mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-04-22 22:23:11 +00:00
Fun with typed interfaces
This commit is contained in:
Matt Nadareski
@@ -9,7 +9,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// TODO: Figure out how to get version numbers
|
||||
public class ActiveMARK : IContentCheck, IPortableExecutableCheck
|
||||
public class ActiveMARK : IContentCheck, IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckContents(string file, byte[] fileContent, bool includeDebug)
|
||||
@@ -35,7 +35,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -18,10 +18,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://pitchbook.com/profiles/company/118805-59
|
||||
/// https://web.archive.org/web/19990417191351/http://www.aegisoft.com:80/
|
||||
/// </summary>
|
||||
public class AegiSoft : IPathCheck, IPortableExecutableCheck
|
||||
public class AegiSoft : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -40,10 +40,10 @@ namespace BinaryObjectScanner.Protection
|
||||
// - SETTEC0000SETTEC1111
|
||||
// - SOFTWARE\SETTEC
|
||||
// TODO: Are there version numbers?
|
||||
public class AlphaROM : IPortableExecutableCheck
|
||||
public class AlphaROM : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// TODO: Add support for detecting Alpha-ROM found in older games made with the RealLive engine.
|
||||
// TODO: Add version detection for Alpha-ROM.
|
||||
|
||||
@@ -18,10 +18,10 @@ namespace BinaryObjectScanner.Protection
|
||||
// TODO: Add version checking, if possible
|
||||
// https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
|
||||
public class Armadillo : IExtractableExecutable<PortableExecutable>, IPortableExecutableCheck
|
||||
public class Armadillo : IExecutableCheck<PortableExecutable>, IExtractableExecutable<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -38,10 +38,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://www.ftc.gov/sites/default/files/documents/public_comments/ftc-town-hall-address-digital-rights-management-technologies-event-takes-place-wednesday-march-25/539814-00707.pdf
|
||||
/// https://www.gamesindustry.biz/byteshield-drm-system-now-protecting-over-200-games
|
||||
/// </summary>
|
||||
public class ByteShield : IPortableExecutableCheck, IPathCheck
|
||||
public class ByteShield : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -3,10 +3,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class CDCheck : IPortableExecutableCheck
|
||||
public class CDCheck : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -63,7 +63,7 @@ namespace BinaryObjectScanner.Protection
|
||||
/// List of applications that have CD/DVD/WEB-Cops relating to a Windows update: https://www.betaarchive.com/wiki/index.php/Microsoft_KB_Archive/924867
|
||||
/// </summary>
|
||||
|
||||
public class CDDVDCops : IContentCheck, INewExecutableCheck, IPathCheck, IPortableExecutableCheck
|
||||
public class CDDVDCops : IContentCheck, IExecutableCheck<NewExecutable>, IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Investigate reference to "CD32COPS.DLL" in "WETFLIPP.QZ_" in IA item "Triada_Russian_DVD_Complete_Collection_of_Erotic_Games".
|
||||
/// <inheritdoc/>
|
||||
@@ -97,7 +97,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
{
|
||||
// TODO: Don't read entire file
|
||||
var data = nex.ReadArbitraryRange();
|
||||
@@ -141,7 +141,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -21,10 +21,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://gamecopyworld.com/games/pc_omikron.shtml
|
||||
/// https://forum.ixbt.com/topic.cgi?id=31:3985
|
||||
/// </summary>
|
||||
public class CDGuard : IPathCheck, IPortableExecutableCheck
|
||||
public class CDGuard : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -4,10 +4,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class CDKey : IPortableExecutableCheck
|
||||
public class CDKey : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -25,10 +25,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Possible false positives include Redump entries 51241, 51373, 54397, 76437.
|
||||
/// Confirmed to be present on Redump entries 24287, 31615, 34448, 35967, 36627, 37700, 37788, 43221, 55788, and 66749.
|
||||
/// </summary>
|
||||
public class CDLock : IPathCheck, IPortableExecutableCheck
|
||||
public class CDLock : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -4,10 +4,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class CDSHiELDSE : IPortableExecutableCheck
|
||||
public class CDSHiELDSE : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Games using this protection aren't able to be run from an ISO file, and presumably use DPM as a protection feature.
|
||||
/// <see href="https://github.com/TheRogueArchivist/DRML/blob/main/entries/Cenega_ProtectDVD/Cenega_ProtectDVD.md"/>
|
||||
/// </summary>
|
||||
public class CengaProtectDVD : IPathCheck, IPortableExecutableCheck
|
||||
public class CengaProtectDVD : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -20,10 +20,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Add version detection. Redump entry 116358 is version 1.x and Redump entry 12354 is 2.x, but the file versions are inconsistent.
|
||||
/// Investigate "NetActive Reach", which is is either a newer version of this DRM, or a new DRM created by the same company. (https://web.archive.org/web/20040101162921/http://www.netactive.com/Products/)
|
||||
/// </summary>
|
||||
public class Channelware : IPathCheck, IPortableExecutableCheck
|
||||
public class Channelware : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -20,10 +20,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Code-Lock FAQ: https://web.archive.org/web/20041205165232/http://www.chosenbytes.com/codefaq.php
|
||||
/// Download (Version 2.35 trial): https://web.archive.org/web/20060220121200/http://www.chosenbytes.com:80/Code-Lock_cnet.zip
|
||||
/// </summary>
|
||||
public class ChosenBytesCodeLock : IPathCheck, IPortableExecutableCheck
|
||||
public class ChosenBytesCodeLock : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -15,10 +15,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// TODO: Add support for the developer's EXE obfuscator, "EXEShield Deluxe". Most, if not all, EXEShield protected files are currently detected as "EXE Stealth" by BOS.
|
||||
/// Samples include CopyKiller (Versions 3.64 & 3.99a) and SafeDiscScanner (Version 0.16) (https://archive.org/details/safediscscanner-0.16-webstylerzone-from-unofficial-source).
|
||||
/// </summary>
|
||||
public class CopyKiller : IPathCheck, IPortableExecutableCheck
|
||||
public class CopyKiller : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// TODO: Figure out how to differentiate between V3.99 and V3.99a.
|
||||
// Get the sections from the executable, if possible
|
||||
|
||||
@@ -20,10 +20,10 @@ namespace BinaryObjectScanner.Protection
|
||||
///
|
||||
/// COPYLOK trademark: https://www.trademarkelite.com/europe/trademark/trademark-detail/000618512/COPYLOK.
|
||||
/// </summary>
|
||||
public class CopyLok : IPortableExecutableCheck
|
||||
public class CopyLok : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -14,7 +14,7 @@ namespace BinaryObjectScanner.Protection
|
||||
// TODO: Technically not necessary, but just check for light/pro first and only if it isn't found look for the other.
|
||||
// It should be an Or situation and not an And situation.
|
||||
// TODO: Figure out if Light and Professional are what designate rings and rings+disccheck
|
||||
public class CopyX : IPathCheck, IPortableExecutableCheck
|
||||
public class CopyX : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// Previous check 'Tivola Ring Protect' removed because it was found to actually be copy-x.
|
||||
// The checks were for ZDAT/webmast.dxx and ZDAT/webmast.dxx, for Redump IDs 81628 and 116418.
|
||||
@@ -58,7 +58,7 @@ namespace BinaryObjectScanner.Protection
|
||||
// Find a viable way to check the last directory alphabetically and not just ZDAT*
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Checks for Professional
|
||||
// PEX checks intentionally only detect Professional
|
||||
|
||||
@@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection
|
||||
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey%20Installer.1.sg
|
||||
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey.2.sg
|
||||
// https://github.com/wolfram77web/app-peid/blob/master/userdb.txt
|
||||
public class CrypKey : IPathCheck, IPortableExecutableCheck
|
||||
public class CrypKey : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -10,10 +10,10 @@ namespace BinaryObjectScanner.Protection
|
||||
// - Reference to `EASTL` and `EAStdC` are standard for EA products and does not indicate Cucko by itself
|
||||
// - There's little information outside of PiD detection that actually knows about Cucko
|
||||
// - Cucko is confirmed to, at least, use DMI checks.
|
||||
public class Cucko : IPortableExecutableCheck
|
||||
public class Cucko : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -25,13 +25,13 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://www.wired.com/story/empress-drm-cracking-denuvo-video-game-piracy/
|
||||
/// </summary>
|
||||
|
||||
public class Denuvo : IPathCheck, IPortableExecutableCheck
|
||||
public class Denuvo : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Investigate possible filename checks for Denuvo Anti-Tamper.
|
||||
// https://www.pcgamingwiki.com/wiki/Denuvo#Redeem.exe
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -23,10 +23,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// News article regarding GLFC and Accolade Games: https://www.gamespot.com/articles/accolade-games-on-dvd/1100-2460436/
|
||||
/// eBay listing for the "BIGWIG SOFTWARE LOCKER", which very likely contains DigiGuard: https://www.ebay.com/itm/325573968970
|
||||
/// </summary>
|
||||
public class DigiGuard : IPathCheck, IPortableExecutableCheck
|
||||
public class DigiGuard : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -35,11 +35,11 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://web.archive.org/web/19990503082646/http://www.ttrtech.com/prmakh.htm
|
||||
/// https://web.archive.org/web/19990209180542/http://www.ttrtech.com/pr2cont.htm
|
||||
/// </summary>
|
||||
public class DiscGuard : IPathCheck, IPortableExecutableCheck
|
||||
public class DiscGuard : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Add checks for the game executables, which seem likely to contain some kind of indicators that can be checked for. The game executables all seem to import "Ord(1)" from one of the varying DLLs present.
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -15,11 +15,11 @@ namespace BinaryObjectScanner.Protection
|
||||
///
|
||||
/// The internal name appears to be "skyfall", as this is the Internal Name set to several EA Anti Cheat files, and the string "C:\dev\gitlab-runner\builds\r5uPUG7E\0\anticheat\skyfall\Build\Retail\EAAntiCheat.Installer.pdb" is present in "EAAntiCheat.Installer.Tool.exe".
|
||||
/// </summary>
|
||||
public class EAAntiCheat : IPathCheck, IPortableExecutableCheck
|
||||
public class EAAntiCheat : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Add support for detecting older versions, especially versions made before Easy Anti-Cheat was purchased by Epic Games.
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -18,11 +18,11 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://dev.epicgames.com/docs/services/en-US/GameServices/AntiCheat/index.html
|
||||
/// https://www.unknowncheats.me/wiki/Easy_Anti_Cheat
|
||||
/// </summary>
|
||||
public class EasyAntiCheat : IPathCheck, IPortableExecutableCheck
|
||||
public class EasyAntiCheat : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Add support for detecting older versions, especially versions made before Easy Anti-Cheat was purchased by Epic Games.
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -5,10 +5,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class ElectronicArts : IPortableExecutableCheck
|
||||
public class ElectronicArts : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -13,10 +13,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// The file "engine32.dll" is always present (hence the name), and is where the disc checking logic is present.
|
||||
/// <see href="https://github.com/TheRogueArchivist/DRML/blob/main/entries/engine32/engine32.md"/>
|
||||
/// </summary>
|
||||
public class Engine32 : IPathCheck, IPortableExecutableCheck
|
||||
public class Engine32 : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -8,10 +8,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class GFWL : IPathCheck, IPortableExecutableCheck
|
||||
public class GFWL : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -17,10 +17,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://j3qx.wordpress.com/2008/12/20/%D0%BF%D0%B8%D1%80%D0%B0%D1%82%D1%81%D0%BA%D0%B8%D0%B5-%D0%B7%D0%B0%D0%BC%D0%B0%D1%88%D0%BA%D0%B8-%D0%B8%D0%BB%D0%B8-%D0%B7%D0%B0%D1%89%D0%B8%D1%82%D0%B0-%D0%BE%D1%82-7wolf/
|
||||
/// http://www.imho.ws/showthread.php?t=34225
|
||||
/// </summary>
|
||||
public class Gefest : IPathCheck, IPortableExecutableCheck
|
||||
public class Gefest : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -30,10 +30,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://patentimages.storage.googleapis.com/52/5b/3a/aee21ff4d987e9/US20060123483A1.pdf
|
||||
/// Special thanks to Ribshark for looking into this protection and sharing his research on the topic!
|
||||
/// </summary>
|
||||
public class HexalockAutoLock : IPathCheck, IPortableExecutableCheck
|
||||
public class HexalockAutoLock : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -10,10 +10,10 @@ namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// Note that this set of checks also contains "Stardock Product Activation"
|
||||
// This is intentional, as that protection is highly related to Impulse Reactor
|
||||
public class ImpulseReactor : IPathCheck, IPortableExecutableCheck
|
||||
public class ImpulseReactor : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -4,7 +4,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class Intenium : IPortableExecutableCheck
|
||||
public class Intenium : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/*
|
||||
* Possible strings for finding INTENIUM Trial & Buy Protection
|
||||
@@ -23,7 +23,7 @@ namespace BinaryObjectScanner.Protection
|
||||
*/
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection
|
||||
// Interesting note: the former protection "Xtreme-Protector" was found to be a
|
||||
// subset of the JoWood X-Prot checks, more specifically the XPROT section check
|
||||
// that now outputs a version of v1.4+.
|
||||
public class JoWood : IPortableExecutableCheck
|
||||
public class JoWood : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -19,10 +19,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// 1.2.0.12: Found in Redump entry 95617.
|
||||
/// 2.0.4.2: Newest version as of 3/10/2024, downloaded from updating the installed game from Redump entry 95617.
|
||||
/// </summary>
|
||||
public class KalypsoLauncher : IPathCheck, IPortableExecutableCheck
|
||||
public class KalypsoLauncher : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -17,10 +17,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://web.archive.org/web/20040407150004/http://www.sonymusic.co.jp/cccd/lgcd2/help/foreign.html
|
||||
/// https://vgmdb.net/forums/showthread.php?p=92206
|
||||
/// </summary>
|
||||
public class LabelGate : IPathCheck, IPortableExecutableCheck
|
||||
public class LabelGate : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -9,10 +9,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class LaserLok : IPathCheck, IPortableExecutableCheck
|
||||
public class LaserLok : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// TODO: Add entry point check
|
||||
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Laserlok.2.sg
|
||||
|
||||
@@ -5,10 +5,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class MGIRegistration : IPortableExecutableCheck
|
||||
public class MGIRegistration : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -34,8 +34,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.INewExecutableCheck.CheckNewExecutable(string, NewExecutable, bool)"/>
|
||||
internal string? CDillaCheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? CDillaCheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
{
|
||||
// TODO: Implement NE checks for "CDILLA05", "CDILLA10", "CDILLA16", and "CDILLA40".
|
||||
|
||||
@@ -60,8 +60,8 @@ namespace BinaryObjectScanner.Protection
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? CDillaCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? CDillaCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -30,8 +30,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? CactusDataShieldCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? CactusDataShieldCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -12,8 +12,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? FLEXnetCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? FLEXnetCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -18,8 +18,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? RipGuardCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? RipGuardCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -40,8 +40,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.INewExecutableCheck.CheckNewExecutable(string, NewExecutable, bool)"/>
|
||||
internal string? SafeCastCheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? SafeCastCheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
{
|
||||
// Check for the CDAC01AA name string.
|
||||
if (nex.Model.ResidentNameTable != null)
|
||||
@@ -69,8 +69,8 @@ namespace BinaryObjectScanner.Protection
|
||||
return MatchUtil.GetFirstMatch(file, data, neMatchSets, includeDebug);
|
||||
}
|
||||
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? SafeCastCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? SafeCastCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -41,8 +41,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? SafeDiscCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? SafeDiscCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -38,8 +38,8 @@ namespace BinaryObjectScanner.Protection
|
||||
/// </summary>
|
||||
public partial class Macrovision
|
||||
{
|
||||
/// <inheritdoc cref="Interfaces.IPortableExecutableCheck.CheckPortableExecutable(string, PortableExecutable, bool)"/>
|
||||
internal string? SafeWrapCheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
/// <inheritdoc cref="Interfaces.IExecutableCheck{T}.CheckExecutable(string, T, bool)"/>
|
||||
internal string? SafeWrapCheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// TODO: Figure out what SafeWrap is exactly, and add checks.
|
||||
|
||||
|
||||
@@ -18,20 +18,20 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Macrovision Corporation CD-ROM Unauthorized Copying Study: https://web.archive.org/web/20011005161810/http://www.macrovision.com/solutions/software/cdrom/images/Games_CD-ROM_Study.PDF
|
||||
/// List of trademarks associated with Marovision: https://tmsearch.uspto.gov/bin/showfield?f=toc&state=4804%3Au8wykd.5.1&p_search=searchss&p_L=50&BackReference=&p_plural=yes&p_s_PARA1=&p_tagrepl%7E%3A=PARA1%24LD&expr=PARA1+AND+PARA2&p_s_PARA2=macrovision&p_tagrepl%7E%3A=PARA2%24ALL&p_op_ALL=AND&a_default=search&a_search=Submit+Query&a_search=Submit+Query
|
||||
/// </summary>
|
||||
public partial class Macrovision : IPathCheck, INewExecutableCheck, IPortableExecutableCheck
|
||||
public partial class Macrovision : IExecutableCheck<NewExecutable>, IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
{
|
||||
var resultsList = new List<string>();
|
||||
|
||||
// Run C-Dilla NE checks
|
||||
var cDilla = CDillaCheckNewExecutable(file, nex, includeDebug);
|
||||
var cDilla = CDillaCheckExecutable(file, nex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(cDilla))
|
||||
resultsList.Add(cDilla!);
|
||||
|
||||
// Run SafeCast NE checks
|
||||
var safeCast = SafeCastCheckNewExecutable(file, nex, includeDebug);
|
||||
var safeCast = SafeCastCheckExecutable(file, nex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(safeCast))
|
||||
resultsList.Add(safeCast!);
|
||||
|
||||
@@ -42,7 +42,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
@@ -127,32 +127,32 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
// Run Cactus Data Shield PE checks
|
||||
var match = CactusDataShieldCheckPortableExecutable(file, pex, includeDebug);
|
||||
var match = CactusDataShieldCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
// Run C-Dilla PE checks
|
||||
match = CDillaCheckPortableExecutable(file, pex, includeDebug);
|
||||
match = CDillaCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
// Run RipGuard PE checks
|
||||
match = RipGuardCheckPortableExecutable(file, pex, includeDebug);
|
||||
match = RipGuardCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
// Run SafeCast PE checks
|
||||
match = SafeCastCheckPortableExecutable(file, pex, includeDebug);
|
||||
match = SafeCastCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
// Run SafeDisc PE checks
|
||||
match = SafeDiscCheckPortableExecutable(file, pex, includeDebug);
|
||||
match = SafeDiscCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
// Run FLEXnet PE checks
|
||||
match = FLEXnetCheckPortableExecutable(file, pex, includeDebug);
|
||||
match = FLEXnetCheckExecutable(file, pex, includeDebug);
|
||||
if (!string.IsNullOrEmpty(match))
|
||||
resultsList.Add(match!);
|
||||
|
||||
|
||||
@@ -11,12 +11,12 @@ namespace BinaryObjectScanner.Protection
|
||||
/// MediaCloQ was a copy protection created by SunnComm to protect music CDs. It's a multisession CD, and all the audio tracks are erroneously marked as data tracks.
|
||||
/// <see href="https://github.com/TheRogueArchivist/DRML/blob/main/entries/MediaCloQ/MediaCloQ.md/>
|
||||
/// </summary>
|
||||
public class MediaCloQ : IPathCheck, IPortableExecutableCheck
|
||||
public class MediaCloQ : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: "Karaoke Spotlight Series - Pop Hits - Vol. 132" - Sound Choice (SC8732)" is currently undetected, due to there seeming to be no reference to MediaCloQ in the disc's contents.
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -14,10 +14,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// List of discs known to contain MediaMax CD-3: https://en.wikipedia.org/wiki/List_of_compact_discs_sold_with_MediaMax_CD-3
|
||||
/// TODO: Add support for detecting the Mac version, which is present on "All That I Am" by Santana (Barcode 8 2876-59773-2 6)
|
||||
/// </summary>
|
||||
public class MediaMax : IPathCheck, IPortableExecutableCheck
|
||||
public class MediaMax : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -19,10 +19,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://github.com/SteamDatabase/FileDetectionRuleSets/pull/235
|
||||
/// https://www.protondb.com/app/1203220
|
||||
/// </summary>
|
||||
public class NEACProtect : IPathCheck, IPortableExecutableCheck
|
||||
public class NEACProtect : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Most of the relevant executables are highly obfuscated, making executable detection mostly impractical.
|
||||
// Get the sections from the executable, if possible
|
||||
|
||||
@@ -25,13 +25,13 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://nprotect.com/nprotect_pdf/nProtect_KeyCryptV.pdf
|
||||
/// https://nprotect.com/nprotect_pdf/nProtect_KeyCrypt.pdf
|
||||
/// </summary>
|
||||
public class NProtect : IPathCheck, IPortableExecutableCheck
|
||||
public class NProtect : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Add LE checks for "npkcrypt.vxd" in Redump entry 90526.
|
||||
// TODO: Add text check for the string mentioned in https://github.com/mnadareski/BinaryObjectScanner/issues/154.
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -4,10 +4,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class OnlineRegistration : IPortableExecutableCheck
|
||||
public class OnlineRegistration : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -14,10 +14,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// References:
|
||||
/// https://en.wikipedia.org/wiki/OpenMG
|
||||
/// </summary>
|
||||
public class OpenMG : IPathCheck, IPortableExecutableCheck
|
||||
public class OpenMG : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -7,10 +7,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class Origin : IPathCheck, IPortableExecutableCheck
|
||||
public class Origin : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// PlayJ (https://web.archive.org/web/20000815053956/http://www.playj.com/) by EverAd was a form of DRM protected audio that was intended to be distributed freely, but that showed advertisements to the listener.
|
||||
/// <see href="https://github.com/TheRogueArchivist/DRML/blob/main/entries/PlayJ/PlayJ.md"/>
|
||||
/// </summary>
|
||||
public class PlayJ : IPathCheck, IPortableExecutableCheck
|
||||
public class PlayJ : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// This protection was called VOB ProtectCD / ProtectDVD in versions prior to 6
|
||||
// ProtectDISC 9/10 checks for the presence of CSS on the disc to run, but don't encrypt any sectors or check for keys. Confirmed in Redump entries 78367 and 110095.
|
||||
public class ProtectDISC : IPortableExecutableCheck, IPathCheck
|
||||
public class ProtectDISC : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
@@ -120,7 +120,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
||||
}
|
||||
|
||||
public static string GetOldVersion(string matchedString)
|
||||
private static string GetOldVersion(string matchedString)
|
||||
{
|
||||
// Remove unnecessary parts
|
||||
matchedString = matchedString.Trim()
|
||||
@@ -140,7 +140,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return matchedStringArray[2].TrimStart('V');
|
||||
}
|
||||
|
||||
public static string? GetVersion3till6(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetVersion3till6(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
@@ -153,7 +153,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return $"5.9-6.0 {GetVOBBuild(fileContent, positions[0])}";
|
||||
}
|
||||
|
||||
public static string? GetVersion6till8(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetVersion6till8(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
@@ -227,7 +227,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
}
|
||||
|
||||
public static string? GetVersion76till10(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetVersion76till10(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
|
||||
@@ -36,10 +36,10 @@ namespace BinaryObjectScanner.Protection
|
||||
///
|
||||
/// Rainbow NetSentinel: IA item "czchip199707cd".
|
||||
/// </summary>
|
||||
public class RainbowSentinel : IPathCheck, INewExecutableCheck, IPortableExecutableCheck
|
||||
public class RainbowSentinel : IExecutableCheck<NewExecutable>, IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, NewExecutable nex, bool includeDebug)
|
||||
{
|
||||
// TODO: Don't read entire file
|
||||
var data = nex.ReadArbitraryRange();
|
||||
@@ -133,7 +133,7 @@ namespace BinaryObjectScanner.Protection
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -14,10 +14,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// https://github.com/lightbulbatelier/RealArcade-DGA
|
||||
/// https://archive.org/details/realrcade-games-preservation-project
|
||||
/// </summary>
|
||||
public class RealArcade : IPathCheck, IPortableExecutableCheck
|
||||
public class RealArcade : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Protection
|
||||
///
|
||||
/// DRML: https://github.com/TheRogueArchivist/DRML/blob/main/entries/Roxxe/Roxxe.md
|
||||
/// </summary>
|
||||
public class Roxxe : IPathCheck, IPortableExecutableCheck
|
||||
public class Roxxe : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -19,12 +19,12 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Unofficial PEiD detections for SVKP: https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
|
||||
/// DiE detections for SVKP: https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/SVK%20Protector.2.sg
|
||||
/// </summary>
|
||||
public class SVKProtector : IPathCheck, IPortableExecutableCheck
|
||||
public class SVKProtector : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Find 1.4+ samples.
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -11,10 +11,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// TODO: Investigate SecuROM for Macintosh
|
||||
public class SecuROM : IPathCheck, IPortableExecutableCheck
|
||||
public class SecuROM : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
@@ -189,7 +189,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return $"{major}.{minor}.{patch}.{revision}";
|
||||
}
|
||||
|
||||
public static string? GetV5Version(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetV5Version(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
|
||||
@@ -7,10 +7,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class SmartE : IPathCheck, IPortableExecutableCheck
|
||||
public class SmartE : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -12,10 +12,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// <see href="https://bbs.pediy.com/thread-141554.htm"/>
|
||||
/// <see href="https://forum.arabhardware.net/showthread.php?t=45360"/>
|
||||
/// <see href="https://forum.arabhardware.net/showthread.php?t=45360&p=304085"/>
|
||||
public class SoftLock : IPortableExecutableCheck, IPathCheck
|
||||
public class SoftLock : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -11,10 +11,10 @@ namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// TODO: Not matching all SolidShield Wrapper v1 (See JackKeane)
|
||||
// TODO: Not matching all SolidShield Wrapper v1 (See NFS11)
|
||||
public class SolidShield : IPathCheck, IPortableExecutableCheck
|
||||
public class SolidShield : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166.
|
||||
|
||||
@@ -148,7 +148,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
||||
}
|
||||
|
||||
public static string? GetExeWrapperVersion(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetExeWrapperVersion(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
@@ -179,7 +179,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
public static string? GetVersionPlusTages(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetVersionPlusTages(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
|
||||
@@ -8,7 +8,7 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class StarForce : IPathCheck, IPortableExecutableCheck
|
||||
public class StarForce : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
// TODO: Bring up to par with PiD.
|
||||
// Known issues:
|
||||
@@ -18,7 +18,7 @@ namespace BinaryObjectScanner.Protection
|
||||
// "Replay.exe" not detected, doesn't detect "[FL Disc]" (Redump entry 81756).
|
||||
// Doesn't detect "[Pro]" (Redump entry 91336).
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -6,10 +6,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class Steam : IPathCheck, IPortableExecutableCheck
|
||||
public class Steam : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -5,10 +5,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class Sysiphus : IPortableExecutableCheck
|
||||
public class Sysiphus : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
@@ -27,7 +27,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return null;
|
||||
}
|
||||
|
||||
public static string GetVersion(string matchedString)
|
||||
private static string GetVersion(string matchedString)
|
||||
{
|
||||
// The string is reversed
|
||||
matchedString = new string(matchedString.Reverse().ToArray()).Trim();
|
||||
|
||||
@@ -9,10 +9,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class TAGES : IPathCheck, IPortableExecutableCheck
|
||||
public class TAGES : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
@@ -221,7 +221,7 @@ namespace BinaryObjectScanner.Protection
|
||||
return "(Unknown Version)";
|
||||
}
|
||||
|
||||
public static string? GetVersion(string file, byte[]? fileContent, List<int> positions)
|
||||
private static string? GetVersion(string file, byte[]? fileContent, List<int> positions)
|
||||
{
|
||||
// If we have no content
|
||||
if (fileContent == null)
|
||||
|
||||
@@ -23,10 +23,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Investigate further ArcSoft programs.
|
||||
/// Investigate PUBG (possibly older versions) (https://www.pcgamingwiki.com/wiki/PUBG:_Battlegrounds).
|
||||
/// </summary>
|
||||
public class Themida : IPortableExecutableCheck
|
||||
public class Themida : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -8,10 +8,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// There don't seem to be any other signs that this is 3P-Lock anywhere in the example files
|
||||
/// No website has been found for 3P-Lock yet
|
||||
/// </remarks>
|
||||
public class ThreePLock : IPortableExecutableCheck
|
||||
public class ThreePLock : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -4,10 +4,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
public class ThreeTwoOneStudios : IPortableExecutableCheck
|
||||
public class ThreeTwoOneStudios : IExecutableCheck<PortableExecutable>
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -7,10 +7,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// Got renamed to Ubisoft Connect / Ubisoft Game Launcher
|
||||
public class Uplay : IPathCheck, IPortableExecutableCheck
|
||||
public class Uplay : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -14,10 +14,10 @@ namespace BinaryObjectScanner.Protection
|
||||
/// Known to be used along with MediaMax CD-3 and XCP2, possibly others.
|
||||
/// Reference: https://news.microsoft.com/2003/01/20/microsoft-releases-new-windows-media-data-session-toolkit-enabling-second-session-creation/
|
||||
/// </summary>
|
||||
public class WMDS : IPathCheck, IPortableExecutableCheck
|
||||
public class WMDS : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -8,10 +8,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// TODO: Document and implement support for this better, including version detection.
|
||||
public class WTMCDProtect : IPathCheck, IPortableExecutableCheck
|
||||
public class WTMCDProtect : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
@@ -9,10 +9,10 @@ using SabreTools.Serialization.Wrappers;
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
// TODO: Figure out how to use path check framework here
|
||||
public class XCP : IPathCheck, IPortableExecutableCheck
|
||||
public class XCP : IExecutableCheck<PortableExecutable>, IPathCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
|
||||
Reference in New Issue
Block a user