSection("HC09 ", exact: true);
- if (hc09Section)
+ if (exe.ContainsSection("HC09 ", exact: true))
return "JoWood X-Prot v2"; // TODO: Can we get more granular with the version?
// Get the XPROT section, if it exists
- var xprotSection = exe.ContainsSection("XPROT ", exact: true);
- if (xprotSection)
+ if (exe.ContainsSection("XPROT ", exact: true))
return "JoWood X-Prot v1.4+"; // TODO: Can we get more granular with the version?
return null;
diff --git a/BinaryObjectScanner/Protection/KalypsoLauncher.cs b/BinaryObjectScanner/Protection/KalypsoLauncher.cs
index 55154093..d944dda2 100644
--- a/BinaryObjectScanner/Protection/KalypsoLauncher.cs
+++ b/BinaryObjectScanner/Protection/KalypsoLauncher.cs
@@ -26,7 +26,7 @@ namespace BinaryObjectScanner.Protection
// TODO: Investigate if there are any viable checks for the game EXE itself.
// "Styx" is found as the File Description and Product Name in "KalypsoLauncher.dll", but checks aren't included due to the risk of false positives.
- var name = exe.InternalName;
+ string? name = exe.InternalName;
// Found in "KalypsoLauncher.dll" in Redump entry 95617.
if (name.OptionalContains("KalypsoLauncher.dll"))
diff --git a/BinaryObjectScanner/Protection/LabelGate.cs b/BinaryObjectScanner/Protection/LabelGate.cs
index 332c6041..e5c66c45 100644
--- a/BinaryObjectScanner/Protection/LabelGate.cs
+++ b/BinaryObjectScanner/Protection/LabelGate.cs
@@ -21,14 +21,16 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Should be present on all LabelGate CD2 discs (Redump entry 95010 and product ID SVWC-7185).
- var name = exe.FileDescription;
if (name.OptionalStartsWith("MAGIQLIP2 Installer", StringComparison.OrdinalIgnoreCase))
- return $"LabelGate CD2 Media Player";
+ return "LabelGate CD2 Media Player";
name = exe.ProductName;
+
if (name.OptionalStartsWith("MQSTART", StringComparison.OrdinalIgnoreCase))
- return $"LabelGate CD2 Media Player";
+ return "LabelGate CD2 Media Player";
// Get the .data/DATA section strings, if they exist
var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");
diff --git a/BinaryObjectScanner/Protection/MGIRegistration.cs b/BinaryObjectScanner/Protection/MGIRegistration.cs
index 09de95a7..45ec6684 100644
--- a/BinaryObjectScanner/Protection/MGIRegistration.cs
+++ b/BinaryObjectScanner/Protection/MGIRegistration.cs
@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.ProductName;
+ string? name = exe.ProductName;
// Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001".
if (name.OptionalEquals("MGI Registration Utility", StringComparison.Ordinal))
diff --git a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs
index 3a89f236..c43268f6 100644
--- a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs
@@ -62,7 +62,7 @@ namespace BinaryObjectScanner.Protection
///
internal static string? CDillaCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
// Found in in "cdilla52.dll" from C-Dilla LMS version 3.24.010.
if (name.OptionalEquals("32-bit C-Dilla DLL", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs
index 42086452..b29b6f80 100644
--- a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs
@@ -47,10 +47,11 @@ namespace BinaryObjectScanner.Protection
if (exe.FindGenericResource("CactusPJ").Count > 0)
return "PlayJ Music Player (Cactus Data Shield 200)";
+ string? name = exe.ProductName;
+
// Found in various files in "Les Paul & Friends" (Barcode 4 98806 834170).
- var name = exe.ProductName;
if (name.OptionalEquals("CDS300", StringComparison.OrdinalIgnoreCase))
- return $"Cactus Data Shield 300";
+ return "Cactus Data Shield 300";
return null;
}
diff --git a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs
index 4eb21536..e519104d 100644
--- a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs
@@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection
///
internal static string? FLEXnetCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.ProductName;
+ string? name = exe.ProductName;
// Found in "IsSvcInstDanceEJay7.dll" in IA item "computer200709dvd" (Dance eJay 7).
if (name.OptionalEquals("FLEXnet Activation Toolkit", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs
index 8e17d6c4..42415b58 100644
--- a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs
@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
-using System.IO;
using SabreTools.Hashing;
using SabreTools.Matching;
using SabreTools.Matching.Paths;
@@ -21,31 +20,24 @@ namespace BinaryObjectScanner.Protection
///
internal static string? RipGuardCheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
- var name = exe.FileDescription;
if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
- // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
name = exe.ProductName;
+
+ // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970).
if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase))
return "RipGuard";
- if (!string.IsNullOrEmpty(file) && File.Exists(file))
+ // So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash.
+ if (exe.Length == 49_152)
{
- try
- {
- var fi = new FileInfo(file);
-
- // So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash.
- if (fi.Length == 49_152)
- {
- var sha1 = HashTool.GetFileHash(file, HashType.SHA1);
- if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase))
- return "RipGuard";
- }
- }
- catch { }
+ var sha1 = HashTool.GetFileHash(file, HashType.SHA1);
+ if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase))
+ return "RipGuard";
}
return null;
diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs
index b226c82f..6c7e706b 100644
--- a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs
@@ -97,23 +97,24 @@ namespace BinaryObjectScanner.Protection
return "SafeCast";
}
+ string? name = exe.FileDescription;
+
// Found in "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)".
- var name = exe.FileDescription;
if (name.OptionalEquals("SafeCast2", StringComparison.OrdinalIgnoreCase))
return "SafeCast";
// Found in "cdac01ba.dll" from IA item "ejay_nestle_trial".
// TODO: Figure out a reasonable way to parse version.
if (name.OptionalEquals("CdaC01BA", StringComparison.OrdinalIgnoreCase))
- return $"SafeCast";
+ return "SafeCast";
// Found in "C2CDEL.EXE" in IA item "britney-spears-special-edition-cd-rom".
if (name.OptionalEquals("32-bit SafeCast Copy To Clear Delete", StringComparison.OrdinalIgnoreCase))
- return $"SafeCast";
+ return "SafeCast";
// Found in "C2C.DLL" in IA item "britney-spears-special-edition-cd-rom".
if (name.OptionalEquals("32-bit SafeCast Shell Copy To Clear DLL", StringComparison.OrdinalIgnoreCase))
- return $"SafeCast";
+ return "SafeCast";
// Found in "SCRfrsh.exe" in Redump entry 102979.
if (name.OptionalEquals("32-bit SafeCast Toolkit", StringComparison.OrdinalIgnoreCase))
@@ -121,14 +122,15 @@ namespace BinaryObjectScanner.Protection
// Found in "CDAC14BA.DLL" in Redump entry 95524.
if (name.OptionalEquals("32-bit SafeCast Anchor Installer", StringComparison.OrdinalIgnoreCase))
- return $"SafeCast";
+ return "SafeCast";
// Found in "CDAC21BA.DLL" in Redump entry 95524.
if (name.OptionalEquals("32-bit CdaC20BA", StringComparison.OrdinalIgnoreCase))
- return $"SafeCast";
+ return "SafeCast";
+
+ name = exe.ProductName;
// Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)".
- name = exe.ProductName;
if (name.OptionalEquals("SafeCast Windows NT", StringComparison.OrdinalIgnoreCase))
return "SafeCast";
diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
index 81d6c0ee..2eba649b 100644
--- a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
@@ -81,7 +81,8 @@ namespace BinaryObjectScanner.Protection
return "Macrovision SecDrv Update Installer";
}
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
// Present in "Diag.exe" files from SafeDisc 4.50.000+.
if (name.OptionalEquals("SafeDisc SRV Tool APP", StringComparison.OrdinalIgnoreCase))
return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(exe)}";
@@ -90,8 +91,9 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase))
return "Macrovision SecDrv Update Installer";
- // Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
name = exe.ProductName;
+
+ // Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
if (name.OptionalEquals("SafeDisc CDROM Protection System", StringComparison.OrdinalIgnoreCase))
return "SafeDisc 1.00.025-1.01.044";
@@ -109,9 +111,10 @@ namespace BinaryObjectScanner.Protection
else if (name.OptionalEquals("SafeDisc AuthServ APP", StringComparison.OrdinalIgnoreCase))
return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(exe)}";
+ name = exe.FileDescription;
+
// Present on all "CLOKSPL.EXE" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004.
// Only found so far on SafeDisc 1.00.025-1.01.044, but the report is currently left generic due to the generic nature of the check.
- name = exe.FileDescription;
if (name.OptionalEquals("SafeDisc", StringComparison.OrdinalIgnoreCase))
return "SafeDisc";
diff --git a/BinaryObjectScanner/Protection/Macrovision.cs b/BinaryObjectScanner/Protection/Macrovision.cs
index c201f56f..ef2de13f 100644
--- a/BinaryObjectScanner/Protection/Macrovision.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.cs
@@ -47,7 +47,7 @@ namespace BinaryObjectScanner.Protection
var resultsList = new List();
// Check for generic indications of Macrovision protections first.
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
// Present in "secdrv.sys" files found in SafeDisc 2.80.010+.
if (name.OptionalEquals("Macrovision SECURITY Driver", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/MediaCloQ.cs b/BinaryObjectScanner/Protection/MediaCloQ.cs
index 8ec158a3..4a57287e 100644
--- a/BinaryObjectScanner/Protection/MediaCloQ.cs
+++ b/BinaryObjectScanner/Protection/MediaCloQ.cs
@@ -18,15 +18,17 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
- var name = exe.FileDescription;
- if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase))
- return $"MediaCloQ";
+ string? name = exe.FileDescription;
// Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
+ if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase))
+ return "MediaCloQ";
+
name = exe.ProductName;
+
+ // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4").
if (name.OptionalStartsWith("scvfy Application", StringComparison.OrdinalIgnoreCase))
- return $"MediaCloQ";
+ return "MediaCloQ";
return null;
}
diff --git a/BinaryObjectScanner/Protection/MediaMax.cs b/BinaryObjectScanner/Protection/MediaMax.cs
index d39f9f5b..47f2a627 100644
--- a/BinaryObjectScanner/Protection/MediaMax.cs
+++ b/BinaryObjectScanner/Protection/MediaMax.cs
@@ -18,12 +18,14 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Used to detect "LicGen.exe", found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6)
- var name = exe.FileDescription;
if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase))
return $"MediaMax CD-3";
name = exe.ProductName;
+
if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase))
return $"MediaMax CD-3";
diff --git a/BinaryObjectScanner/Protection/NEACProtect.cs b/BinaryObjectScanner/Protection/NEACProtect.cs
index 395138bc..9c5f3a63 100644
--- a/BinaryObjectScanner/Protection/NEACProtect.cs
+++ b/BinaryObjectScanner/Protection/NEACProtect.cs
@@ -31,7 +31,7 @@ namespace BinaryObjectScanner.Protection
if (exe.ContainsSection(".neac0", exact: true) || exe.ContainsSection(".neac1", exact: true))
return "NEAC Protect";
- var name = exe.ProductName;
+ string? name = exe.ProductName;
// Found in "NeacSafe64.sys" and "NeacSafe.sys".
// TODO: Fix Product Name not being properly grabbed from the file.
diff --git a/BinaryObjectScanner/Protection/NProtect.cs b/BinaryObjectScanner/Protection/NProtect.cs
index 14662929..fba6f843 100644
--- a/BinaryObjectScanner/Protection/NProtect.cs
+++ b/BinaryObjectScanner/Protection/NProtect.cs
@@ -35,7 +35,7 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Investigate if there are any viable checks for the game EXE itself.
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
// Found in "GameGuard.des" in Redump entry 90526 and 99598, and "Soulworker" (Steam Depot 1377581, Manifest 5092481117079359342).
if (name.OptionalContains("nProtect GameGuard Launcher"))
diff --git a/BinaryObjectScanner/Protection/OnlineRegistration.cs b/BinaryObjectScanner/Protection/OnlineRegistration.cs
index 28985237..7ee449c6 100644
--- a/BinaryObjectScanner/Protection/OnlineRegistration.cs
+++ b/BinaryObjectScanner/Protection/OnlineRegistration.cs
@@ -9,8 +9,9 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.InternalName;
+
// TODO: Is this too broad in general?
- var name = exe.InternalName;
if (name.OptionalStartsWith("EReg", StringComparison.OrdinalIgnoreCase))
return $"Executable-Based Online Registration {exe.GetInternalVersion()}";
diff --git a/BinaryObjectScanner/Protection/OpenMG.cs b/BinaryObjectScanner/Protection/OpenMG.cs
index b3d30f3f..ee07757b 100644
--- a/BinaryObjectScanner/Protection/OpenMG.cs
+++ b/BinaryObjectScanner/Protection/OpenMG.cs
@@ -19,41 +19,43 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.LegalTrademarks;
+
// Found in many different OpenMG related files ("Touch" by Amerie).
- var name = exe.LegalTrademarks;
if (name.OptionalStartsWith("OpenMG", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
+
+ name = exe.FileDescription;
// Found in "OMGDBP.OCX" ("Touch" by Amerie).
- name = exe.FileDescription;
if (name.OptionalStartsWith("LGDiscComp Module", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "OMGDWRAP.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("LGDSimplePlayer Module", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "OMGLGD.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("omglgd Module", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "OMGUTILS.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("OpenMG Utility", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "SALWRAP.DLL" ("Touch" by Amerie).
if (name.OptionalStartsWith("Secure Application Loader Wrapper", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "SDKHM.DLL" ("Touch" by Amerie).
// Not every copy of this file has this File Description (Redump entry 95010).
if (name.OptionalStartsWith("SDKHM (KEEP)", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
// Found in "SDKHM.EXE" ("Touch" by Amerie).
// Not every copy of this file has this File Description (Redump entry 95010).
if (name.OptionalStartsWith("SDKHM (KEPT)", StringComparison.OrdinalIgnoreCase))
- return $"OpenMG";
+ return "OpenMG";
return null;
}
diff --git a/BinaryObjectScanner/Protection/Origin.cs b/BinaryObjectScanner/Protection/Origin.cs
index 270c5348..3e45620e 100644
--- a/BinaryObjectScanner/Protection/Origin.cs
+++ b/BinaryObjectScanner/Protection/Origin.cs
@@ -12,11 +12,13 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase))
return "Origin";
name = exe.ProductName;
+
if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase))
return "Origin";
diff --git a/BinaryObjectScanner/Protection/PlayJ.cs b/BinaryObjectScanner/Protection/PlayJ.cs
index 9008cf17..e835aeef 100644
--- a/BinaryObjectScanner/Protection/PlayJ.cs
+++ b/BinaryObjectScanner/Protection/PlayJ.cs
@@ -16,20 +16,23 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
- var name = exe.FileDescription;
if (name.OptionalStartsWith("PlayJ Music Player", StringComparison.OrdinalIgnoreCase))
- return $"PlayJ Music Player";
+ return "PlayJ Music Player";
+
+ name = exe.FileDescription;
// Found in "PJSTREAM.DLL" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
- name = exe.FileDescription;
if (name.OptionalStartsWith("EVAUX32 Module", StringComparison.OrdinalIgnoreCase))
- return $"PlayJ Music Player Component";
+ return "PlayJ Music Player Component";
+
+ name = exe.ProductName;
// Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])).
- name = exe.ProductName;
if (name.OptionalStartsWith("PlayJ", StringComparison.OrdinalIgnoreCase))
- return $"PlayJ";
+ return "PlayJ";
return null;
}
diff --git a/BinaryObjectScanner/Protection/RainbowSentinel.cs b/BinaryObjectScanner/Protection/RainbowSentinel.cs
index a87afea5..c0faf598 100644
--- a/BinaryObjectScanner/Protection/RainbowSentinel.cs
+++ b/BinaryObjectScanner/Protection/RainbowSentinel.cs
@@ -131,7 +131,7 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", "SNTI386.DLL", and "SX32W.DL_"/"SX32W.DLL" aren't getting read properly, causing checks for these files to not work.
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
// Found in "RNBOVTMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
if (name.OptionalEquals("Rainbow Technologies Virtual Device Driver", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/RealArcade.cs b/BinaryObjectScanner/Protection/RealArcade.cs
index 05ab809f..f804e876 100644
--- a/BinaryObjectScanner/Protection/RealArcade.cs
+++ b/BinaryObjectScanner/Protection/RealArcade.cs
@@ -18,8 +18,14 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- // Get the .data section strings, if they exist
- var strs = exe.GetFirstSectionStrings(".data");
+ string? name = exe.FileDescription;
+
+ // Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA".
+ if (name.OptionalContains("RngInterstitial"))
+ return "RealArcade";
+
+ // Get the .data/DATA section strings, if they exist
+ var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA");
if (strs != null)
{
// Found in "rebound.exe" in the installation directory for "Rebound" in IA item "Nova_RealArcadeCD_USA".
@@ -27,11 +33,6 @@ namespace BinaryObjectScanner.Protection
return "RealArcade";
}
- // Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA".
- var name = exe.FileDescription;
- if (name.OptionalContains("RngInterstitial"))
- return "RealArcade";
-
return null;
}
diff --git a/BinaryObjectScanner/Protection/SecuROM.cs b/BinaryObjectScanner/Protection/SecuROM.cs
index d266254b..4b954311 100644
--- a/BinaryObjectScanner/Protection/SecuROM.cs
+++ b/BinaryObjectScanner/Protection/SecuROM.cs
@@ -116,7 +116,7 @@ namespace BinaryObjectScanner.Protection
}
// Alf.dll
- var name = exe.ProductName;
+ string? name = exe.ProductName;
if (name.OptionalEquals("DFA Unlock Dll"))
return $"SecuROM DFA Unlock v{exe.GetInternalVersion()}";
@@ -453,7 +453,7 @@ namespace BinaryObjectScanner.Protection
///
private static string? CheckProductActivation(PortableExecutable exe)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
if (name.OptionalContains("SecuROM PA"))
return $"SecuROM Product Activation v{exe.GetInternalVersion()}";
diff --git a/BinaryObjectScanner/Protection/SmartE.cs b/BinaryObjectScanner/Protection/SmartE.cs
index 52052c8e..c46b76be 100644
--- a/BinaryObjectScanner/Protection/SmartE.cs
+++ b/BinaryObjectScanner/Protection/SmartE.cs
@@ -11,9 +11,11 @@ namespace BinaryObjectScanner.Protection
{
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.InternalName;
+
// Only works on stub generated from running the program yourself
- if (exe.InternalName.OptionalEquals("SmarteSECURE"))
- return "SmartE";
+ if (name.OptionalEquals("SmarteSECURE"))
+ return "SmartE";
var sections = exe.SectionTable ?? [];
diff --git a/BinaryObjectScanner/Protection/SoftLock.cs b/BinaryObjectScanner/Protection/SoftLock.cs
index 90f9bbb8..c051aec4 100644
--- a/BinaryObjectScanner/Protection/SoftLock.cs
+++ b/BinaryObjectScanner/Protection/SoftLock.cs
@@ -16,13 +16,15 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.InternalName;
+
// Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
- var name = exe.InternalName;
if (name.OptionalEquals("Softlock Protected Application"))
return "SoftLock";
- // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
name = exe.Comments;
+
+ // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP"
if (name.OptionalEquals("Softlock Protected Application"))
return "SoftLock";
@@ -56,8 +58,8 @@ namespace BinaryObjectScanner.Protection
// and dialog boxes. See if any of those are unique to SoftLock.
// Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP"
- var strings = exe.GetFirstSectionStrings(".section") ?? [];
- if (strings.Exists(s => s.Contains("SOFTLOCKPROTECTION")))
+ var strs = exe.GetFirstSectionStrings(".section") ?? [];
+ if (strs.Exists(s => s.Contains("SOFTLOCKPROTECTION")))
return "SoftLock";
// Investigate if the ".section" section is an indicator of SoftLock
diff --git a/BinaryObjectScanner/Protection/SolidShield.cs b/BinaryObjectScanner/Protection/SolidShield.cs
index 83c5aa6d..58edd3d5 100644
--- a/BinaryObjectScanner/Protection/SolidShield.cs
+++ b/BinaryObjectScanner/Protection/SolidShield.cs
@@ -17,7 +17,8 @@ namespace BinaryObjectScanner.Protection
{
// TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166.
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalStartsWith("DVM Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield {exe.GetInternalVersion()}";
@@ -36,9 +37,9 @@ namespace BinaryObjectScanner.Protection
return $"SolidShield {GetInternalVersion(exe)}";
name = exe.ProductName;
+
if (name.OptionalStartsWith("Solidshield Activation Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield Core.dll {exe.GetInternalVersion()}";
-
else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase))
return $"SolidShield Core.dll {exe.GetInternalVersion()}";
diff --git a/BinaryObjectScanner/Protection/StarForce.cs b/BinaryObjectScanner/Protection/StarForce.cs
index ceb6525e..35d9fd4f 100644
--- a/BinaryObjectScanner/Protection/StarForce.cs
+++ b/BinaryObjectScanner/Protection/StarForce.cs
@@ -19,9 +19,7 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- #region File Description
-
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
// There are some File Description checks that are currently too generic to use.
// "Host Library" - Found in "protect.dll" in Redump entry 81756.
@@ -30,7 +28,7 @@ namespace BinaryObjectScanner.Protection
// Found in "sfdrvrem.exe" in Redump entry 102677.
if (name.OptionalContains("FrontLine Drivers Removal Tool"))
- return $"StarForce FrontLine Driver Removal Tool";
+ return "StarForce FrontLine Driver Removal Tool";
// Found in "protect.exe" in Redump entry 94805.
if (name.OptionalContains("FrontLine Protection GUI Application"))
@@ -46,27 +44,21 @@ namespace BinaryObjectScanner.Protection
// TODO: Find a sample of this check.
if (name.OptionalContains("Protected Module"))
- return $"StarForce 5";
-
- #endregion
-
- #region Legal Copyright
+ return "StarForce 5";
name = exe.LegalCopyright;
+
if (name.OptionalStartsWith("(c) Protection Technology")) // (c) Protection Technology (StarForce)?
return $"StarForce {exe.GetInternalVersion()}";
else if (name.OptionalContains("Protection Technology")) // Protection Technology (StarForce)?
return $"StarForce {exe.GetInternalVersion()}";
- #endregion
-
- #region Trade Name
+ name = exe.TradeName;
// FrontLine ProActive (digital activation), samples:
// https://dbox.tools/titles/pc/46450FA4/
// https://dbox.tools/titles/pc/4F430FA0/
// https://dbox.tools/titles/pc/53450FA1/
- name = exe.TradeName;
if (name.OptionalContains("FL ProActive"))
return "FrontLine ProActive";
@@ -75,10 +67,6 @@ namespace BinaryObjectScanner.Protection
if (name.OptionalContains("SF Crypto"))
return "StarForce Crypto";
- #endregion
-
- #region Internal Name
-
// TODO: Decide if internal name checks are safe to use.
name = exe.InternalName;
@@ -98,8 +86,6 @@ namespace BinaryObjectScanner.Protection
// else if (name.OptionalEquals("protect.exe", StringComparison.Ordinal))
// return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}";
- #endregion
-
// Check the export name table
if (exe.ExportTable?.ExportNameTable?.Strings != null)
{
diff --git a/BinaryObjectScanner/Protection/Steam.cs b/BinaryObjectScanner/Protection/Steam.cs
index 9a3dacfe..ffef425a 100644
--- a/BinaryObjectScanner/Protection/Steam.cs
+++ b/BinaryObjectScanner/Protection/Steam.cs
@@ -11,7 +11,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalContains("Steam Autorun Setup"))
return "Steam";
else if (name.OptionalContains("Steam Client API"))
@@ -22,6 +23,7 @@ namespace BinaryObjectScanner.Protection
return "Steam";
name = exe.ProductName;
+
if (name.OptionalContains("Steam Autorun Setup"))
return "Steam";
else if (name.OptionalContains("Steam Client API"))
diff --git a/BinaryObjectScanner/Protection/Tages.cs b/BinaryObjectScanner/Protection/Tages.cs
index 5756c3a8..eea4c726 100644
--- a/BinaryObjectScanner/Protection/Tages.cs
+++ b/BinaryObjectScanner/Protection/Tages.cs
@@ -24,13 +24,15 @@ namespace BinaryObjectScanner.Protection
// - TagesClient.exe
// - TagesClient.dat (Does not always exist)
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalStartsWith("TagesSetup", StringComparison.OrdinalIgnoreCase))
return $"TAGES Driver Setup {GetVersion(exe)}";
else if (name.OptionalStartsWith("Tagès activation client", StringComparison.OrdinalIgnoreCase))
return $"TAGES Activation Client {GetVersion(exe)}";
name = exe.ProductName;
+
if (name.OptionalStartsWith("Application TagesSetup", StringComparison.OrdinalIgnoreCase))
return $"TAGES Driver Setup {GetVersion(exe)}";
else if (name.OptionalStartsWith("T@GES", StringComparison.OrdinalIgnoreCase))
diff --git a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs
index bf9bac54..e58f8d57 100644
--- a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs
+++ b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs
@@ -10,9 +10,9 @@ namespace BinaryObjectScanner.Protection
{
// Check the dialog box resources
if (exe.FindDialogByTitle("321Studios Activation").Count > 0)
- return $"321Studios Online Activation";
+ return "321Studios Online Activation";
else if (exe.FindDialogByTitle("321Studios Phone Activation").Count > 0)
- return $"321Studios Online Activation";
+ return "321Studios Online Activation";
return null;
}
diff --git a/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs b/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs
index a9c2003f..d069af82 100644
--- a/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs
+++ b/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs
@@ -23,31 +23,36 @@ namespace BinaryObjectScanner.Protection
// TODO: Add version number finding
// TODO: Come to an agreement as to what the version should be
+ string? name = exe.CompanyName;
+
// Found in Redump entry 114428
// Found in Alpha Protocol -- TODO: Get Redump ID(s)
- var name = exe.CompanyName;
if (name.OptionalStartsWith("Uniloc USA"))
return "Uniloc SoftAnchor";
- // Found in Alpha Protocol -- TODO: Get Redump ID(s)
name = exe.InternalName;
+
+ // Found in Alpha Protocol -- TODO: Get Redump ID(s)
if (name.OptionalStartsWith("saAudit"))
return "Uniloc SoftAnchor";
- // Found in Redump entry 114428
name = exe.LegalCopyright;
+
+ // Found in Redump entry 114428
if (name.OptionalContains("Uniloc"))
return "Uniloc SoftAnchor";
- // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
name = exe.OriginalFilename;
+
+ // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
if (name.OptionalEquals("saAudit.dll"))
return "Uniloc SoftAnchor";
if (name.OptionalEquals("saui.dll"))
return "Uniloc SoftAnchor";
- // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
name = exe.ProductName;
+
+ // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010
if (name.OptionalStartsWith("saAudit"))
return "Uniloc SoftAnchor";
diff --git a/BinaryObjectScanner/Protection/Uplay.cs b/BinaryObjectScanner/Protection/Uplay.cs
index 9994845b..35f1fe4f 100644
--- a/BinaryObjectScanner/Protection/Uplay.cs
+++ b/BinaryObjectScanner/Protection/Uplay.cs
@@ -14,7 +14,8 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalContains("Ubisoft Connect Installer"))
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Ubisoft Connect Service"))
@@ -29,9 +30,10 @@ namespace BinaryObjectScanner.Protection
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Uplay launcher"))
return "Uplay / Ubisoft Connect";
+
+ name = exe.ProductName;
// There's also a variant that looks like "Uplay installer"
- name = exe.ProductName;
if (name.OptionalContains("Ubisoft Connect"))
return "Uplay / Ubisoft Connect";
else if (name.OptionalContains("Uplay"))
diff --git a/BinaryObjectScanner/Protection/WMDS.cs b/BinaryObjectScanner/Protection/WMDS.cs
index 8d278af4..6581e541 100644
--- a/BinaryObjectScanner/Protection/WMDS.cs
+++ b/BinaryObjectScanner/Protection/WMDS.cs
@@ -18,8 +18,9 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
+ string? name = exe.FileDescription;
+
// Found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6)
- var name = exe.FileDescription;
if (name.OptionalStartsWith("Windows Media Data Session Licensing Engine", StringComparison.OrdinalIgnoreCase))
return "Windows Media Data Session DRM";
diff --git a/BinaryObjectScanner/Protection/WTMCDProtect.cs b/BinaryObjectScanner/Protection/WTMCDProtect.cs
index fe059a72..cd56bcaf 100644
--- a/BinaryObjectScanner/Protection/WTMCDProtect.cs
+++ b/BinaryObjectScanner/Protection/WTMCDProtect.cs
@@ -12,15 +12,18 @@ namespace BinaryObjectScanner.Protection
///
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
- var name = exe.FileDescription;
+ string? name = exe.FileDescription;
+
if (name.OptionalContains("Copy Protection Viewer"))
return "WTM Protection Viewer";
name = exe.LegalTrademarks;
+
if (name.OptionalContains("WTM Copy Protection"))
return "WTM Protection Viewer";
name = exe.ProductName;
+
if (name.OptionalContains("WTM Copy Protection Viewer"))
return "WTM Protection Viewer";
diff --git a/BinaryObjectScanner/Protection/XCP.cs b/BinaryObjectScanner/Protection/XCP.cs
index 161d8ada..8dfe05aa 100644
--- a/BinaryObjectScanner/Protection/XCP.cs
+++ b/BinaryObjectScanner/Protection/XCP.cs
@@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection
public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug)
{
// Get the .rdata section strings, if they exist
- List? strs = exe.GetFirstSectionStrings(".rdata");
+ var strs = exe.GetFirstSectionStrings(".rdata");
if (strs != null)
{
if (strs.Exists(s => s.Contains("XCP.DAT")))