SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-05-06 20:43:44 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity

Move protection scans to their own library

Browse Source 
This change also removes a couple of things from `BurnOutSharp.Tools.Utilities` that are no longer needed there. Linear executables are included in the scanning classes. Update the guides accordingly.
This commit is contained in:
Matt Nadareski
2023-03-09 23:19:27 -05:00
parent a3567d6eb2
commit e118418a23
104 changed files with 285 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
BinaryObjectScanner.Protection/ThreePLock.cs Normal file
View File

@@ -0,0 +1,31 @@
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Wrappers;
namespace BinaryObjectScanner.Protection
{
/// <remarks>
/// PiD only looks for the `.ldr` section, from testing
/// There don't seem to be any other signs that this is 3P-Lock anywhere in the example files
/// No website has been found for 3P-Lock yet
/// </remarks>
public class ThreePLock : IPortableExecutableCheck
{
/// <inheritdoc/>
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;
//This produced false positives in some DirectX 9.0c installer files
//"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
// Get the .ldr and .ldt sections, if they exist
if (pex.ContainsSection(".ldr", exact: true) && pex.ContainsSection(".ldt", exact: true))
return $"3P-Lock Copy Protection";
return null;
}
}
}