diff --git a/BinaryObjectScanner/FileType/Executable.cs b/BinaryObjectScanner/FileType/Executable.cs index b99ad2f6..cb37d7cd 100644 --- a/BinaryObjectScanner/FileType/Executable.cs +++ b/BinaryObjectScanner/FileType/Executable.cs @@ -47,7 +47,7 @@ namespace BinaryObjectScanner.FileType public string? Detect(Stream stream, string file, bool includeDebug) { // Get all non-nested protections - var protections = DetectDict(stream, file, scanner: null, includeDebug); + var protections = DetectDict(stream, file, getProtections: null, includeDebug); if (protections.Count == 0) return null; @@ -66,7 +66,10 @@ namespace BinaryObjectScanner.FileType /// Ideally, we wouldn't need to circumvent the proper handling of file types just for Executable, /// but due to the complexity of scanning, this is not currently possible. /// - public ProtectionDictionary DetectDict(Stream stream, string file, Scanner? scanner, bool includeDebug) + public ProtectionDictionary DetectDict(Stream stream, + string file, + Func? getProtections, + bool includeDebug) { // Create the output dictionary var protections = new ProtectionDictionary(); @@ -99,7 +102,7 @@ namespace BinaryObjectScanner.FileType protections.Append(file, subProtections.Values); // Extractable checks - var extractedProtections = HandleExtractableProtections(file, mz, subProtections.Keys, scanner, includeDebug); + var extractedProtections = HandleExtractableProtections(file, mz, subProtections.Keys, getProtections, includeDebug); protections.Append(extractedProtections); } else if (wrapper is LinearExecutable lex) @@ -109,7 +112,7 @@ namespace BinaryObjectScanner.FileType protections.Append(file, subProtections.Values); // Extractable checks - var extractedProtections = HandleExtractableProtections(file, lex, subProtections.Keys, scanner, includeDebug); + var extractedProtections = HandleExtractableProtections(file, lex, subProtections.Keys, getProtections, includeDebug); protections.Append(extractedProtections); } else if (wrapper is NewExecutable nex) @@ -119,7 +122,7 @@ namespace BinaryObjectScanner.FileType protections.Append(file, subProtections.Values); // Extractable checks - var extractedProtections = HandleExtractableProtections(file, nex, subProtections.Keys, scanner, includeDebug); + var extractedProtections = HandleExtractableProtections(file, nex, subProtections.Keys, getProtections, includeDebug); protections.Append(extractedProtections); } else if (wrapper is PortableExecutable pex) @@ -129,7 +132,7 @@ namespace BinaryObjectScanner.FileType protections.Append(file, subProtections.Values); // Extractable checks - var extractedProtections = HandleExtractableProtections(file, pex, subProtections.Keys, scanner, includeDebug); + var extractedProtections = HandleExtractableProtections(file, pex, subProtections.Keys, getProtections, includeDebug); protections.Append(extractedProtections); } @@ -236,13 +239,13 @@ namespace BinaryObjectScanner.FileType /// Name of the source file of the stream, for tracking /// Executable to scan the contents of /// Set of classes returned from Exectuable scans - /// Scanner for handling recursive protections + /// Optional function for handling recursive protections /// True to include debug data, false otherwise /// Set of protections found from extraction, empty on error private static ProtectionDictionary HandleExtractableProtections(string file, T exe, IEnumerable checks, - Scanner? scanner, + Func? getProtections, bool includeDebug) where T : WrapperBase where U : IExecutableCheck @@ -260,7 +263,7 @@ namespace BinaryObjectScanner.FileType .Select(c => c as IExtractableExecutable); extractables.IterateWithAction(extractable => { - var subProtections = PerformExtractableCheck(extractable!, file, exe, scanner, includeDebug); + var subProtections = PerformExtractableCheck(extractable!, file, exe, getProtections, includeDebug); protections.Append(subProtections); }); @@ -273,13 +276,13 @@ namespace BinaryObjectScanner.FileType /// Name of the source file of the stream, for tracking /// Executable to scan the contents of /// IExtractableExecutable class representing the file type - /// Scanner for handling recursive protections + /// Optional function for handling recursive protections /// True to include debug data, false otherwise /// Set of protections in path, empty on error private static ProtectionDictionary PerformExtractableCheck(IExtractableExecutable impl, string file, T exe, - Scanner? scanner, + Func? getProtections, bool includeDebug) where T : WrapperBase { @@ -296,8 +299,8 @@ namespace BinaryObjectScanner.FileType // Collect and format all found protections ProtectionDictionary? subProtections = null; - if (extracted) - subProtections = scanner?.GetProtections(tempPath); + if (extracted && getProtections != null) + subProtections = getProtections(tempPath); // If temp directory cleanup fails try diff --git a/BinaryObjectScanner/Scanner.cs b/BinaryObjectScanner/Scanner.cs index 2be74cd8..cdee470d 100644 --- a/BinaryObjectScanner/Scanner.cs +++ b/BinaryObjectScanner/Scanner.cs @@ -273,7 +273,7 @@ namespace BinaryObjectScanner executable.IncludeGameEngines = _options.ScanGameEngines; executable.IncludePackers = _options.ScanPackers; - var subProtections = executable.DetectDict(stream, fileName, this, _options.IncludeDebug); + var subProtections = executable.DetectDict(stream, fileName, GetProtections, _options.IncludeDebug); protections.Append(subProtections); }