Merge branch 'master' of https://github.com/mnadareski/BurnOutSharp

2026-02-14 21:33:08 +00:00 · 2021-03-21 22:37:25 -07:00
parent 15ae2441c3 6b8f8957de
commit f1c165845f
3 changed files with 66 additions and 0 deletions
--- a/BurnOutSharp/PackerType/AdvancedInstaller.cs
+++ b/BurnOutSharp/PackerType/AdvancedInstaller.cs
@@ -0,0 +1,20 @@
+using System;
+using System.IO;
+
+namespace BurnOutSharp.PackerType
+{
+    // TODO: Add extraction and verify that all versions are detected
+    public class AdvancedInstaller : IContentCheck
+    {
+        /// <inheritdoc/>
+        public string CheckContents(string file, byte[] fileContent, bool includePosition = false)
+        {
+            // Software\Caphyon\Advanced Installer
+            byte?[] check = new byte?[] { 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E, 0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65, 0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, 0x6C, 0x65, 0x72 };
+            if (fileContent.FirstPosition(check, out int position))
+                return "Caphyon Advanced Installer" + (includePosition ? $" (Index {position})" : string.Empty);
+
+            return null;
+        }
+    }
+}
--- a/BurnOutSharp/PackerType/CExe.cs
+++ b/BurnOutSharp/PackerType/CExe.cs
@@ -0,0 +1,44 @@
+using System.Collections.Generic;
+using System.IO;
+
+namespace BurnOutSharp.PackerType
+{
+    // The official website for CExe also includes the source code (which does have to be retrieved by the Wayback Machine). http://www.scottlu.com/Content/CExe.html
+    public class CExe : IContentCheck, IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic) => true;
+
+        /// <inheritdoc/>
+        public string CheckContents(string file, byte[] fileContent, bool includePosition = false)
+        {
+            // "%WoÁa6.’a6.’a6.’a6.’{6.’.).’f6.’‰).’`6.’Ù0.’`6.’"
+            byte?[] check = new byte?[] { 0x25, 0x57, 0x6F, 0xC1, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x00, 0x92, 0x7B, 0x36, 0x01, 0x92, 0x03, 0x29, 0x12, 0x92, 0x66, 0x36, 0x01, 0x92, 0x89, 0x29, 0x0A, 0x92, 0x60, 0x36, 0x01, 0x92, 0xD9, 0x30, 0x07, 0x92, 0x60, 0x36, 0x01, 0x92 };
+            if (fileContent.FirstPosition(check, out int position, end: 200))
+            {
+                return "CExe";
+            }
+
+            return null;
+        }
+
+        /// <inheritdoc/>
+        public Dictionary<string, List<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        // TODO: Add extraction if viable
+        public Dictionary<string, List<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            return null;
+        }
+    }
+}
--- a/README.md
+++ b/README.md
@@ -88,7 +88,9 @@ Below is a list of the protections that can be detected using this code:

 Below is a list of the executable packers that can be detected using this code:

+- Advanced Installer
 - Armadillo
+- CExe
 - dotFuscator
 - EXE Stealth
 - Inno Setup