From cc87d44e3ff1346a29922c238cb15a1571687a9c Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Sat, 20 Sep 2025 18:41:58 -0400 Subject: [PATCH] Make packer and protection code more consistent --- .../Packer/AutoPlayMediaStudio.cs | 2 +- BinaryObjectScanner/Packer/GPInstall.cs | 2 +- BinaryObjectScanner/Packer/GkWareSFX.cs | 2 +- BinaryObjectScanner/Packer/InstallAnywhere.cs | 2 +- .../Packer/IntelInstallationFramework.cs | 2 +- BinaryObjectScanner/Packer/MicrosoftCABSFX.cs | 2 +- BinaryObjectScanner/Packer/NSIS.cs | 2 +- BinaryObjectScanner/Packer/SetupFactory.cs | 2 +- .../Packer/SmartInstallMaker.cs | 2 +- BinaryObjectScanner/Packer/SpoonInstaller.cs | 2 +- BinaryObjectScanner/Packer/WinRARSFX.cs | 2 +- BinaryObjectScanner/Protection/ByteShield.cs | 15 +++++++---- BinaryObjectScanner/Protection/CDCheck.cs | 2 +- BinaryObjectScanner/Protection/CDDVDCops.cs | 2 +- BinaryObjectScanner/Protection/CDKey.cs | 3 ++- BinaryObjectScanner/Protection/Channelware.cs | 5 +++- .../Protection/ChosenBytesCodeLock.cs | 3 ++- BinaryObjectScanner/Protection/CopyKiller.cs | 3 ++- BinaryObjectScanner/Protection/CopyX.cs | 4 --- BinaryObjectScanner/Protection/CrypKey.cs | 6 +++-- BinaryObjectScanner/Protection/Denuvo.cs | 8 +++--- BinaryObjectScanner/Protection/DigiGuard.cs | 17 +++++++----- BinaryObjectScanner/Protection/DiscGuard.cs | 9 ++++--- BinaryObjectScanner/Protection/EAAntiCheat.cs | 5 +++- .../Protection/EasyAntiCheat.cs | 4 ++- .../Protection/ElectronicArts.cs | 4 ++- BinaryObjectScanner/Protection/GFWL.cs | 3 ++- .../Protection/HexalockAutoLock.cs | 12 +++++---- .../Protection/ImpulseReactor.cs | 7 +++-- BinaryObjectScanner/Protection/JoWood.cs | 6 ++--- .../Protection/KalypsoLauncher.cs | 2 +- BinaryObjectScanner/Protection/LabelGate.cs | 8 +++--- .../Protection/MGIRegistration.cs | 2 +- .../Protection/Macrovision.CDilla.cs | 2 +- .../Macrovision.CactusDataShield.cs | 5 ++-- .../Protection/Macrovision.FLEXnet.cs | 2 +- .../Protection/Macrovision.RipGuard.cs | 26 +++++++------------ .../Protection/Macrovision.SafeCast.cs | 16 +++++++----- .../Protection/Macrovision.SafeDisc.cs | 9 ++++--- BinaryObjectScanner/Protection/Macrovision.cs | 2 +- BinaryObjectScanner/Protection/MediaCloQ.cs | 12 +++++---- BinaryObjectScanner/Protection/MediaMax.cs | 4 ++- BinaryObjectScanner/Protection/NEACProtect.cs | 2 +- BinaryObjectScanner/Protection/NProtect.cs | 2 +- .../Protection/OnlineRegistration.cs | 3 ++- BinaryObjectScanner/Protection/OpenMG.cs | 22 +++++++++------- BinaryObjectScanner/Protection/Origin.cs | 4 ++- BinaryObjectScanner/Protection/PlayJ.cs | 15 ++++++----- .../Protection/RainbowSentinel.cs | 2 +- BinaryObjectScanner/Protection/RealArcade.cs | 15 ++++++----- BinaryObjectScanner/Protection/SecuROM.cs | 4 +-- BinaryObjectScanner/Protection/SmartE.cs | 6 +++-- BinaryObjectScanner/Protection/SoftLock.cs | 10 ++++--- BinaryObjectScanner/Protection/SolidShield.cs | 5 ++-- BinaryObjectScanner/Protection/StarForce.cs | 24 ++++------------- BinaryObjectScanner/Protection/Steam.cs | 4 ++- BinaryObjectScanner/Protection/Tages.cs | 4 ++- .../Protection/ThreeTwoOneStudios.cs | 4 +-- .../Protection/UnilocSoftAnchor.cs | 15 +++++++---- BinaryObjectScanner/Protection/Uplay.cs | 6 +++-- BinaryObjectScanner/Protection/WMDS.cs | 3 ++- .../Protection/WTMCDProtect.cs | 5 +++- BinaryObjectScanner/Protection/XCP.cs | 2 +- 63 files changed, 216 insertions(+), 171 deletions(-) diff --git a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs index 2ac994ae..3b2d56be 100644 --- a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs +++ b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs @@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Known to detect versions 5.0.0.3 - 8.1.0.0 - var name = exe.ProductName; + string? name = exe.ProductName; if (name.OptionalStartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase)) return $"AutoPlay Media Studio {GetVersion(exe)}"; diff --git a/BinaryObjectScanner/Packer/GPInstall.cs b/BinaryObjectScanner/Packer/GPInstall.cs index c2033a18..c847f55a 100644 --- a/BinaryObjectScanner/Packer/GPInstall.cs +++ b/BinaryObjectScanner/Packer/GPInstall.cs @@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = exe.FileDescription; + string? name = exe.FileDescription; if (name.OptionalContains("GP-Install")) return "GP-Install"; diff --git a/BinaryObjectScanner/Packer/GkWareSFX.cs b/BinaryObjectScanner/Packer/GkWareSFX.cs index f6ded7ff..a7819de2 100644 --- a/BinaryObjectScanner/Packer/GkWareSFX.cs +++ b/BinaryObjectScanner/Packer/GkWareSFX.cs @@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = exe.FileDescription; + string? name = exe.FileDescription; if (name.OptionalContains("GkWare Self extractor")) return "GkWare SFX"; diff --git a/BinaryObjectScanner/Packer/InstallAnywhere.cs b/BinaryObjectScanner/Packer/InstallAnywhere.cs index a2d0cb22..dfcbf2dc 100644 --- a/BinaryObjectScanner/Packer/InstallAnywhere.cs +++ b/BinaryObjectScanner/Packer/InstallAnywhere.cs @@ -11,7 +11,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; if (name.OptionalStartsWith("InstallAnywhere Self Extractor", StringComparison.OrdinalIgnoreCase)) return $"InstallAnywhere {GetVersion(exe)}"; diff --git a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs index 82ee3370..d241f469 100644 --- a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs +++ b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs @@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase) || name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase)) { diff --git a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs index 6ab0b19c..60d6bb06 100644 --- a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs +++ b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs @@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.InternalName; + string? name = exe.InternalName; if (name.OptionalEquals("Wextract", StringComparison.OrdinalIgnoreCase)) return $"Microsoft CAB SFX {GetVersion(exe)}"; diff --git a/BinaryObjectScanner/Packer/NSIS.cs b/BinaryObjectScanner/Packer/NSIS.cs index 4d28a657..289d9ed0 100644 --- a/BinaryObjectScanner/Packer/NSIS.cs +++ b/BinaryObjectScanner/Packer/NSIS.cs @@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.AssemblyDescription; + string? name = exe.AssemblyDescription; if (name.OptionalStartsWith("Nullsoft Install System")) return $"NSIS {name!.Substring("Nullsoft Install System".Length).Trim()}"; diff --git a/BinaryObjectScanner/Packer/SetupFactory.cs b/BinaryObjectScanner/Packer/SetupFactory.cs index c3f0a69c..04a2680a 100644 --- a/BinaryObjectScanner/Packer/SetupFactory.cs +++ b/BinaryObjectScanner/Packer/SetupFactory.cs @@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Known to detect versions 7.0.5.1 - 9.1.0.0 - var name = exe.LegalCopyright; + string? name = exe.LegalCopyright; if (name.OptionalStartsWith("Setup Engine", StringComparison.OrdinalIgnoreCase)) return $"Setup Factory {GetVersion(exe)}"; diff --git a/BinaryObjectScanner/Packer/SmartInstallMaker.cs b/BinaryObjectScanner/Packer/SmartInstallMaker.cs index 7a2ea774..a40a011c 100644 --- a/BinaryObjectScanner/Packer/SmartInstallMaker.cs +++ b/BinaryObjectScanner/Packer/SmartInstallMaker.cs @@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = exe.AssemblyDescription; + string? name = exe.AssemblyDescription; if (name.OptionalContains("Smart Install Maker")) return "Smart Install Maker"; diff --git a/BinaryObjectScanner/Packer/SpoonInstaller.cs b/BinaryObjectScanner/Packer/SpoonInstaller.cs index 16e11bb4..ed948d50 100644 --- a/BinaryObjectScanner/Packer/SpoonInstaller.cs +++ b/BinaryObjectScanner/Packer/SpoonInstaller.cs @@ -12,7 +12,7 @@ namespace BinaryObjectScanner.Packer public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // - var name = exe.AssemblyDescription; + string? name = exe.AssemblyDescription; if (name.OptionalEquals("Spoon Installer")) return "Spoon Installer"; diff --git a/BinaryObjectScanner/Packer/WinRARSFX.cs b/BinaryObjectScanner/Packer/WinRARSFX.cs index bd4030b9..bc444c6f 100644 --- a/BinaryObjectScanner/Packer/WinRARSFX.cs +++ b/BinaryObjectScanner/Packer/WinRARSFX.cs @@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.AssemblyDescription; + string? name = exe.AssemblyDescription; if (name.OptionalContains("WinRAR archiver")) return "WinRAR SFX"; diff --git a/BinaryObjectScanner/Protection/ByteShield.cs b/BinaryObjectScanner/Protection/ByteShield.cs index 271c4906..656f7dae 100644 --- a/BinaryObjectScanner/Protection/ByteShield.cs +++ b/BinaryObjectScanner/Protection/ByteShield.cs @@ -42,28 +42,33 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Found in "LineRider2.exe" in Redump entry 6236 - var name = exe.FileDescription; if (name.OptionalEquals("ByteShield Client")) return $"ByteShield Activation Client {exe.GetInternalVersion()}"; - // Found in "LineRider2.exe" in Redump entry 6236 name = exe.InternalName; + + // Found in "LineRider2.exe" in Redump entry 6236 if (name.OptionalEquals("ByteShield")) return $"ByteShield Activation Client {exe.GetInternalVersion()}"; - // Found in "LineRider2.exe" in Redump entry 6236 name = exe.OriginalFilename; + + // Found in "LineRider2.exe" in Redump entry 6236 if (name.OptionalEquals("ByteShield.EXE")) return $"ByteShield Activation Client {exe.GetInternalVersion()}"; - // Found in "LineRider2.exe" in Redump entry 6236 name = exe.ProductName; + + // Found in "LineRider2.exe" in Redump entry 6236 if (name.OptionalEquals("ByteShield Client")) return $"ByteShield Activation Client {exe.GetInternalVersion()}"; - // Found in "ByteShield.dll" in Redump entry 6236 name = exe.ExportTable?.ExportDirectoryTable?.Name; + + // Found in "ByteShield.dll" in Redump entry 6236 if (name.OptionalEquals("ByteShield Client")) return "ByteShield Component Module"; diff --git a/BinaryObjectScanner/Protection/CDCheck.cs b/BinaryObjectScanner/Protection/CDCheck.cs index b08754f8..3e1f9162 100644 --- a/BinaryObjectScanner/Protection/CDCheck.cs +++ b/BinaryObjectScanner/Protection/CDCheck.cs @@ -8,7 +8,7 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.Comments; + string? name = exe.Comments; if (name.OptionalContains("CDCheck utlity for Microsoft Game Studios")) return "Microsoft Game Studios CD Check"; diff --git a/BinaryObjectScanner/Protection/CDDVDCops.cs b/BinaryObjectScanner/Protection/CDDVDCops.cs index 8f1c71fa..a990936e 100644 --- a/BinaryObjectScanner/Protection/CDDVDCops.cs +++ b/BinaryObjectScanner/Protection/CDDVDCops.cs @@ -181,7 +181,7 @@ namespace BinaryObjectScanner.Protection // Found in "bib.dll" in IA item "https://archive.org/details/cover_202501" // This contains the version section that the Content Check looked for. There are likely other sections // that may contain it. Update when more are found. - var strs = exe.GetFirstSectionStrings("DATA"); + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { var match = strs.Find(s => s.Contains(" ver. ") && (s.Contains("CD-Cops, ") || s.Contains("DVD-Cops, "))); diff --git a/BinaryObjectScanner/Protection/CDKey.cs b/BinaryObjectScanner/Protection/CDKey.cs index c49b62e5..8dbf6af2 100644 --- a/BinaryObjectScanner/Protection/CDKey.cs +++ b/BinaryObjectScanner/Protection/CDKey.cs @@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.InternalName; + string? name = exe.InternalName; + if (name.OptionalEquals("CDKey", StringComparison.OrdinalIgnoreCase)) return "CD-Key / Serial"; diff --git a/BinaryObjectScanner/Protection/Channelware.cs b/BinaryObjectScanner/Protection/Channelware.cs index 16de028c..263b0124 100644 --- a/BinaryObjectScanner/Protection/Channelware.cs +++ b/BinaryObjectScanner/Protection/Channelware.cs @@ -25,8 +25,9 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.ProductName; + // Found in "AbeWincw.dll" in Redump entry 116358 and in "TOYSGMcw.dll" in the "TOYSTORY" installation folder from Redump entry 12354. - var name = exe.ProductName; if (name.OptionalEquals("ChannelWare Utilities")) return "Channelware"; @@ -43,11 +44,13 @@ namespace BinaryObjectScanner.Protection return "Channelware"; name = exe.FileDescription; + // Found in "cwuninst.exe" in the "Channelware" folder installed from Redump entry 12354. if (name.OptionalEquals("Channelware Launcher Uninstall")) return "Channelware"; name = exe.LegalTrademarks; + // Found in "CWAuto.dll" and "Upgrader.exe" in the "TOYSTORY" installation folder from Redump entry 12354. if (name.OptionalEquals("Channelware")) return "Channelware"; diff --git a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs index 85013d7b..91932965 100644 --- a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs +++ b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs @@ -24,9 +24,10 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.ProductName; + // Found in "Code-Lock.ocx" in Code-Lock version 2.35. // Also worth noting is the File Description for this file, which is "A future for you, a challenge for the rest.". - var name = exe.ProductName; if (name.OptionalStartsWith("Code-Lock", StringComparison.OrdinalIgnoreCase)) return $"ChosenBytes Code-Lock {exe.ProductVersion}"; diff --git a/BinaryObjectScanner/Protection/CopyKiller.cs b/BinaryObjectScanner/Protection/CopyKiller.cs index 194cdb4a..40211748 100644 --- a/BinaryObjectScanner/Protection/CopyKiller.cs +++ b/BinaryObjectScanner/Protection/CopyKiller.cs @@ -20,9 +20,10 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.ProductName; + // TODO: Figure out why this check doesn't work. // Found in "autorun.exe" in CopyKiller V3.64, V3.99, and V3.99a. - var name = exe.ProductName; if (name.OptionalStartsWith("CopyKiller", StringComparison.OrdinalIgnoreCase)) return "CopyKiller V3.64+"; diff --git a/BinaryObjectScanner/Protection/CopyX.cs b/BinaryObjectScanner/Protection/CopyX.cs index 5f454b64..0abdb441 100644 --- a/BinaryObjectScanner/Protection/CopyX.cs +++ b/BinaryObjectScanner/Protection/CopyX.cs @@ -62,10 +62,6 @@ namespace BinaryObjectScanner.Protection // Checks for Professional // PEX checks intentionally only detect Professional - var sections = exe.SectionTable; - if (sections == null) - return null; - if (exe.OverlayStrings != null) { // Checks if main executable contains reference to optgraph.dll. diff --git a/BinaryObjectScanner/Protection/CrypKey.cs b/BinaryObjectScanner/Protection/CrypKey.cs index 436b4d83..8be49176 100644 --- a/BinaryObjectScanner/Protection/CrypKey.cs +++ b/BinaryObjectScanner/Protection/CrypKey.cs @@ -38,8 +38,9 @@ namespace BinaryObjectScanner.Protection // Get the CrypKey version from the VersionInfo, if it exists string version = exe.GetVersionInfoString("CrypKey Version") ?? string.Empty; + string? name = exe.CompanyName; + // Found in 'cki32k.dll' - var name = exe.CompanyName; if (name.OptionalStartsWith("CrypKey")) return $"CrypKey {version}".TrimEnd(); @@ -53,8 +54,9 @@ namespace BinaryObjectScanner.Protection if (name.OptionalStartsWith("CrypKey")) return $"CrypKey {version}".TrimEnd(); - // Found in 'cki32k.dll' name = exe.LegalCopyright; + + // Found in 'cki32k.dll' if (name.OptionalContains("CrypKey")) return $"CrypKey {version}".TrimEnd(); diff --git a/BinaryObjectScanner/Protection/Denuvo.cs b/BinaryObjectScanner/Protection/Denuvo.cs index 3d7b8af4..bc209af2 100644 --- a/BinaryObjectScanner/Protection/Denuvo.cs +++ b/BinaryObjectScanner/Protection/Denuvo.cs @@ -36,8 +36,9 @@ namespace BinaryObjectScanner.Protection { // All current checks for Denuvo Anti-Cheat come from Doom Eternal Update 1 (Steam Depot 782332, Manifest 7064393210727378308). + string? name = exe.FileDescription; + // Found in "denuvo-anti-cheat.sys". - var name = exe.FileDescription; if (name.OptionalEquals("Denuvo Anti-Cheat Driver", StringComparison.OrdinalIgnoreCase)) return $"Denuvo Anti-Cheat"; @@ -62,8 +63,7 @@ namespace BinaryObjectScanner.Protection // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/_denuvoComplete.2.sg // Denuvo Protector - if (exe.OptionalHeader?.Magic == OHMN.PE32Plus - && exe.EntryPointData != null) + if (exe.OptionalHeader?.Magic == OHMN.PE32Plus && exe.EntryPointData != null) { byte?[] denuvoProtector = [ @@ -84,7 +84,7 @@ namespace BinaryObjectScanner.Protection new byte[] { 0x44, 0x65, 0x6E, 0x75, 0x76, 0x6F, 0x20, 0x54, 0x69, 0x6D, 0x69, 0x6E, 0x67, - }, "Denuvo") + }, "Denuvo") }; var timingMatch = MatchUtil.GetFirstMatch(file, exe.EntryPointData, timingMatchers, includeDebug); diff --git a/BinaryObjectScanner/Protection/DigiGuard.cs b/BinaryObjectScanner/Protection/DigiGuard.cs index a617b056..8fee3dd1 100644 --- a/BinaryObjectScanner/Protection/DigiGuard.cs +++ b/BinaryObjectScanner/Protection/DigiGuard.cs @@ -28,20 +28,23 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. - var name = exe.FileDescription; - if (name.OptionalEquals("DigiGuard3 Client")) - return $"DigiGuard3"; + string? name = exe.FileDescription; // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. + if (name.OptionalEquals("DigiGuard3 Client")) + return "DigiGuard3"; + name = exe.LegalTrademarks; + + // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. if (name.OptionalEquals("DigiGuard")) - return $"DigiGuard"; + return "DigiGuard"; + + name = exe.ProductName; // Found in "PJS3.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. - name = exe.ProductName; if (name.OptionalEquals("Greenleaf Wrapper3")) - return $"DigiGuard"; + return "DigiGuard"; return null; } diff --git a/BinaryObjectScanner/Protection/DiscGuard.cs b/BinaryObjectScanner/Protection/DiscGuard.cs index 3ab1b441..117cf11a 100644 --- a/BinaryObjectScanner/Protection/DiscGuard.cs +++ b/BinaryObjectScanner/Protection/DiscGuard.cs @@ -40,8 +40,9 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). - var name = exe.FileDescription; if (name.OptionalStartsWith("IOSLinkNT", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; @@ -49,13 +50,15 @@ namespace BinaryObjectScanner.Protection if (name.OptionalStartsWith("TTR Technologies DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) return $"DiscGuard {GetVersion(exe)}"; - // Found in "T29.dll" (Redump entry 31914). name = exe.ProductName; + + // Found in "T29.dll" (Redump entry 31914). if (name.OptionalStartsWith("DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; - // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). name = exe.ProductName; + + // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). if (name.OptionalStartsWith("TTR Technologies Ltd. DiscGuard (tm)", StringComparison.OrdinalIgnoreCase)) return "DiscGuard"; diff --git a/BinaryObjectScanner/Protection/EAAntiCheat.cs b/BinaryObjectScanner/Protection/EAAntiCheat.cs index d0cff257..e838a3a0 100644 --- a/BinaryObjectScanner/Protection/EAAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EAAntiCheat.cs @@ -21,17 +21,20 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat")) return "EA Anti Cheat"; name = exe.ProductName; + // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat")) return "EA Anti Cheat"; name = exe.InternalName; + // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Equals("skyfall")) return "EA Anti Cheat"; diff --git a/BinaryObjectScanner/Protection/EasyAntiCheat.cs b/BinaryObjectScanner/Protection/EasyAntiCheat.cs index a9a538d1..dce34cec 100644 --- a/BinaryObjectScanner/Protection/EasyAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EasyAntiCheat.cs @@ -24,7 +24,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + // Found in "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam). if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)")) return "Easy Anti-Cheat (EOS Version)"; @@ -51,6 +52,7 @@ namespace BinaryObjectScanner.Protection // "EasyAntiCheat Service" -> "EasyAntiCheat.exe", which is found installed in "Program Files (x86)\EasyAntiCheat" and "EasyAntiCheat_Setup.exe" ("Intruder", Update 2287, Steam). name = exe.ProductName; + // Found in multiple files, including "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam) and "start_protected_game.exe" ("VRChat", Version 2022.2.2p2, Oculus). if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)")) return "Easy Anti-Cheat (EOS Version)"; diff --git a/BinaryObjectScanner/Protection/ElectronicArts.cs b/BinaryObjectScanner/Protection/ElectronicArts.cs index 8f59fbd4..eecad80b 100644 --- a/BinaryObjectScanner/Protection/ElectronicArts.cs +++ b/BinaryObjectScanner/Protection/ElectronicArts.cs @@ -9,7 +9,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalContains("EReg MFC Application")) return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; else if (name.OptionalContains("Registration code installer program")) @@ -18,6 +19,7 @@ namespace BinaryObjectScanner.Protection return $"EA DRM Protection {exe.GetInternalVersion()}"; name = exe.InternalName; + if (name.OptionalEquals("CDCode", StringComparison.Ordinal)) return $"EA CdKey Registration Module {exe.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/GFWL.cs b/BinaryObjectScanner/Protection/GFWL.cs index 27ba7aa2..e15bd539 100644 --- a/BinaryObjectScanner/Protection/GFWL.cs +++ b/BinaryObjectScanner/Protection/GFWL.cs @@ -13,7 +13,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalStartsWith("Games for Windows - LIVE Zero Day Piracy Protection", StringComparison.OrdinalIgnoreCase)) return $"Games for Windows LIVE - Zero Day Piracy Protection Module {exe.GetInternalVersion()}"; else if (name.OptionalStartsWith("Games for Windows", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/HexalockAutoLock.cs b/BinaryObjectScanner/Protection/HexalockAutoLock.cs index 56eecf32..58b2e04d 100644 --- a/BinaryObjectScanner/Protection/HexalockAutoLock.cs +++ b/BinaryObjectScanner/Protection/HexalockAutoLock.cs @@ -34,9 +34,10 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // TODO: Fix the following checks, as this information is visible via Windows Explorer but isn't currently being seen by BOS. // Found in "HCPSMng.exe". - var name = exe.FileDescription; if (name.OptionalStartsWith("HCPS Manager", StringComparison.OrdinalIgnoreCase)) return $"Hexalock AutoLock 4.5"; @@ -44,8 +45,9 @@ namespace BinaryObjectScanner.Protection if (name.OptionalStartsWith("HCPS Loader", StringComparison.OrdinalIgnoreCase)) return $"Hexalock AutoLock 4.5"; - // Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe". name = exe.ProductName; + + // Found in both "HCPSMng.exe" and in the file typically named "Start_Here.exe". if (name.OptionalStartsWith("HCPS", StringComparison.OrdinalIgnoreCase)) return $"Hexalock AutoLock 4.5"; @@ -57,7 +59,7 @@ namespace BinaryObjectScanner.Protection if (strs.Exists(s => s.Contains("mfint.dll"))) return "Hexalock Autolock"; } - + // Get the code/CODE section strings, if they exist strs = exe.GetFirstSectionStrings("code") ?? exe.GetFirstSectionStrings("CODE"); if (strs != null) @@ -66,7 +68,7 @@ namespace BinaryObjectScanner.Protection if (strs.Exists(s => s.Contains("mfint.dll"))) return "Hexalock Autolock"; } - + // Get the UPX1 section strings, if they exist strs = exe.GetFirstSectionStrings("UPX1"); if (strs != null) @@ -75,7 +77,7 @@ namespace BinaryObjectScanner.Protection if (strs.Exists(s => s.Contains("mfint.dll"))) return "Hexalock Autolock"; } - + return null; } diff --git a/BinaryObjectScanner/Protection/ImpulseReactor.cs b/BinaryObjectScanner/Protection/ImpulseReactor.cs index 54f504af..54f60d23 100644 --- a/BinaryObjectScanner/Protection/ImpulseReactor.cs +++ b/BinaryObjectScanner/Protection/ImpulseReactor.cs @@ -15,15 +15,18 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalContains("ImpulseReactor Dynamic Link Library")) return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; name = exe.ProductName; + if (name.OptionalContains("ImpulseReactor Dynamic Link Library")) return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; name = exe.OriginalFilename; + if (name.OptionalContains("ReactorActivate.exe")) return $"Stardock Product Activation {exe.GetInternalVersion()}"; @@ -45,7 +48,7 @@ namespace BinaryObjectScanner.Protection if (containsCheck && containsCheck2) return $"Impulse Reactor Core Module {exe.GetInternalVersion()}"; else if (containsCheck && !containsCheck2) - return $"Impulse Reactor"; + return "Impulse Reactor"; return null; } diff --git a/BinaryObjectScanner/Protection/JoWood.cs b/BinaryObjectScanner/Protection/JoWood.cs index d557a9e4..77eafa77 100644 --- a/BinaryObjectScanner/Protection/JoWood.cs +++ b/BinaryObjectScanner/Protection/JoWood.cs @@ -50,13 +50,11 @@ namespace BinaryObjectScanner.Protection } // Get the HC09 section, if it exists - bool hc09Section = exe.ContainsSection("HC09 ", exact: true); - if (hc09Section) + if (exe.ContainsSection("HC09 ", exact: true)) return "JoWood X-Prot v2"; // TODO: Can we get more granular with the version? // Get the XPROT section, if it exists - var xprotSection = exe.ContainsSection("XPROT ", exact: true); - if (xprotSection) + if (exe.ContainsSection("XPROT ", exact: true)) return "JoWood X-Prot v1.4+"; // TODO: Can we get more granular with the version? return null; diff --git a/BinaryObjectScanner/Protection/KalypsoLauncher.cs b/BinaryObjectScanner/Protection/KalypsoLauncher.cs index 55154093..d944dda2 100644 --- a/BinaryObjectScanner/Protection/KalypsoLauncher.cs +++ b/BinaryObjectScanner/Protection/KalypsoLauncher.cs @@ -26,7 +26,7 @@ namespace BinaryObjectScanner.Protection // TODO: Investigate if there are any viable checks for the game EXE itself. // "Styx" is found as the File Description and Product Name in "KalypsoLauncher.dll", but checks aren't included due to the risk of false positives. - var name = exe.InternalName; + string? name = exe.InternalName; // Found in "KalypsoLauncher.dll" in Redump entry 95617. if (name.OptionalContains("KalypsoLauncher.dll")) diff --git a/BinaryObjectScanner/Protection/LabelGate.cs b/BinaryObjectScanner/Protection/LabelGate.cs index 332c6041..e5c66c45 100644 --- a/BinaryObjectScanner/Protection/LabelGate.cs +++ b/BinaryObjectScanner/Protection/LabelGate.cs @@ -21,14 +21,16 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Should be present on all LabelGate CD2 discs (Redump entry 95010 and product ID SVWC-7185). - var name = exe.FileDescription; if (name.OptionalStartsWith("MAGIQLIP2 Installer", StringComparison.OrdinalIgnoreCase)) - return $"LabelGate CD2 Media Player"; + return "LabelGate CD2 Media Player"; name = exe.ProductName; + if (name.OptionalStartsWith("MQSTART", StringComparison.OrdinalIgnoreCase)) - return $"LabelGate CD2 Media Player"; + return "LabelGate CD2 Media Player"; // Get the .data/DATA section strings, if they exist var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); diff --git a/BinaryObjectScanner/Protection/MGIRegistration.cs b/BinaryObjectScanner/Protection/MGIRegistration.cs index 09de95a7..45ec6684 100644 --- a/BinaryObjectScanner/Protection/MGIRegistration.cs +++ b/BinaryObjectScanner/Protection/MGIRegistration.cs @@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.ProductName; + string? name = exe.ProductName; // Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001". if (name.OptionalEquals("MGI Registration Utility", StringComparison.Ordinal)) diff --git a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs index 3a89f236..c43268f6 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs @@ -62,7 +62,7 @@ namespace BinaryObjectScanner.Protection /// internal static string? CDillaCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; // Found in in "cdilla52.dll" from C-Dilla LMS version 3.24.010. if (name.OptionalEquals("32-bit C-Dilla DLL", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs index 42086452..b29b6f80 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs @@ -47,10 +47,11 @@ namespace BinaryObjectScanner.Protection if (exe.FindGenericResource("CactusPJ").Count > 0) return "PlayJ Music Player (Cactus Data Shield 200)"; + string? name = exe.ProductName; + // Found in various files in "Les Paul & Friends" (Barcode 4 98806 834170). - var name = exe.ProductName; if (name.OptionalEquals("CDS300", StringComparison.OrdinalIgnoreCase)) - return $"Cactus Data Shield 300"; + return "Cactus Data Shield 300"; return null; } diff --git a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs index 4eb21536..e519104d 100644 --- a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs +++ b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs @@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection /// internal static string? FLEXnetCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.ProductName; + string? name = exe.ProductName; // Found in "IsSvcInstDanceEJay7.dll" in IA item "computer200709dvd" (Dance eJay 7). if (name.OptionalEquals("FLEXnet Activation Toolkit", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs index 8e17d6c4..42415b58 100644 --- a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs +++ b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.IO; using SabreTools.Hashing; using SabreTools.Matching; using SabreTools.Matching.Paths; @@ -21,31 +20,24 @@ namespace BinaryObjectScanner.Protection /// internal static string? RipGuardCheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). - var name = exe.FileDescription; if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase)) return "RipGuard"; - // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). name = exe.ProductName; + + // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase)) return "RipGuard"; - if (!string.IsNullOrEmpty(file) && File.Exists(file)) + // So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash. + if (exe.Length == 49_152) { - try - { - var fi = new FileInfo(file); - - // So far, every seemingly-randomly named EXE on RipGuard discs have a consistent hash. - if (fi.Length == 49_152) - { - var sha1 = HashTool.GetFileHash(file, HashType.SHA1); - if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase)) - return "RipGuard"; - } - } - catch { } + var sha1 = HashTool.GetFileHash(file, HashType.SHA1); + if (string.Equals(sha1, "6A7B8545800E0AB252773A8CD0A2185CA2497938", StringComparison.OrdinalIgnoreCase)) + return "RipGuard"; } return null; diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs index b226c82f..6c7e706b 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs @@ -97,23 +97,24 @@ namespace BinaryObjectScanner.Protection return "SafeCast"; } + string? name = exe.FileDescription; + // Found in "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)". - var name = exe.FileDescription; if (name.OptionalEquals("SafeCast2", StringComparison.OrdinalIgnoreCase)) return "SafeCast"; // Found in "cdac01ba.dll" from IA item "ejay_nestle_trial". // TODO: Figure out a reasonable way to parse version. if (name.OptionalEquals("CdaC01BA", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast"; + return "SafeCast"; // Found in "C2CDEL.EXE" in IA item "britney-spears-special-edition-cd-rom". if (name.OptionalEquals("32-bit SafeCast Copy To Clear Delete", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast"; + return "SafeCast"; // Found in "C2C.DLL" in IA item "britney-spears-special-edition-cd-rom". if (name.OptionalEquals("32-bit SafeCast Shell Copy To Clear DLL", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast"; + return "SafeCast"; // Found in "SCRfrsh.exe" in Redump entry 102979. if (name.OptionalEquals("32-bit SafeCast Toolkit", StringComparison.OrdinalIgnoreCase)) @@ -121,14 +122,15 @@ namespace BinaryObjectScanner.Protection // Found in "CDAC14BA.DLL" in Redump entry 95524. if (name.OptionalEquals("32-bit SafeCast Anchor Installer", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast"; + return "SafeCast"; // Found in "CDAC21BA.DLL" in Redump entry 95524. if (name.OptionalEquals("32-bit CdaC20BA", StringComparison.OrdinalIgnoreCase)) - return $"SafeCast"; + return "SafeCast"; + + name = exe.ProductName; // Found in hidden resource of "32bit\Tax02\cdac14ba.dll" in IA item "TurboTax Deluxe Tax Year 2002 for Wndows (2.00R)(Intuit)(2002)(352282)". - name = exe.ProductName; if (name.OptionalEquals("SafeCast Windows NT", StringComparison.OrdinalIgnoreCase)) return "SafeCast"; diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs index 81d6c0ee..2eba649b 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs @@ -81,7 +81,8 @@ namespace BinaryObjectScanner.Protection return "Macrovision SecDrv Update Installer"; } - var name = exe.FileDescription; + string? name = exe.FileDescription; + // Present in "Diag.exe" files from SafeDisc 4.50.000+. if (name.OptionalEquals("SafeDisc SRV Tool APP", StringComparison.OrdinalIgnoreCase)) return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(exe)}"; @@ -90,8 +91,9 @@ namespace BinaryObjectScanner.Protection if (name.OptionalEquals("Macrovision SecDrv Update", StringComparison.OrdinalIgnoreCase)) return "Macrovision SecDrv Update Installer"; - // Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004. name = exe.ProductName; + + // Present on all "CLOKSPL.DLL" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004. if (name.OptionalEquals("SafeDisc CDROM Protection System", StringComparison.OrdinalIgnoreCase)) return "SafeDisc 1.00.025-1.01.044"; @@ -109,9 +111,10 @@ namespace BinaryObjectScanner.Protection else if (name.OptionalEquals("SafeDisc AuthServ APP", StringComparison.OrdinalIgnoreCase)) return $"SafeDisc AuthServ APP {GetSafeDiscAuthServVersion(exe)}"; + name = exe.FileDescription; + // Present on all "CLOKSPL.EXE" versions before SafeDisc 1.06.000. Found on Redump entries 61731 and 66004. // Only found so far on SafeDisc 1.00.025-1.01.044, but the report is currently left generic due to the generic nature of the check. - name = exe.FileDescription; if (name.OptionalEquals("SafeDisc", StringComparison.OrdinalIgnoreCase)) return "SafeDisc"; diff --git a/BinaryObjectScanner/Protection/Macrovision.cs b/BinaryObjectScanner/Protection/Macrovision.cs index c201f56f..ef2de13f 100644 --- a/BinaryObjectScanner/Protection/Macrovision.cs +++ b/BinaryObjectScanner/Protection/Macrovision.cs @@ -47,7 +47,7 @@ namespace BinaryObjectScanner.Protection var resultsList = new List(); // Check for generic indications of Macrovision protections first. - var name = exe.FileDescription; + string? name = exe.FileDescription; // Present in "secdrv.sys" files found in SafeDisc 2.80.010+. if (name.OptionalEquals("Macrovision SECURITY Driver", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/MediaCloQ.cs b/BinaryObjectScanner/Protection/MediaCloQ.cs index 8ec158a3..4a57287e 100644 --- a/BinaryObjectScanner/Protection/MediaCloQ.cs +++ b/BinaryObjectScanner/Protection/MediaCloQ.cs @@ -18,15 +18,17 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). - var name = exe.FileDescription; - if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase)) - return $"MediaCloQ"; + string? name = exe.FileDescription; // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). + if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase)) + return "MediaCloQ"; + name = exe.ProductName; + + // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). if (name.OptionalStartsWith("scvfy Application", StringComparison.OrdinalIgnoreCase)) - return $"MediaCloQ"; + return "MediaCloQ"; return null; } diff --git a/BinaryObjectScanner/Protection/MediaMax.cs b/BinaryObjectScanner/Protection/MediaMax.cs index d39f9f5b..47f2a627 100644 --- a/BinaryObjectScanner/Protection/MediaMax.cs +++ b/BinaryObjectScanner/Protection/MediaMax.cs @@ -18,12 +18,14 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Used to detect "LicGen.exe", found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) - var name = exe.FileDescription; if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase)) return $"MediaMax CD-3"; name = exe.ProductName; + if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase)) return $"MediaMax CD-3"; diff --git a/BinaryObjectScanner/Protection/NEACProtect.cs b/BinaryObjectScanner/Protection/NEACProtect.cs index 395138bc..9c5f3a63 100644 --- a/BinaryObjectScanner/Protection/NEACProtect.cs +++ b/BinaryObjectScanner/Protection/NEACProtect.cs @@ -31,7 +31,7 @@ namespace BinaryObjectScanner.Protection if (exe.ContainsSection(".neac0", exact: true) || exe.ContainsSection(".neac1", exact: true)) return "NEAC Protect"; - var name = exe.ProductName; + string? name = exe.ProductName; // Found in "NeacSafe64.sys" and "NeacSafe.sys". // TODO: Fix Product Name not being properly grabbed from the file. diff --git a/BinaryObjectScanner/Protection/NProtect.cs b/BinaryObjectScanner/Protection/NProtect.cs index 14662929..fba6f843 100644 --- a/BinaryObjectScanner/Protection/NProtect.cs +++ b/BinaryObjectScanner/Protection/NProtect.cs @@ -35,7 +35,7 @@ namespace BinaryObjectScanner.Protection { // TODO: Investigate if there are any viable checks for the game EXE itself. - var name = exe.FileDescription; + string? name = exe.FileDescription; // Found in "GameGuard.des" in Redump entry 90526 and 99598, and "Soulworker" (Steam Depot 1377581, Manifest 5092481117079359342). if (name.OptionalContains("nProtect GameGuard Launcher")) diff --git a/BinaryObjectScanner/Protection/OnlineRegistration.cs b/BinaryObjectScanner/Protection/OnlineRegistration.cs index 28985237..7ee449c6 100644 --- a/BinaryObjectScanner/Protection/OnlineRegistration.cs +++ b/BinaryObjectScanner/Protection/OnlineRegistration.cs @@ -9,8 +9,9 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.InternalName; + // TODO: Is this too broad in general? - var name = exe.InternalName; if (name.OptionalStartsWith("EReg", StringComparison.OrdinalIgnoreCase)) return $"Executable-Based Online Registration {exe.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/OpenMG.cs b/BinaryObjectScanner/Protection/OpenMG.cs index b3d30f3f..ee07757b 100644 --- a/BinaryObjectScanner/Protection/OpenMG.cs +++ b/BinaryObjectScanner/Protection/OpenMG.cs @@ -19,41 +19,43 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.LegalTrademarks; + // Found in many different OpenMG related files ("Touch" by Amerie). - var name = exe.LegalTrademarks; if (name.OptionalStartsWith("OpenMG", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; + + name = exe.FileDescription; // Found in "OMGDBP.OCX" ("Touch" by Amerie). - name = exe.FileDescription; if (name.OptionalStartsWith("LGDiscComp Module", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "OMGDWRAP.DLL" ("Touch" by Amerie). if (name.OptionalStartsWith("LGDSimplePlayer Module", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "OMGLGD.DLL" ("Touch" by Amerie). if (name.OptionalStartsWith("omglgd Module", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "OMGUTILS.DLL" ("Touch" by Amerie). if (name.OptionalStartsWith("OpenMG Utility", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "SALWRAP.DLL" ("Touch" by Amerie). if (name.OptionalStartsWith("Secure Application Loader Wrapper", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "SDKHM.DLL" ("Touch" by Amerie). // Not every copy of this file has this File Description (Redump entry 95010). if (name.OptionalStartsWith("SDKHM (KEEP)", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; // Found in "SDKHM.EXE" ("Touch" by Amerie). // Not every copy of this file has this File Description (Redump entry 95010). if (name.OptionalStartsWith("SDKHM (KEPT)", StringComparison.OrdinalIgnoreCase)) - return $"OpenMG"; + return "OpenMG"; return null; } diff --git a/BinaryObjectScanner/Protection/Origin.cs b/BinaryObjectScanner/Protection/Origin.cs index 270c5348..3e45620e 100644 --- a/BinaryObjectScanner/Protection/Origin.cs +++ b/BinaryObjectScanner/Protection/Origin.cs @@ -12,11 +12,13 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase)) return "Origin"; name = exe.ProductName; + if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase)) return "Origin"; diff --git a/BinaryObjectScanner/Protection/PlayJ.cs b/BinaryObjectScanner/Protection/PlayJ.cs index 9008cf17..e835aeef 100644 --- a/BinaryObjectScanner/Protection/PlayJ.cs +++ b/BinaryObjectScanner/Protection/PlayJ.cs @@ -16,20 +16,23 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - var name = exe.FileDescription; if (name.OptionalStartsWith("PlayJ Music Player", StringComparison.OrdinalIgnoreCase)) - return $"PlayJ Music Player"; + return "PlayJ Music Player"; + + name = exe.FileDescription; // Found in "PJSTREAM.DLL" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - name = exe.FileDescription; if (name.OptionalStartsWith("EVAUX32 Module", StringComparison.OrdinalIgnoreCase)) - return $"PlayJ Music Player Component"; + return "PlayJ Music Player Component"; + + name = exe.ProductName; // Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). - name = exe.ProductName; if (name.OptionalStartsWith("PlayJ", StringComparison.OrdinalIgnoreCase)) - return $"PlayJ"; + return "PlayJ"; return null; } diff --git a/BinaryObjectScanner/Protection/RainbowSentinel.cs b/BinaryObjectScanner/Protection/RainbowSentinel.cs index a87afea5..c0faf598 100644 --- a/BinaryObjectScanner/Protection/RainbowSentinel.cs +++ b/BinaryObjectScanner/Protection/RainbowSentinel.cs @@ -131,7 +131,7 @@ namespace BinaryObjectScanner.Protection { // TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", "SNTI386.DLL", and "SX32W.DL_"/"SX32W.DLL" aren't getting read properly, causing checks for these files to not work. - var name = exe.FileDescription; + string? name = exe.FileDescription; // Found in "RNBOVTMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]". if (name.OptionalEquals("Rainbow Technologies Virtual Device Driver", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/RealArcade.cs b/BinaryObjectScanner/Protection/RealArcade.cs index 05ab809f..f804e876 100644 --- a/BinaryObjectScanner/Protection/RealArcade.cs +++ b/BinaryObjectScanner/Protection/RealArcade.cs @@ -18,8 +18,14 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - // Get the .data section strings, if they exist - var strs = exe.GetFirstSectionStrings(".data"); + string? name = exe.FileDescription; + + // Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA". + if (name.OptionalContains("RngInterstitial")) + return "RealArcade"; + + // Get the .data/DATA section strings, if they exist + var strs = exe.GetFirstSectionStrings(".data") ?? exe.GetFirstSectionStrings("DATA"); if (strs != null) { // Found in "rebound.exe" in the installation directory for "Rebound" in IA item "Nova_RealArcadeCD_USA". @@ -27,11 +33,6 @@ namespace BinaryObjectScanner.Protection return "RealArcade"; } - // Found in "RngInterstitial.dll" in the RealArcade installation directory in IA item "Nova_RealArcadeCD_USA". - var name = exe.FileDescription; - if (name.OptionalContains("RngInterstitial")) - return "RealArcade"; - return null; } diff --git a/BinaryObjectScanner/Protection/SecuROM.cs b/BinaryObjectScanner/Protection/SecuROM.cs index d266254b..4b954311 100644 --- a/BinaryObjectScanner/Protection/SecuROM.cs +++ b/BinaryObjectScanner/Protection/SecuROM.cs @@ -116,7 +116,7 @@ namespace BinaryObjectScanner.Protection } // Alf.dll - var name = exe.ProductName; + string? name = exe.ProductName; if (name.OptionalEquals("DFA Unlock Dll")) return $"SecuROM DFA Unlock v{exe.GetInternalVersion()}"; @@ -453,7 +453,7 @@ namespace BinaryObjectScanner.Protection /// private static string? CheckProductActivation(PortableExecutable exe) { - var name = exe.FileDescription; + string? name = exe.FileDescription; if (name.OptionalContains("SecuROM PA")) return $"SecuROM Product Activation v{exe.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/SmartE.cs b/BinaryObjectScanner/Protection/SmartE.cs index 52052c8e..c46b76be 100644 --- a/BinaryObjectScanner/Protection/SmartE.cs +++ b/BinaryObjectScanner/Protection/SmartE.cs @@ -11,9 +11,11 @@ namespace BinaryObjectScanner.Protection { public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.InternalName; + // Only works on stub generated from running the program yourself - if (exe.InternalName.OptionalEquals("SmarteSECURE")) - return "SmartE"; + if (name.OptionalEquals("SmarteSECURE")) + return "SmartE"; var sections = exe.SectionTable ?? []; diff --git a/BinaryObjectScanner/Protection/SoftLock.cs b/BinaryObjectScanner/Protection/SoftLock.cs index 90f9bbb8..c051aec4 100644 --- a/BinaryObjectScanner/Protection/SoftLock.cs +++ b/BinaryObjectScanner/Protection/SoftLock.cs @@ -16,13 +16,15 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.InternalName; + // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" - var name = exe.InternalName; if (name.OptionalEquals("Softlock Protected Application")) return "SoftLock"; - // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" name = exe.Comments; + + // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" if (name.OptionalEquals("Softlock Protected Application")) return "SoftLock"; @@ -56,8 +58,8 @@ namespace BinaryObjectScanner.Protection // and dialog boxes. See if any of those are unique to SoftLock. // Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP" - var strings = exe.GetFirstSectionStrings(".section") ?? []; - if (strings.Exists(s => s.Contains("SOFTLOCKPROTECTION"))) + var strs = exe.GetFirstSectionStrings(".section") ?? []; + if (strs.Exists(s => s.Contains("SOFTLOCKPROTECTION"))) return "SoftLock"; // Investigate if the ".section" section is an indicator of SoftLock diff --git a/BinaryObjectScanner/Protection/SolidShield.cs b/BinaryObjectScanner/Protection/SolidShield.cs index 83c5aa6d..58edd3d5 100644 --- a/BinaryObjectScanner/Protection/SolidShield.cs +++ b/BinaryObjectScanner/Protection/SolidShield.cs @@ -17,7 +17,8 @@ namespace BinaryObjectScanner.Protection { // TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166. - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalStartsWith("DVM Library", StringComparison.OrdinalIgnoreCase)) return $"SolidShield {exe.GetInternalVersion()}"; @@ -36,9 +37,9 @@ namespace BinaryObjectScanner.Protection return $"SolidShield {GetInternalVersion(exe)}"; name = exe.ProductName; + if (name.OptionalStartsWith("Solidshield Activation Library", StringComparison.OrdinalIgnoreCase)) return $"SolidShield Core.dll {exe.GetInternalVersion()}"; - else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase)) return $"SolidShield Core.dll {exe.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/StarForce.cs b/BinaryObjectScanner/Protection/StarForce.cs index ceb6525e..35d9fd4f 100644 --- a/BinaryObjectScanner/Protection/StarForce.cs +++ b/BinaryObjectScanner/Protection/StarForce.cs @@ -19,9 +19,7 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - #region File Description - - var name = exe.FileDescription; + string? name = exe.FileDescription; // There are some File Description checks that are currently too generic to use. // "Host Library" - Found in "protect.dll" in Redump entry 81756. @@ -30,7 +28,7 @@ namespace BinaryObjectScanner.Protection // Found in "sfdrvrem.exe" in Redump entry 102677. if (name.OptionalContains("FrontLine Drivers Removal Tool")) - return $"StarForce FrontLine Driver Removal Tool"; + return "StarForce FrontLine Driver Removal Tool"; // Found in "protect.exe" in Redump entry 94805. if (name.OptionalContains("FrontLine Protection GUI Application")) @@ -46,27 +44,21 @@ namespace BinaryObjectScanner.Protection // TODO: Find a sample of this check. if (name.OptionalContains("Protected Module")) - return $"StarForce 5"; - - #endregion - - #region Legal Copyright + return "StarForce 5"; name = exe.LegalCopyright; + if (name.OptionalStartsWith("(c) Protection Technology")) // (c) Protection Technology (StarForce)? return $"StarForce {exe.GetInternalVersion()}"; else if (name.OptionalContains("Protection Technology")) // Protection Technology (StarForce)? return $"StarForce {exe.GetInternalVersion()}"; - #endregion - - #region Trade Name + name = exe.TradeName; // FrontLine ProActive (digital activation), samples: // https://dbox.tools/titles/pc/46450FA4/ // https://dbox.tools/titles/pc/4F430FA0/ // https://dbox.tools/titles/pc/53450FA1/ - name = exe.TradeName; if (name.OptionalContains("FL ProActive")) return "FrontLine ProActive"; @@ -75,10 +67,6 @@ namespace BinaryObjectScanner.Protection if (name.OptionalContains("SF Crypto")) return "StarForce Crypto"; - #endregion - - #region Internal Name - // TODO: Decide if internal name checks are safe to use. name = exe.InternalName; @@ -98,8 +86,6 @@ namespace BinaryObjectScanner.Protection // else if (name.OptionalEquals("protect.exe", StringComparison.Ordinal)) // return $"StarForce {Tools.Utilities.GetInternalVersion(exe)}"; - #endregion - // Check the export name table if (exe.ExportTable?.ExportNameTable?.Strings != null) { diff --git a/BinaryObjectScanner/Protection/Steam.cs b/BinaryObjectScanner/Protection/Steam.cs index 9a3dacfe..ffef425a 100644 --- a/BinaryObjectScanner/Protection/Steam.cs +++ b/BinaryObjectScanner/Protection/Steam.cs @@ -11,7 +11,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalContains("Steam Autorun Setup")) return "Steam"; else if (name.OptionalContains("Steam Client API")) @@ -22,6 +23,7 @@ namespace BinaryObjectScanner.Protection return "Steam"; name = exe.ProductName; + if (name.OptionalContains("Steam Autorun Setup")) return "Steam"; else if (name.OptionalContains("Steam Client API")) diff --git a/BinaryObjectScanner/Protection/Tages.cs b/BinaryObjectScanner/Protection/Tages.cs index 5756c3a8..eea4c726 100644 --- a/BinaryObjectScanner/Protection/Tages.cs +++ b/BinaryObjectScanner/Protection/Tages.cs @@ -24,13 +24,15 @@ namespace BinaryObjectScanner.Protection // - TagesClient.exe // - TagesClient.dat (Does not always exist) - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalStartsWith("TagesSetup", StringComparison.OrdinalIgnoreCase)) return $"TAGES Driver Setup {GetVersion(exe)}"; else if (name.OptionalStartsWith("Tagès activation client", StringComparison.OrdinalIgnoreCase)) return $"TAGES Activation Client {GetVersion(exe)}"; name = exe.ProductName; + if (name.OptionalStartsWith("Application TagesSetup", StringComparison.OrdinalIgnoreCase)) return $"TAGES Driver Setup {GetVersion(exe)}"; else if (name.OptionalStartsWith("T@GES", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs index bf9bac54..e58f8d57 100644 --- a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs +++ b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs @@ -10,9 +10,9 @@ namespace BinaryObjectScanner.Protection { // Check the dialog box resources if (exe.FindDialogByTitle("321Studios Activation").Count > 0) - return $"321Studios Online Activation"; + return "321Studios Online Activation"; else if (exe.FindDialogByTitle("321Studios Phone Activation").Count > 0) - return $"321Studios Online Activation"; + return "321Studios Online Activation"; return null; } diff --git a/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs b/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs index a9c2003f..d069af82 100644 --- a/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs +++ b/BinaryObjectScanner/Protection/UnilocSoftAnchor.cs @@ -23,31 +23,36 @@ namespace BinaryObjectScanner.Protection // TODO: Add version number finding // TODO: Come to an agreement as to what the version should be + string? name = exe.CompanyName; + // Found in Redump entry 114428 // Found in Alpha Protocol -- TODO: Get Redump ID(s) - var name = exe.CompanyName; if (name.OptionalStartsWith("Uniloc USA")) return "Uniloc SoftAnchor"; - // Found in Alpha Protocol -- TODO: Get Redump ID(s) name = exe.InternalName; + + // Found in Alpha Protocol -- TODO: Get Redump ID(s) if (name.OptionalStartsWith("saAudit")) return "Uniloc SoftAnchor"; - // Found in Redump entry 114428 name = exe.LegalCopyright; + + // Found in Redump entry 114428 if (name.OptionalContains("Uniloc")) return "Uniloc SoftAnchor"; - // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010 name = exe.OriginalFilename; + + // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010 if (name.OptionalEquals("saAudit.dll")) return "Uniloc SoftAnchor"; if (name.OptionalEquals("saui.dll")) return "Uniloc SoftAnchor"; - // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010 name = exe.ProductName; + + // Found via https://www.pcgamingwiki.com/wiki/Football_Manager_2010 if (name.OptionalStartsWith("saAudit")) return "Uniloc SoftAnchor"; diff --git a/BinaryObjectScanner/Protection/Uplay.cs b/BinaryObjectScanner/Protection/Uplay.cs index 9994845b..35f1fe4f 100644 --- a/BinaryObjectScanner/Protection/Uplay.cs +++ b/BinaryObjectScanner/Protection/Uplay.cs @@ -14,7 +14,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalContains("Ubisoft Connect Installer")) return "Uplay / Ubisoft Connect"; else if (name.OptionalContains("Ubisoft Connect Service")) @@ -29,9 +30,10 @@ namespace BinaryObjectScanner.Protection return "Uplay / Ubisoft Connect"; else if (name.OptionalContains("Uplay launcher")) return "Uplay / Ubisoft Connect"; + + name = exe.ProductName; // There's also a variant that looks like "Uplay installer" - name = exe.ProductName; if (name.OptionalContains("Ubisoft Connect")) return "Uplay / Ubisoft Connect"; else if (name.OptionalContains("Uplay")) diff --git a/BinaryObjectScanner/Protection/WMDS.cs b/BinaryObjectScanner/Protection/WMDS.cs index 8d278af4..6581e541 100644 --- a/BinaryObjectScanner/Protection/WMDS.cs +++ b/BinaryObjectScanner/Protection/WMDS.cs @@ -18,8 +18,9 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { + string? name = exe.FileDescription; + // Found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) - var name = exe.FileDescription; if (name.OptionalStartsWith("Windows Media Data Session Licensing Engine", StringComparison.OrdinalIgnoreCase)) return "Windows Media Data Session DRM"; diff --git a/BinaryObjectScanner/Protection/WTMCDProtect.cs b/BinaryObjectScanner/Protection/WTMCDProtect.cs index fe059a72..cd56bcaf 100644 --- a/BinaryObjectScanner/Protection/WTMCDProtect.cs +++ b/BinaryObjectScanner/Protection/WTMCDProtect.cs @@ -12,15 +12,18 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { - var name = exe.FileDescription; + string? name = exe.FileDescription; + if (name.OptionalContains("Copy Protection Viewer")) return "WTM Protection Viewer"; name = exe.LegalTrademarks; + if (name.OptionalContains("WTM Copy Protection")) return "WTM Protection Viewer"; name = exe.ProductName; + if (name.OptionalContains("WTM Copy Protection Viewer")) return "WTM Protection Viewer"; diff --git a/BinaryObjectScanner/Protection/XCP.cs b/BinaryObjectScanner/Protection/XCP.cs index 161d8ada..8dfe05aa 100644 --- a/BinaryObjectScanner/Protection/XCP.cs +++ b/BinaryObjectScanner/Protection/XCP.cs @@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection public string? CheckExecutable(string file, PortableExecutable exe, bool includeDebug) { // Get the .rdata section strings, if they exist - List? strs = exe.GetFirstSectionStrings(".rdata"); + var strs = exe.GetFirstSectionStrings(".rdata"); if (strs != null) { if (strs.Exists(s => s.Contains("XCP.DAT")))