From dbc841cb7fb81fd509d1fec469f9527a163b2839 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Tue, 14 Sep 2021 11:33:53 -0700 Subject: [PATCH] Clean up formatting of remaining full content checks --- BurnOutSharp/PackerType/EXEStealth.cs | 17 ++------- BurnOutSharp/PackerType/dotFuscator.cs | 17 ++------- BurnOutSharp/ProtectionType/AlphaROM.cs | 17 ++------- BurnOutSharp/ProtectionType/CDDVDCops.cs | 44 +++++++++------------- BurnOutSharp/ProtectionType/CDSHiELDSE.cs | 17 ++------- BurnOutSharp/ProtectionType/CodeLock.cs | 32 ++++++---------- BurnOutSharp/ProtectionType/CopyKiller.cs | 17 ++------- BurnOutSharp/ProtectionType/KeyLock.cs | 17 ++------- BurnOutSharp/ProtectionType/RingPROTECH.cs | 17 ++------- BurnOutSharp/ProtectionType/SafeCast.cs | 20 +++------- BurnOutSharp/ProtectionType/SafeLock.cs | 17 ++------- BurnOutSharp/ProtectionType/SolidShield.cs | 38 ++++++++----------- BurnOutSharp/ProtectionType/Tages.cs | 42 +++++++++------------ BurnOutSharp/ProtectionType/XCP.cs | 27 ++++--------- 14 files changed, 107 insertions(+), 232 deletions(-) diff --git a/BurnOutSharp/PackerType/EXEStealth.cs b/BurnOutSharp/PackerType/EXEStealth.cs index 0b0d6577..4ed259bf 100644 --- a/BurnOutSharp/PackerType/EXEStealth.cs +++ b/BurnOutSharp/PackerType/EXEStealth.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,10 +7,10 @@ namespace BurnOutSharp.PackerType public class EXEStealth : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;?? new ContentMatchSet(new byte?[] @@ -23,16 +22,8 @@ namespace BurnOutSharp.PackerType 0x3F }, "EXE Stealth"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/PackerType/dotFuscator.cs b/BurnOutSharp/PackerType/dotFuscator.cs index eb74aca9..4cdf1579 100644 --- a/BurnOutSharp/PackerType/dotFuscator.cs +++ b/BurnOutSharp/PackerType/dotFuscator.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,10 +7,10 @@ namespace BurnOutSharp.PackerType public class dotFuscator : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // DotfuscatorAttribute new ContentMatchSet(new byte?[] @@ -21,16 +20,8 @@ namespace BurnOutSharp.PackerType 0x62, 0x75, 0x74, 0x65 }, "dotFuscator"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/AlphaROM.cs b/BurnOutSharp/ProtectionType/AlphaROM.cs index d0b55661..96db4a14 100644 --- a/BurnOutSharp/ProtectionType/AlphaROM.cs +++ b/BurnOutSharp/ProtectionType/AlphaROM.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,24 +7,16 @@ namespace BurnOutSharp.ProtectionType public class AlphaROM : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // SETTEC new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43 }, "Alpha-ROM"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/CDDVDCops.cs b/BurnOutSharp/ProtectionType/CDDVDCops.cs index 542a394b..767a2c55 100644 --- a/BurnOutSharp/ProtectionType/CDDVDCops.cs +++ b/BurnOutSharp/ProtectionType/CDDVDCops.cs @@ -9,28 +9,6 @@ namespace BurnOutSharp.ProtectionType { public class CDDVDCops : IContentCheck, IPathCheck { - /// - private List GetContentMatchSets() - { - // TODO: Obtain a sample to find where this string is in a typical executable - return new List - { - // CD-Cops, ver. - new ContentMatchSet(new byte?[] - { - 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, - 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 - }, GetVersion, "CD-Cops"), - - // DVD-Cops, ver. - new ContentMatchSet(new byte?[] - { - 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, - 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 - }, GetVersion, "DVD-Cops"), - }; - } - /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { @@ -67,11 +45,25 @@ namespace BurnOutSharp.ProtectionType // return "CD-Cops (Unknown Version)"; } - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + // TODO: Obtain a sample to find where this string is in a typical executable + var contentMatchSets = new List + { + // CD-Cops, ver. + new ContentMatchSet(new byte?[] + { + 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, + 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 + }, GetVersion, "CD-Cops"), - return null; + // DVD-Cops, ver. + new ContentMatchSet(new byte?[] + { + 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, + 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 + }, GetVersion, "DVD-Cops"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs index 85d58d9c..03eb86ca 100644 --- a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs +++ b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,24 +7,16 @@ namespace BurnOutSharp.ProtectionType public class CDSHiELDSE : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // ~0017.tmp new ContentMatchSet(new byte?[] { 0x7E, 0x30, 0x30, 0x31, 0x37, 0x2E, 0x74, 0x6D, 0x70 }, "CDSHiELD SE"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/CodeLock.cs b/BurnOutSharp/ProtectionType/CodeLock.cs index aa33258c..8acab46c 100644 --- a/BurnOutSharp/ProtectionType/CodeLock.cs +++ b/BurnOutSharp/ProtectionType/CodeLock.cs @@ -8,21 +8,6 @@ namespace BurnOutSharp.ProtectionType { public class CodeLock : IContentCheck { - /// - private List GetContentMatchSets() - { - // TODO: Obtain a sample to find where this string is in a typical executable - return new List - { - // CODE-LOCK.OCX - new ContentMatchSet(new byte?[] - { - 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43, - 0x4B, 0x2E, 0x4F, 0x43, 0x58 - }, "CodeLock"), - }; - } - /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { @@ -36,11 +21,18 @@ namespace BurnOutSharp.ProtectionType if (icdSectionCount >= 2) return "CodeLock"; - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + // TODO: Obtain a sample to find where this string is in a typical executable + var contentMatchSets = new List + { + // CODE-LOCK.OCX + new ContentMatchSet(new byte?[] + { + 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43, + 0x4B, 0x2E, 0x4F, 0x43, 0x58 + }, "CodeLock"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/CopyKiller.cs b/BurnOutSharp/ProtectionType/CopyKiller.cs index d35391c8..d7481b3c 100644 --- a/BurnOutSharp/ProtectionType/CopyKiller.cs +++ b/BurnOutSharp/ProtectionType/CopyKiller.cs @@ -1,6 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -9,10 +8,10 @@ namespace BurnOutSharp.ProtectionType public class CopyKiller : IContentCheck, IPathCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // Tom Commander new ContentMatchSet(new byte?[] @@ -21,16 +20,8 @@ namespace BurnOutSharp.ProtectionType 0x61, 0x6E, 0x64, 0x65, 0x72 }, "CopyKiller"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/KeyLock.cs b/BurnOutSharp/ProtectionType/KeyLock.cs index c4d3ae3d..e854c819 100644 --- a/BurnOutSharp/ProtectionType/KeyLock.cs +++ b/BurnOutSharp/ProtectionType/KeyLock.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,10 +7,10 @@ namespace BurnOutSharp.ProtectionType public class KeyLock : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // KEY-LOCK COMMAND new ContentMatchSet(new byte?[] @@ -20,16 +19,8 @@ namespace BurnOutSharp.ProtectionType 0x20, 0x43, 0x4F, 0x4D, 0x4D, 0x41, 0x4E, 0x44 }, "Key-Lock (Dongle)"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/RingPROTECH.cs b/BurnOutSharp/ProtectionType/RingPROTECH.cs index 9b44551c..6e25c7cf 100644 --- a/BurnOutSharp/ProtectionType/RingPROTECH.cs +++ b/BurnOutSharp/ProtectionType/RingPROTECH.cs @@ -1,5 +1,4 @@ using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -8,10 +7,10 @@ namespace BurnOutSharp.ProtectionType public class RingPROTECH : IContentCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // (char)0x00 + Allocator + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 new ContentMatchSet(new byte?[] @@ -20,16 +19,8 @@ namespace BurnOutSharp.ProtectionType 0x6F, 0x72, 0x00, 0x00, 0x00, 0x00 }, "Ring PROTECH [Check disc for physical ring]"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } } } diff --git a/BurnOutSharp/ProtectionType/SafeCast.cs b/BurnOutSharp/ProtectionType/SafeCast.cs index 505c74ae..32aadb89 100644 --- a/BurnOutSharp/ProtectionType/SafeCast.cs +++ b/BurnOutSharp/ProtectionType/SafeCast.cs @@ -1,7 +1,5 @@ -using System; -using System.Collections.Concurrent; +using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; using BurnOutSharp.Tools; @@ -13,10 +11,10 @@ namespace BurnOutSharp.ProtectionType public class SafeCast : IContentCheck, IPathCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { new ContentMatchSet(new List { @@ -38,16 +36,8 @@ namespace BurnOutSharp.ProtectionType }, }, GetVersion, "SafeCast"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/SafeLock.cs b/BurnOutSharp/ProtectionType/SafeLock.cs index 07b11efc..1f412203 100644 --- a/BurnOutSharp/ProtectionType/SafeLock.cs +++ b/BurnOutSharp/ProtectionType/SafeLock.cs @@ -1,6 +1,5 @@ using System.Collections.Concurrent; using System.Collections.Generic; -using System.Linq; using BurnOutSharp.ExecutableType.Microsoft; using BurnOutSharp.Matching; @@ -9,24 +8,16 @@ namespace BurnOutSharp.ProtectionType public class SafeLock : IContentCheck, IPathCheck { /// - private List GetContentMatchSets() + public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { // TODO: Obtain a sample to find where this string is in a typical executable - return new List + var contentMatchSets = new List { // SafeLock new ContentMatchSet(new byte?[] { 0x53, 0x61, 0x66, 0x65, 0x4C, 0x6F, 0x63, 0x6B }, "SafeLock"), }; - } - - /// - public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) - { - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/SolidShield.cs b/BurnOutSharp/ProtectionType/SolidShield.cs index 97bb9010..1b967ac9 100644 --- a/BurnOutSharp/ProtectionType/SolidShield.cs +++ b/BurnOutSharp/ProtectionType/SolidShield.cs @@ -23,25 +23,6 @@ namespace BurnOutSharp.ProtectionType new PathMatchSet(new PathMatch("c11prot.dll", useEndsWith: true), "SolidShield"), }; - /// - private List GetContentMatchSets() - { - // TODO: Obtain a sample to find where this string is in a typical executable - return new List - { - // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA - new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"), - - // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00, - 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00, - 0x53, 0x00, 0x47, 0x00, 0x54, 0x00 - }, "SolidShield [ContentMatchSet]"), - }; - } - /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { @@ -110,11 +91,22 @@ namespace BurnOutSharp.ProtectionType } } - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + // TODO: Obtain a sample to find where this string is in a typical executable + var contentMatchSets = new List + { + // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA + new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"), - return null; + // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00, + 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00, + 0x53, 0x00, 0x47, 0x00, 0x54, 0x00 + }, "SolidShield"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/Tages.cs b/BurnOutSharp/ProtectionType/Tages.cs index 8c669534..cb7b827b 100644 --- a/BurnOutSharp/ProtectionType/Tages.cs +++ b/BurnOutSharp/ProtectionType/Tages.cs @@ -12,26 +12,6 @@ namespace BurnOutSharp.ProtectionType // TODO: Figure out how to use path check framework here public class TAGES : IContentCheck, IPathCheck { - /// - private List GetContentMatchSets() - { - // TODO: Obtain a sample to find where this string is in a typical executable - return new List - { - // protected-tages-runtime.exe - new ContentMatchSet(new byte?[] - { - 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, - 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, - 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, - 0x65, 0x78, 0x65 - }, Utilities.GetFileVersion, "TAGES"), - - // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 - new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"), - }; - } - /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { @@ -56,7 +36,7 @@ namespace BurnOutSharp.ProtectionType 0x74, 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x2E, 0x63, 0x6F, 0x6D }, start: sectionEnd), - Utilities.GetFileVersion, "TAGES [tagesprotection.com]"), + Utilities.GetFileVersion, "TAGES"), }; string match = MatchUtil.GetFirstMatch(file, fileContent, matchers, includeDebug); @@ -64,11 +44,23 @@ namespace BurnOutSharp.ProtectionType return match; } - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); + // TODO: Obtain a sample to find where this string is in a typical executable + var contentMatchSets = new List + { + // protected-tages-runtime.exe + new ContentMatchSet(new byte?[] + { + 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, + 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, + 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, + 0x65, 0x78, 0x65 + }, Utilities.GetFileVersion, "TAGES"), - return null; + // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 + new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } /// diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs index ef5a63ee..c06589e7 100644 --- a/BurnOutSharp/ProtectionType/XCP.cs +++ b/BurnOutSharp/ProtectionType/XCP.cs @@ -12,20 +12,6 @@ namespace BurnOutSharp.ProtectionType // TODO: Figure out how to use path check framework here public class XCP : IContentCheck, IPathCheck { - /// - private List GetContentMatchSets() - { - // TODO: Obtain a sample to find where this string is in a typical executable - return new List - { - // xcpdrive - new ContentMatchSet(new byte?[] - { - 0x78, 0x63, 0x70, 0x64, 0x72, 0x69, 0x76, 0x65 - }, "XCP"), - }; - } - /// public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex) { @@ -62,11 +48,14 @@ namespace BurnOutSharp.ProtectionType return match; } - var contentMatchSets = GetContentMatchSets(); - if (contentMatchSets != null && contentMatchSets.Any()) - return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); - - return null; + // TODO: Obtain a sample to find where this string is in a typical executable + var contentMatchSets = new List + { + // xcpdrive + new ContentMatchSet(new byte?[] { 0x78, 0x63, 0x70, 0x64, 0x72, 0x69, 0x76, 0x65 }, "XCP"), + }; + + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug); } ///