diff --git a/BurnOutSharp/PackerType/EXEStealth.cs b/BurnOutSharp/PackerType/EXEStealth.cs
index 0b0d6577..4ed259bf 100644
--- a/BurnOutSharp/PackerType/EXEStealth.cs
+++ b/BurnOutSharp/PackerType/EXEStealth.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,10 +7,10 @@ namespace BurnOutSharp.PackerType
public class EXEStealth : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;??
new ContentMatchSet(new byte?[]
@@ -23,16 +22,8 @@ namespace BurnOutSharp.PackerType
0x3F
}, "EXE Stealth"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/PackerType/dotFuscator.cs b/BurnOutSharp/PackerType/dotFuscator.cs
index eb74aca9..4cdf1579 100644
--- a/BurnOutSharp/PackerType/dotFuscator.cs
+++ b/BurnOutSharp/PackerType/dotFuscator.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,10 +7,10 @@ namespace BurnOutSharp.PackerType
public class dotFuscator : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// DotfuscatorAttribute
new ContentMatchSet(new byte?[]
@@ -21,16 +20,8 @@ namespace BurnOutSharp.PackerType
0x62, 0x75, 0x74, 0x65
}, "dotFuscator"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/AlphaROM.cs b/BurnOutSharp/ProtectionType/AlphaROM.cs
index d0b55661..96db4a14 100644
--- a/BurnOutSharp/ProtectionType/AlphaROM.cs
+++ b/BurnOutSharp/ProtectionType/AlphaROM.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,24 +7,16 @@ namespace BurnOutSharp.ProtectionType
public class AlphaROM : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// SETTEC
new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43 }, "Alpha-ROM"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/CDDVDCops.cs b/BurnOutSharp/ProtectionType/CDDVDCops.cs
index 542a394b..767a2c55 100644
--- a/BurnOutSharp/ProtectionType/CDDVDCops.cs
+++ b/BurnOutSharp/ProtectionType/CDDVDCops.cs
@@ -9,28 +9,6 @@ namespace BurnOutSharp.ProtectionType
{
public class CDDVDCops : IContentCheck, IPathCheck
{
- ///
- private List GetContentMatchSets()
- {
- // TODO: Obtain a sample to find where this string is in a typical executable
- return new List
- {
- // CD-Cops, ver.
- new ContentMatchSet(new byte?[]
- {
- 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C,
- 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
- }, GetVersion, "CD-Cops"),
-
- // DVD-Cops, ver.
- new ContentMatchSet(new byte?[]
- {
- 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73,
- 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
- }, GetVersion, "DVD-Cops"),
- };
- }
-
///
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
@@ -67,11 +45,25 @@ namespace BurnOutSharp.ProtectionType
// return "CD-Cops (Unknown Version)";
}
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
+ // TODO: Obtain a sample to find where this string is in a typical executable
+ var contentMatchSets = new List
+ {
+ // CD-Cops, ver.
+ new ContentMatchSet(new byte?[]
+ {
+ 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C,
+ 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
+ }, GetVersion, "CD-Cops"),
- return null;
+ // DVD-Cops, ver.
+ new ContentMatchSet(new byte?[]
+ {
+ 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73,
+ 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20
+ }, GetVersion, "DVD-Cops"),
+ };
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
index 85d58d9c..03eb86ca 100644
--- a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
+++ b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,24 +7,16 @@ namespace BurnOutSharp.ProtectionType
public class CDSHiELDSE : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// ~0017.tmp
new ContentMatchSet(new byte?[] { 0x7E, 0x30, 0x30, 0x31, 0x37, 0x2E, 0x74, 0x6D, 0x70 }, "CDSHiELD SE"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/CodeLock.cs b/BurnOutSharp/ProtectionType/CodeLock.cs
index aa33258c..8acab46c 100644
--- a/BurnOutSharp/ProtectionType/CodeLock.cs
+++ b/BurnOutSharp/ProtectionType/CodeLock.cs
@@ -8,21 +8,6 @@ namespace BurnOutSharp.ProtectionType
{
public class CodeLock : IContentCheck
{
- ///
- private List GetContentMatchSets()
- {
- // TODO: Obtain a sample to find where this string is in a typical executable
- return new List
- {
- // CODE-LOCK.OCX
- new ContentMatchSet(new byte?[]
- {
- 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43,
- 0x4B, 0x2E, 0x4F, 0x43, 0x58
- }, "CodeLock"),
- };
- }
-
///
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
@@ -36,11 +21,18 @@ namespace BurnOutSharp.ProtectionType
if (icdSectionCount >= 2)
return "CodeLock";
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+ // TODO: Obtain a sample to find where this string is in a typical executable
+ var contentMatchSets = new List
+ {
+ // CODE-LOCK.OCX
+ new ContentMatchSet(new byte?[]
+ {
+ 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43,
+ 0x4B, 0x2E, 0x4F, 0x43, 0x58
+ }, "CodeLock"),
+ };
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/CopyKiller.cs b/BurnOutSharp/ProtectionType/CopyKiller.cs
index d35391c8..d7481b3c 100644
--- a/BurnOutSharp/ProtectionType/CopyKiller.cs
+++ b/BurnOutSharp/ProtectionType/CopyKiller.cs
@@ -1,6 +1,5 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -9,10 +8,10 @@ namespace BurnOutSharp.ProtectionType
public class CopyKiller : IContentCheck, IPathCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// Tom Commander
new ContentMatchSet(new byte?[]
@@ -21,16 +20,8 @@ namespace BurnOutSharp.ProtectionType
0x61, 0x6E, 0x64, 0x65, 0x72
}, "CopyKiller"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/KeyLock.cs b/BurnOutSharp/ProtectionType/KeyLock.cs
index c4d3ae3d..e854c819 100644
--- a/BurnOutSharp/ProtectionType/KeyLock.cs
+++ b/BurnOutSharp/ProtectionType/KeyLock.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,10 +7,10 @@ namespace BurnOutSharp.ProtectionType
public class KeyLock : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// KEY-LOCK COMMAND
new ContentMatchSet(new byte?[]
@@ -20,16 +19,8 @@ namespace BurnOutSharp.ProtectionType
0x20, 0x43, 0x4F, 0x4D, 0x4D, 0x41, 0x4E, 0x44
}, "Key-Lock (Dongle)"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/RingPROTECH.cs b/BurnOutSharp/ProtectionType/RingPROTECH.cs
index 9b44551c..6e25c7cf 100644
--- a/BurnOutSharp/ProtectionType/RingPROTECH.cs
+++ b/BurnOutSharp/ProtectionType/RingPROTECH.cs
@@ -1,5 +1,4 @@
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -8,10 +7,10 @@ namespace BurnOutSharp.ProtectionType
public class RingPROTECH : IContentCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// (char)0x00 + Allocator + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00
new ContentMatchSet(new byte?[]
@@ -20,16 +19,8 @@ namespace BurnOutSharp.ProtectionType
0x6F, 0x72, 0x00, 0x00, 0x00, 0x00
}, "Ring PROTECH [Check disc for physical ring]"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/SafeCast.cs b/BurnOutSharp/ProtectionType/SafeCast.cs
index 505c74ae..32aadb89 100644
--- a/BurnOutSharp/ProtectionType/SafeCast.cs
+++ b/BurnOutSharp/ProtectionType/SafeCast.cs
@@ -1,7 +1,5 @@
-using System;
-using System.Collections.Concurrent;
+using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
@@ -13,10 +11,10 @@ namespace BurnOutSharp.ProtectionType
public class SafeCast : IContentCheck, IPathCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
new ContentMatchSet(new List
{
@@ -38,16 +36,8 @@ namespace BurnOutSharp.ProtectionType
},
}, GetVersion, "SafeCast"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/SafeLock.cs b/BurnOutSharp/ProtectionType/SafeLock.cs
index 07b11efc..1f412203 100644
--- a/BurnOutSharp/ProtectionType/SafeLock.cs
+++ b/BurnOutSharp/ProtectionType/SafeLock.cs
@@ -1,6 +1,5 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
@@ -9,24 +8,16 @@ namespace BurnOutSharp.ProtectionType
public class SafeLock : IContentCheck, IPathCheck
{
///
- private List GetContentMatchSets()
+ public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
// TODO: Obtain a sample to find where this string is in a typical executable
- return new List
+ var contentMatchSets = new List
{
// SafeLock
new ContentMatchSet(new byte?[] { 0x53, 0x61, 0x66, 0x65, 0x4C, 0x6F, 0x63, 0x6B }, "SafeLock"),
};
- }
-
- ///
- public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
- {
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/SolidShield.cs b/BurnOutSharp/ProtectionType/SolidShield.cs
index 97bb9010..1b967ac9 100644
--- a/BurnOutSharp/ProtectionType/SolidShield.cs
+++ b/BurnOutSharp/ProtectionType/SolidShield.cs
@@ -23,25 +23,6 @@ namespace BurnOutSharp.ProtectionType
new PathMatchSet(new PathMatch("c11prot.dll", useEndsWith: true), "SolidShield"),
};
- ///
- private List GetContentMatchSets()
- {
- // TODO: Obtain a sample to find where this string is in a typical executable
- return new List
- {
- // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA
- new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"),
-
- // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00
- new ContentMatchSet(new byte?[]
- {
- 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00,
- 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00,
- 0x53, 0x00, 0x47, 0x00, 0x54, 0x00
- }, "SolidShield [ContentMatchSet]"),
- };
- }
-
///
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
@@ -110,11 +91,22 @@ namespace BurnOutSharp.ProtectionType
}
}
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
+ // TODO: Obtain a sample to find where this string is in a typical executable
+ var contentMatchSets = new List
+ {
+ // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA
+ new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"),
- return null;
+ // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00
+ new ContentMatchSet(new byte?[]
+ {
+ 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00,
+ 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00,
+ 0x53, 0x00, 0x47, 0x00, 0x54, 0x00
+ }, "SolidShield"),
+ };
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/Tages.cs b/BurnOutSharp/ProtectionType/Tages.cs
index 8c669534..cb7b827b 100644
--- a/BurnOutSharp/ProtectionType/Tages.cs
+++ b/BurnOutSharp/ProtectionType/Tages.cs
@@ -12,26 +12,6 @@ namespace BurnOutSharp.ProtectionType
// TODO: Figure out how to use path check framework here
public class TAGES : IContentCheck, IPathCheck
{
- ///
- private List GetContentMatchSets()
- {
- // TODO: Obtain a sample to find where this string is in a typical executable
- return new List
- {
- // protected-tages-runtime.exe
- new ContentMatchSet(new byte?[]
- {
- 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65,
- 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D,
- 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E,
- 0x65, 0x78, 0x65
- }, Utilities.GetFileVersion, "TAGES"),
-
- // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8
- new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"),
- };
- }
-
///
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
@@ -56,7 +36,7 @@ namespace BurnOutSharp.ProtectionType
0x74, 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x2E,
0x63, 0x6F, 0x6D
}, start: sectionEnd),
- Utilities.GetFileVersion, "TAGES [tagesprotection.com]"),
+ Utilities.GetFileVersion, "TAGES"),
};
string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug);
@@ -64,11 +44,23 @@ namespace BurnOutSharp.ProtectionType
return match;
}
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
+ // TODO: Obtain a sample to find where this string is in a typical executable
+ var contentMatchSets = new List
+ {
+ // protected-tages-runtime.exe
+ new ContentMatchSet(new byte?[]
+ {
+ 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65,
+ 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D,
+ 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E,
+ 0x65, 0x78, 0x65
+ }, Utilities.GetFileVersion, "TAGES"),
- return null;
+ // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8
+ new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"),
+ };
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///
diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs
index ef5a63ee..c06589e7 100644
--- a/BurnOutSharp/ProtectionType/XCP.cs
+++ b/BurnOutSharp/ProtectionType/XCP.cs
@@ -12,20 +12,6 @@ namespace BurnOutSharp.ProtectionType
// TODO: Figure out how to use path check framework here
public class XCP : IContentCheck, IPathCheck
{
- ///
- private List GetContentMatchSets()
- {
- // TODO: Obtain a sample to find where this string is in a typical executable
- return new List
- {
- // xcpdrive
- new ContentMatchSet(new byte?[]
- {
- 0x78, 0x63, 0x70, 0x64, 0x72, 0x69, 0x76, 0x65
- }, "XCP"),
- };
- }
-
///
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
@@ -62,11 +48,14 @@ namespace BurnOutSharp.ProtectionType
return match;
}
- var contentMatchSets = GetContentMatchSets();
- if (contentMatchSets != null && contentMatchSets.Any())
- return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
-
- return null;
+ // TODO: Obtain a sample to find where this string is in a typical executable
+ var contentMatchSets = new List
+ {
+ // xcpdrive
+ new ContentMatchSet(new byte?[] { 0x78, 0x63, 0x70, 0x64, 0x72, 0x69, 0x76, 0x65 }, "XCP"),
+ };
+
+ return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
}
///