mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-04-19 04:32:55 +00:00
IExtractableExecutable extends IExecutableCheck
This commit is contained in:
Matt Nadareski
2
.vscode/launch.json
vendored
2
.vscode/launch.json
vendored
@@ -11,7 +11,7 @@
|
||||
"preLaunchTask": "build",
|
||||
// If you have changed target frameworks, make sure to update the program path.
|
||||
"program": "${workspaceFolder}/ProtectionScan/bin/Debug/net8.0/ProtectionScan.dll",
|
||||
"args": [],
|
||||
"args": ["/mnt/b/BurnOutSharp Testing Files/PackerType/NSIS/"],
|
||||
"cwd": "${workspaceFolder}/ProtectionScan",
|
||||
// For more information about the 'console' field, see https://aka.ms/VSCode-CS-LaunchJson-Console
|
||||
"console": "internalConsole",
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Interfaces
|
||||
/// <summary>
|
||||
/// Mark an executable type as being able to be extracted
|
||||
/// </summary>
|
||||
public interface IExtractableExecutable<T> where T : WrapperBase
|
||||
public interface IExtractableExecutable<T> : IExecutableCheck<T> where T : WrapperBase
|
||||
{
|
||||
/// <summary>
|
||||
/// Extract an Executable to a path, if possible
|
||||
|
||||
@@ -8,7 +8,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
public class ASPack : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class ASPack : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
// TODO: Verify that all versions are detected
|
||||
public class AdvancedInstaller : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class AdvancedInstaller : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
|
||||
// Created by IndigoRose (creators of Setup Factory), primarily to be used to create autorun menus for various media.
|
||||
// Official website: https://www.autoplay.org/
|
||||
// TODO: Add extraction
|
||||
public class AutoPlayMediaStudio : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class AutoPlayMediaStudio : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
|
||||
// The official website for CExe also includes the source code (which does have to be retrieved by the Wayback Machine)
|
||||
// http://www.scottlu.com/Content/CExe.html
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class CExe : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class CExe : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
public class DotFuscator : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class DotFuscator : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -15,7 +15,7 @@ namespace BinaryObjectScanner.Packer
|
||||
///
|
||||
/// Resource that could be useful for extraction: https://github.com/SychicBoy/NETReactorSlayer
|
||||
/// </summary>
|
||||
public class DotNetReactor : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class DotNetReactor : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace BinaryObjectScanner.Packer
|
||||
// TODO: Detect 3.15 and up (maybe looking for `Metamorphism`)
|
||||
// TODO: Add extraction
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class EXEStealth : IContentCheck, IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class EXEStealth : IContentCheck, IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckContents(string file, byte[] fileContent, bool includeDebug)
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace BinaryObjectScanner.Packer
|
||||
/// Though not technically a packer, this detection is for any executables that include
|
||||
/// others in their resources in some uncompressed manner to be used at runtime.
|
||||
/// </summary>
|
||||
public class EmbeddedExecutable : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class EmbeddedExecutable : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class GenteeInstaller : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class GenteeInstaller : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
|
||||
// https://www.reddit.com/r/riseofincarnates/comments/m3vbnm/subreddit_revival_does_anyone_still_have_rise_of/
|
||||
// https://steamcommunity.com/app/310950/discussions/0/4224890554455490819/
|
||||
// https://github.com/horsicq/Detect-It-Easy/blob/63a1aa8bb23ca02d8a7fd5936db8dbc5c5d52dea/db/PE/HyperTech%20Crackproof.2.sg
|
||||
public class HyperTechCrackProof : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class HyperTechCrackProof : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -10,7 +10,6 @@ namespace BinaryObjectScanner.Packer
|
||||
// TODO: Add extraction - https://github.com/dscharrer/InnoExtract
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class InnoSetup : IExecutableCheck<NewExecutable>,
|
||||
IExecutableCheck<PortableExecutable>,
|
||||
IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction, which may be possible with the current libraries but needs to be investigated further.
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class InstallAnywhere : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class InstallAnywhere : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction - https://github.com/Bioruebe/UniExtract2
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class InstallerVISE : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class InstallerVISE : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
//TODO: Add exact version detection for Windows builds, make sure versions before 3.X are detected as well, and detect the Mac builds.
|
||||
/// <inheritdoc/>
|
||||
|
||||
@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction, seems to primarily use MSZip compression.
|
||||
public class IntelInstallationFramework : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class IntelInstallationFramework : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction, which should be possible with LibMSPackN, but it refuses to extract due to SFX files lacking the typical CAB identifiers.
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class MicrosoftCABSFX : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class MicrosoftCABSFX : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -5,7 +5,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
public class NSIS : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class NSIS : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -13,7 +13,7 @@ namespace BinaryObjectScanner.Packer
|
||||
/// PEiD scanning definitions that include NeoLite: https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
/// Website listing various packers, including NeoLite: http://protools.narod.ru/packers.htm
|
||||
/// </summary>
|
||||
public class NeoLite : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class NeoLite : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
// TODO: Find samples of NeoLite 1.X.
|
||||
/// <inheritdoc/>
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Better version detection - https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
// TODO: Add extraction
|
||||
public class PECompact : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class PECompact : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class PEtite : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class PEtite : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -7,7 +7,7 @@ namespace BinaryObjectScanner.Packer
|
||||
// TODO: Add extraction, which is possible but the only tools available that can
|
||||
// do this seem to be Universal Extractor 2 and InstallExplorer (https://totalcmd.net/plugring/InstallExplorer.html)
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class SetupFactory : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class SetupFactory : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -4,7 +4,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
public class SevenZipSFX : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class SevenZipSFX : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class Shrinker : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class Shrinker : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -9,7 +9,7 @@ namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// TODO: Add extraction
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class UPX : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class UPX : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
private static readonly Regex _oldUpxVersionMatch = new Regex(@"\$Id: UPX (.*?) Copyright \(C\)", RegexOptions.Compiled);
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
public class WinRARSFX : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class WinRARSFX : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
@@ -5,10 +5,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
public class WinZipSFX : IExecutableCheck<NewExecutable>,
|
||||
IExecutableCheck<PortableExecutable>,
|
||||
IExtractableExecutable<NewExecutable>,
|
||||
IExtractableExecutable<PortableExecutable>
|
||||
public class WinZipSFX : IExtractableExecutable<NewExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
|
||||
@@ -13,10 +13,7 @@ using WiseUnpacker.EWISE;
|
||||
namespace BinaryObjectScanner.Packer
|
||||
{
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
public class WiseInstaller : IExecutableCheck<NewExecutable>,
|
||||
IExecutableCheck<PortableExecutable>,
|
||||
IExtractableExecutable<NewExecutable>,
|
||||
IExtractableExecutable<PortableExecutable>
|
||||
public class WiseInstaller : IExtractableExecutable<NewExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
|
||||
@@ -18,7 +18,7 @@ namespace BinaryObjectScanner.Protection
|
||||
// TODO: Add version checking, if possible
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
|
||||
public class Armadillo : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
public class Armadillo : IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
|
||||
Reference in New Issue
Block a user