diff --git a/BurnOutSharp/FileType/Textfile.cs b/BurnOutSharp/FileType/Textfile.cs
index a6f949f2..56457fde 100644
--- a/BurnOutSharp/FileType/Textfile.cs
+++ b/BurnOutSharp/FileType/Textfile.cs
@@ -43,6 +43,14 @@ namespace BurnOutSharp.FileType
if (magic.StartsWith(new byte?[] { 0x61, 0x4C, 0x75, 0x5A }))
return true;
+ // Windows Help File
+ if (magic.StartsWith(new byte?[] { 0x3F, 0x5F, 0x03, 0x00 }))
+ return true;
+
+ // Setup information
+ if (string.Equals(extension?.TrimStart('.'), "inf", StringComparison.OrdinalIgnoreCase))
+ return true;
+
// InstallShield Script
if (string.Equals(extension?.TrimStart('.'), "ins", StringComparison.OrdinalIgnoreCase))
return true;
@@ -118,6 +126,15 @@ namespace BurnOutSharp.FileType
if (fileContent.Contains("phenoProtect"))
Utilities.AppendToDictionary(protections, file, "phenoProtect");
+ // Rainbow Sentinel
+ // Found in "SENTW95.HLP" and "SENTINEL.HLP" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (fileContent.Contains("Rainbow Sentinel Driver Help"))
+ Utilities.AppendToDictionary(protections, file, "Rainbow Sentinel");
+
+ // Found in "OEMSETUP.INF" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (fileContent.Contains("Sentinel Driver Disk"))
+ Utilities.AppendToDictionary(protections, file, "Rainbow Sentinel");
+
// The full line from a sample is as follows:
//
// The files securom_v7_01.dat and securom_v7_01.bak have been created during the installation of a SecuROM protected application.
diff --git a/BurnOutSharp/ProtectionType/RainbowSentinel.cs b/BurnOutSharp/ProtectionType/RainbowSentinel.cs
new file mode 100644
index 00000000..45c72f08
--- /dev/null
+++ b/BurnOutSharp/ProtectionType/RainbowSentinel.cs
@@ -0,0 +1,164 @@
+using System;
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Matching;
+
+namespace BurnOutSharp.ProtectionType
+{
+ ///
+ /// Rainbow Technologies Sentinel (https://www.rainbow.com.my) is a family of DRM products.
+ /// Rainbow Sentinel SuperPro: https://www.rainbow.com.my/superpro.php
+ /// TODO: Investigate other versions/products.
+ /// TODO: See if this is at all related to https://cpl.thalesgroup.com/software-monetization/all-products/sentinel-hl.
+ ///
+ public class RainbowSentinel : IPathCheck, IPortableExecutableCheck
+ {
+ ///
+ public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
+ {
+ // Get the sections from the executable, if possible
+ var sections = pex?.SectionTable;
+ if (sections == null)
+ return null;
+
+ // Get the .data section, if it exists
+ if (pex.DataSectionRaw != null)
+ {
+ var matchers = new List
+ {
+ // Rainbow SentinelSuperPro
+ // Found in "ADESKSYS.DLL"/"WINADMIN.EXE"/"WINQUERY.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\netsetup\SUPPORT\IPX".
+ new ContentMatchSet(new byte?[]
+ {
+ 0x52, 0x61, 0x69, 0x6E, 0x62, 0x6F, 0x77, 0x20,
+ 0x53, 0x65, 0x6E, 0x74, 0x69, 0x6E, 0x65, 0x6C,
+ 0x53, 0x75, 0x70, 0x65, 0x72, 0x50, 0x72, 0x6F
+ }, "Rainbow Sentinel SuperPro"),
+ };
+
+ string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ if (!string.IsNullOrWhiteSpace(match))
+ return match;
+ }
+
+ // Get the .text section, if it exists
+ if (pex.TextSectionRaw != null)
+ {
+ var matchers = new List
+ {
+ // SENTINEL.VXD
+ // Found in "ACLT.HWL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\W95LOCK".
+ // Found in "ACAD.HWL" in BA entry "Autodesk AutoCAD r14 (1997)" and IA item "auto-cad-r14-cdrom".
+ new ContentMatchSet(new byte?[]
+ {
+ 0x53, 0x45, 0x4E, 0x54, 0x49, 0x4E, 0x45, 0x4C, 0x2E, 0x56, 0x58, 0x44
+ }, "Rainbow Sentinel"),
+
+ // Rainbow SentinelSuperPro
+ // Found in "ADESKSYS.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\netsetup\SUPPORT\IPX".
+ // TODO: Investigate "Elan License Manager" mentioned here.
+ new ContentMatchSet(new byte?[]
+ {
+ 0x52, 0x61, 0x69, 0x6E, 0x62, 0x6F, 0x77, 0x20,
+ 0x53, 0x65, 0x6E, 0x74, 0x69, 0x6E, 0x65, 0x6C,
+ 0x53, 0x75, 0x70, 0x65, 0x72, 0x50, 0x72, 0x6F
+ }, "Rainbow Sentinel SuperPro"),
+ };
+
+ string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ if (!string.IsNullOrWhiteSpace(match))
+ return match;
+ }
+
+ // TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", and "SNTI386.DLL" aren't getting read properly, causing checks for these files to not work.
+
+ string name = pex.FileDescription;
+
+ // Found in "RNBOVTMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (name?.Equals("Rainbow Technologies Virtual Device Driver", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ // Found in "SENTTEMP.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (name?.Equals("Rainbow Technologies Sentinel Driver", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ // Found in "SETUPX86.EXE"/"SENTW95.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (name?.Equals("Sentinel Driver Setup DLL", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ // Found in "SNTI386.DLL"/"SENTW95.DLL" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (name?.Equals("Install, Setup - Sentinel Driver", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ name = pex.ProductName;
+
+ // Found in multiple files in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", including "RNBOVTMP.DLL", "SENTTEMP.DLL", and "SNTI386.DLL".
+ if (name?.Equals("Rainbow Technologies Sentinel", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ // Found in "SETUPX86.EXE"/"SENTW95.EXE" in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]".
+ if (name?.Equals("Sentinel Driver Setup", StringComparison.OrdinalIgnoreCase) == true)
+ return $"Rainbow Sentinel {pex.ProductVersion}";
+
+ return null;
+ }
+
+ ///
+ public ConcurrentQueue CheckDirectoryPath(string path, IEnumerable files)
+ {
+ var matchers = new List
+ {
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]" and IA item "auto-cad-r14-cdrom".
+ new PathMatchSet(new PathMatch("SENTINEL.VXD", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTSTRT.EXE", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.DLL", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.EXE", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.HLP", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]" and in IA item "auto-cad-r14-cdrom".
+ new PathMatchSet(new PathMatch("SNTI386.DLL", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]" and in IA item "auto-cad-r14-cdrom".
+ new PathMatchSet(new PathMatch("RNBOVTMP.DLL", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTINEL.HLP", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTTEMP.SYS", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entries "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]" and "Autodesk AutoCAD r14 (1997)", and IA item "auto-cad-r14-cdrom".
+ new PathMatchSet(new PathMatch("RAINB95.Z", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("RAINBNT.Z", useEndsWith: true), "Rainbow Sentinel"),
+ };
+
+ return MatchUtil.GetAllMatches(files, matchers, any: true);
+ }
+
+ ///
+ public string CheckFilePath(string path)
+ {
+ var matchers = new List
+ {
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\W95LOCK".
+ new PathMatchSet(new PathMatch("SENTINEL.VXD", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTSTRT.EXE", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.DLL", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.EXE", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTW95.HLP", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\NTLOCK".
+ new PathMatchSet(new PathMatch("SNTI386.DLL", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\aclt\DRV\NTLOCK\I386".
+ new PathMatchSet(new PathMatch("RNBOVTMP.DLL", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTINEL.HLP", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("SENTTEMP.SYS", useEndsWith: true), "Rainbow Sentinel"),
+
+ // Found in BA entry "Autodesk AutoCAD LT 98 (1998) (CD) [English] [Dutch]", folder "\data".
+ new PathMatchSet(new PathMatch("RAINB95.Z", useEndsWith: true), "Rainbow Sentinel"),
+ new PathMatchSet(new PathMatch("RAINBNT.Z", useEndsWith: true), "Rainbow Sentinel"),
+ };
+
+ return MatchUtil.GetFirstMatch(path, matchers, any: true);
+ }
+ }
+}
diff --git a/README.md b/README.md
index be54fd86..c6c24c3b 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,7 @@ Below is a list of protections detected by BurnOutSharp. The two columns explain
| ProtectDISC / VOB ProtectCD/DVD | True | False | |
| Protect DVD-Video | False | True | Unconfirmed¹ |
| PlayStation Anti-modchip | True | False | En/Jp, not "Red Hand"; PSX executables only |
+| Rainbow Sentinel | True | True | |
| Ring PROTECH / ProRing | True | True | Partially unconfirmed² |
| SafeDisc / SafeCast | True | True | Can't distinguish between some versions of SafeDisc and SafeCast |
| SafeLock | False | True | |