diff --git a/BurnOutSharp/BurnOutSharp.csproj b/BurnOutSharp/BurnOutSharp.csproj
index cd4b714d..02de074e 100644
--- a/BurnOutSharp/BurnOutSharp.csproj
+++ b/BurnOutSharp/BurnOutSharp.csproj
@@ -73,6 +73,8 @@
runtime; build; native; contentfiles; analyzers; buildtransitive
all
+
+
diff --git a/BurnOutSharp/FileType/Executable.cs b/BurnOutSharp/FileType/Executable.cs
index 78197583..1e5aada6 100644
--- a/BurnOutSharp/FileType/Executable.cs
+++ b/BurnOutSharp/FileType/Executable.cs
@@ -3,10 +3,9 @@ using System.Collections.Concurrent;
using System.IO;
using System.Text;
using System.Threading.Tasks;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.FileType
{
@@ -86,9 +85,9 @@ namespace BurnOutSharp.FileType
// Create PortableExecutable and NewExecutable objects for use in the checks
stream.Seek(0, SeekOrigin.Begin);
- PortableExecutable pex = new PortableExecutable(stream);
+ PortableExecutable pex = PortableExecutable.Create(stream);
stream.Seek(0, SeekOrigin.Begin);
- NewExecutable nex = new NewExecutable(stream);
+ NewExecutable nex = NewExecutable.Create(stream);
stream.Seek(0, SeekOrigin.Begin);
// Iterate through all generic content checks
@@ -114,7 +113,7 @@ namespace BurnOutSharp.FileType
}
// If we have a NE executable, iterate through all NE content checks
- if (nex?.Initialized == true)
+ if (nex != null)
{
Parallel.ForEach(ScanningClasses.NewExecutableCheckClasses, contentCheckClass =>
{
@@ -137,7 +136,7 @@ namespace BurnOutSharp.FileType
}
// If we have a PE executable, iterate through all PE content checks
- if (pex?.Initialized == true)
+ if (pex != null)
{
// Print the section table for debug
if (scanner.IncludeDebug && pex.SectionTable != null)
diff --git a/BurnOutSharp/Interfaces/ILinearExecutableCheck.cs b/BurnOutSharp/Interfaces/ILinearExecutableCheck.cs
index 09ef94ce..c4894eaa 100644
--- a/BurnOutSharp/Interfaces/ILinearExecutableCheck.cs
+++ b/BurnOutSharp/Interfaces/ILinearExecutableCheck.cs
@@ -1,4 +1,4 @@
-using BurnOutSharp.ExecutableType.Microsoft.LE;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.Interfaces
{
diff --git a/BurnOutSharp/Interfaces/INewExecutableCheck.cs b/BurnOutSharp/Interfaces/INewExecutableCheck.cs
index 75888f6c..7c48d0d8 100644
--- a/BurnOutSharp/Interfaces/INewExecutableCheck.cs
+++ b/BurnOutSharp/Interfaces/INewExecutableCheck.cs
@@ -1,4 +1,4 @@
-using BurnOutSharp.ExecutableType.Microsoft.NE;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.Interfaces
{
diff --git a/BurnOutSharp/Interfaces/IPortableExecutableCheck.cs b/BurnOutSharp/Interfaces/IPortableExecutableCheck.cs
index 2f7f73c6..a382bf70 100644
--- a/BurnOutSharp/Interfaces/IPortableExecutableCheck.cs
+++ b/BurnOutSharp/Interfaces/IPortableExecutableCheck.cs
@@ -1,4 +1,4 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.Interfaces
{
diff --git a/BurnOutSharp/PackerType/ASPack.cs b/BurnOutSharp/PackerType/ASPack.cs
index b9bd4d96..a8d38152 100644
--- a/BurnOutSharp/PackerType/ASPack.cs
+++ b/BurnOutSharp/PackerType/ASPack.cs
@@ -1,9 +1,10 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Text;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -26,20 +27,21 @@ namespace BurnOutSharp.PackerType
if (aspackSection)
return "ASPack 2.29";
+ // TODO: Re-enable all Entry Point checks after implementing
// Use the entry point data, if it exists
- if (pex.EntryPointRaw != null)
- {
- var matchers = GenerateMatchers();
- string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
- if (!string.IsNullOrWhiteSpace(match))
- return match;
- }
+ // if (pex.EntryPointRaw != null)
+ // {
+ // var matchers = GenerateMatchers();
+ // string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
+ // if (!string.IsNullOrWhiteSpace(match))
+ // return match;
+ // }
// Get the .adata* section, if it exists
var adataSection = pex.GetFirstSection(".adata", exact: false);
if (adataSection != null)
{
- var adataSectionRaw = pex.ReadRawSection(adataSection.NameString);
+ var adataSectionRaw = pex.GetFirstSectionData(Encoding.UTF8.GetString(adataSection.Name));
if (adataSectionRaw != null)
{
var matchers = GenerateMatchers();
diff --git a/BurnOutSharp/PackerType/AdvancedInstaller.cs b/BurnOutSharp/PackerType/AdvancedInstaller.cs
index fdf7f967..5c91ca4d 100644
--- a/BurnOutSharp/PackerType/AdvancedInstaller.cs
+++ b/BurnOutSharp/PackerType/AdvancedInstaller.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -23,7 +23,7 @@ namespace BurnOutSharp.PackerType
return null;
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -38,7 +38,7 @@ namespace BurnOutSharp.PackerType
}, "Caphyon Advanced Installer"),
};
- return MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ return MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
}
return null;
diff --git a/BurnOutSharp/PackerType/Armadillo.cs b/BurnOutSharp/PackerType/Armadillo.cs
index 0eaf458b..a4effae9 100644
--- a/BurnOutSharp/PackerType/Armadillo.cs
+++ b/BurnOutSharp/PackerType/Armadillo.cs
@@ -2,9 +2,9 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -30,9 +30,9 @@ namespace BurnOutSharp.PackerType
return "Armadillo";
// Loop through all "extension" sections -- usually .data1 or .text1
- foreach (var section in sections.Where(s => s != null && s.NameString.EndsWith("1")))
+ foreach (var sectionName in pex.SectionNames.Where(s => s != null && s.EndsWith("1")))
{
- var sectionRaw = pex.ReadRawSection(section.NameString);
+ var sectionRaw = pex.GetFirstSectionData(sectionName);
if (sectionRaw != null)
{
var matchers = new List
diff --git a/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs b/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs
index 535da9cb..7f655e94 100644
--- a/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs
+++ b/BurnOutSharp/PackerType/AutoPlayMediaStudio.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/CExe.cs b/BurnOutSharp/PackerType/CExe.cs
index dc69a1d8..60c8d07d 100644
--- a/BurnOutSharp/PackerType/CExe.cs
+++ b/BurnOutSharp/PackerType/CExe.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -20,8 +20,8 @@ namespace BurnOutSharp.PackerType
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
{
// Get the sections from the executable, if possible
- var stub = pex?.DOSStubHeader;
- if (stub == null)
+ var stubMagic = pex?.Stub_Magic;
+ if (stubMagic == null)
return null;
var matchers = new List
@@ -37,7 +37,7 @@ namespace BurnOutSharp.PackerType
}, "CExe")
};
- string match = MatchUtil.GetFirstMatch(file, pex.DOSStubHeader.ExecutableData, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.StubExecutableData, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
diff --git a/BurnOutSharp/PackerType/EXEStealth.cs b/BurnOutSharp/PackerType/EXEStealth.cs
index d0f45c63..1acd5787 100644
--- a/BurnOutSharp/PackerType/EXEStealth.cs
+++ b/BurnOutSharp/PackerType/EXEStealth.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/GenteeInstaller.cs b/BurnOutSharp/PackerType/GenteeInstaller.cs
index 7874c797..bd7cce79 100644
--- a/BurnOutSharp/PackerType/GenteeInstaller.cs
+++ b/BurnOutSharp/PackerType/GenteeInstaller.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -22,8 +22,9 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -42,7 +43,7 @@ namespace BurnOutSharp.PackerType
}, "Gentee Installer"),
};
- return MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ return MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
}
return null;
diff --git a/BurnOutSharp/PackerType/InnoSetup.cs b/BurnOutSharp/PackerType/InnoSetup.cs
index 0166cd96..284791f3 100644
--- a/BurnOutSharp/PackerType/InnoSetup.cs
+++ b/BurnOutSharp/PackerType/InnoSetup.cs
@@ -4,10 +4,9 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -21,13 +20,12 @@ namespace BurnOutSharp.PackerType
///
public string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
// Check for "Inno" in the reserved words
- if (stub.Reserved2[4] == 0x6E49 && stub.Reserved2[5] == 0x6F6E)
+ if (nex.Stub_Reserved2[4] == 0x6E49 && nex.Stub_Reserved2[5] == 0x6F6E)
{
string version = GetOldVersion(file, nex);
if (!string.IsNullOrWhiteSpace(version))
@@ -47,8 +45,9 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- // Get the DATA/.data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -61,7 +60,7 @@ namespace BurnOutSharp.PackerType
}, GetVersion, "Inno Setup"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
@@ -102,7 +101,7 @@ namespace BurnOutSharp.PackerType
string version = Encoding.ASCII.GetString(onlyVersion);
if (unicodeBytes.SequenceEqual(new byte[] { 0x28, 0x75, 0x29 }))
- return (version + " (Unicode)");
+ return version + " (Unicode)";
return version;
}
diff --git a/BurnOutSharp/PackerType/InstallAnywhere.cs b/BurnOutSharp/PackerType/InstallAnywhere.cs
index 3fdbc236..2746c9c5 100644
--- a/BurnOutSharp/PackerType/InstallAnywhere.cs
+++ b/BurnOutSharp/PackerType/InstallAnywhere.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/InstallerVISE.cs b/BurnOutSharp/PackerType/InstallerVISE.cs
index 1484bd8c..bf3af477 100644
--- a/BurnOutSharp/PackerType/InstallerVISE.cs
+++ b/BurnOutSharp/PackerType/InstallerVISE.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -23,8 +23,9 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- // Get the DATA/.data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -32,7 +33,7 @@ namespace BurnOutSharp.PackerType
new ContentMatchSet(new byte?[] { 0x56, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Installer VISE"),
};
- return MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ return MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
}
return null;
diff --git a/BurnOutSharp/PackerType/IntelInstallationFramework.cs b/BurnOutSharp/PackerType/IntelInstallationFramework.cs
index c12870ee..3ba8c02b 100644
--- a/BurnOutSharp/PackerType/IntelInstallationFramework.cs
+++ b/BurnOutSharp/PackerType/IntelInstallationFramework.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/MicrosoftCABSFX.cs b/BurnOutSharp/PackerType/MicrosoftCABSFX.cs
index 4baf4651..7b90ef93 100644
--- a/BurnOutSharp/PackerType/MicrosoftCABSFX.cs
+++ b/BurnOutSharp/PackerType/MicrosoftCABSFX.cs
@@ -2,10 +2,10 @@ using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -28,12 +28,13 @@ namespace BurnOutSharp.PackerType
if (name?.Equals("Wextract", StringComparison.OrdinalIgnoreCase) == true)
return $"Microsoft CAB SFX {GetVersion(pex)}";
- name = pex.OriginalFileName;
+ name = pex.OriginalFilename;
if (name?.Equals("WEXTRACT.EXE", StringComparison.OrdinalIgnoreCase) == true)
return $"Microsoft CAB SFX {GetVersion(pex)}";
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -45,13 +46,13 @@ namespace BurnOutSharp.PackerType
}, "Microsoft CAB SFX"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return $"Microsoft CAB SFX {GetVersion(pex)}";
}
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -61,7 +62,7 @@ namespace BurnOutSharp.PackerType
new ContentMatchSet(new byte?[] { 0x4D, 0x53, 0x43, 0x46, 0x75 }, "Microsoft CAB SFX"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return $"Microsoft CAB SFX {GetVersion(pex)}";
}
diff --git a/BurnOutSharp/PackerType/NSIS.cs b/BurnOutSharp/PackerType/NSIS.cs
index 8f718f16..01ad520b 100644
--- a/BurnOutSharp/PackerType/NSIS.cs
+++ b/BurnOutSharp/PackerType/NSIS.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -21,12 +21,13 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- string description = pex.ManifestDescription;
+ string description = pex.AssemblyDescription;
if (!string.IsNullOrWhiteSpace(description) && description.StartsWith("Nullsoft Install System"))
return $"NSIS {description.Substring("Nullsoft Install System".Length).Trim()}";
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -38,7 +39,7 @@ namespace BurnOutSharp.PackerType
}, "NSIS"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/PackerType/PECompact.cs b/BurnOutSharp/PackerType/PECompact.cs
index 42cd4189..2ebc81a0 100644
--- a/BurnOutSharp/PackerType/PECompact.cs
+++ b/BurnOutSharp/PackerType/PECompact.cs
@@ -1,7 +1,7 @@
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -21,7 +21,7 @@ namespace BurnOutSharp.PackerType
return null;
// 0x4F434550 is "PECO"
- if (pex.ImageFileHeader.PointerToSymbolTable == 0x4F434550)
+ if (pex.PointerToSymbolTable == 0x4F434550)
return "PE Compact v1.x";
// TODO: Get more granular version detection. PiD is somehow able to detect version ranges based
diff --git a/BurnOutSharp/PackerType/Petite.cs b/BurnOutSharp/PackerType/Petite.cs
index 3e98d8ea..6fe5128f 100644
--- a/BurnOutSharp/PackerType/Petite.cs
+++ b/BurnOutSharp/PackerType/Petite.cs
@@ -1,7 +1,7 @@
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/SetupFactory.cs b/BurnOutSharp/PackerType/SetupFactory.cs
index f759cd88..c99365c9 100644
--- a/BurnOutSharp/PackerType/SetupFactory.cs
+++ b/BurnOutSharp/PackerType/SetupFactory.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/Shrinker.cs b/BurnOutSharp/PackerType/Shrinker.cs
index d72abde5..9add60ff 100644
--- a/BurnOutSharp/PackerType/Shrinker.cs
+++ b/BurnOutSharp/PackerType/Shrinker.cs
@@ -1,7 +1,7 @@
using System.Collections.Concurrent;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
diff --git a/BurnOutSharp/PackerType/UPX.cs b/BurnOutSharp/PackerType/UPX.cs
index 47e2c807..ad191011 100644
--- a/BurnOutSharp/PackerType/UPX.cs
+++ b/BurnOutSharp/PackerType/UPX.cs
@@ -2,9 +2,9 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Text;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -116,7 +116,7 @@ namespace BurnOutSharp.PackerType
return null;
// This subtract is needed because the version is before the section
- return pex.ReadRawSection($"{sectionPrefix}0", first: true, offset: -128);
+ return pex.GetFirstSectionDataWithOffset($"{sectionPrefix}0", offset: -128);
}
}
}
\ No newline at end of file
diff --git a/BurnOutSharp/PackerType/WinRARSFX.cs b/BurnOutSharp/PackerType/WinRARSFX.cs
index dcbf45b2..ba8ecae7 100644
--- a/BurnOutSharp/PackerType/WinRARSFX.cs
+++ b/BurnOutSharp/PackerType/WinRARSFX.cs
@@ -2,10 +2,10 @@ using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
using SharpCompress.Archives;
using SharpCompress.Archives.Rar;
@@ -24,8 +24,9 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -38,7 +39,7 @@ namespace BurnOutSharp.PackerType
}, "WinRAR SFX"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/PackerType/WinZipSFX.cs b/BurnOutSharp/PackerType/WinZipSFX.cs
index 7dfe7419..5884f372 100644
--- a/BurnOutSharp/PackerType/WinZipSFX.cs
+++ b/BurnOutSharp/PackerType/WinZipSFX.cs
@@ -2,12 +2,10 @@ using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
using SharpCompress.Archives;
using SharpCompress.Archives.Zip;
@@ -21,9 +19,8 @@ namespace BurnOutSharp.PackerType
///
public string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
string version = GetNEHeaderVersion(nex);
@@ -46,16 +43,15 @@ namespace BurnOutSharp.PackerType
return null;
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
- string version = GetSFXSectionDataVersion(file, pex.ResourceDataSectionRaw, includeDebug);
+ string version = GetSFXSectionDataVersion(file, pex.GetFirstSectionData(".rdata"), includeDebug);
if (!string.IsNullOrWhiteSpace(version))
return $"WinZip SFX {version}";
}
// Get the _winzip_ section, if it exists
- bool winzipSection = pex.ContainsSection("_winzip_", exact: true);
- if (winzipSection)
+ if (pex.ContainsSection("_winzip_", exact: true))
{
string version = GetPEHeaderVersion(pex);
if (!string.IsNullOrWhiteSpace(version))
@@ -71,15 +67,16 @@ namespace BurnOutSharp.PackerType
#region Unknown Version checks
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
- string version = GetSFXSectionDataUnknownVersion(file, pex.ResourceDataSectionRaw, includeDebug);
+ string version = GetSFXSectionDataUnknownVersion(file, pex.GetFirstSectionData(".rdata"), includeDebug);
if (!string.IsNullOrWhiteSpace(version))
return $"WinZip SFX {version}";
}
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -103,7 +100,7 @@ namespace BurnOutSharp.PackerType
}, "Unknown Version (32-bit)"),
};
- string version = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, false);
+ string version = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".data"), matchers, false);
if (!string.IsNullOrWhiteSpace(version))
{
// Try to grab the value from the manifest, if possible
@@ -197,8 +194,8 @@ namespace BurnOutSharp.PackerType
private static string GetAdjustedManifestVersion(PortableExecutable pex)
{
// Get the manifest information, if possible
- string description = pex.ManifestDescription;
- string version = pex.ManifestVersion;
+ string description = pex.AssemblyDescription;
+ string version = pex.AssemblyVersion;
// Either an incorrect description or empty version mean we can't match
if (description != "WinZip Self-Extractor")
@@ -245,144 +242,149 @@ namespace BurnOutSharp.PackerType
/// TODO: Research to see if the versions are embedded elsewhere in these files
private string GetNEHeaderVersion(NewExecutable nex)
{
- var neh = nex.NewExecutableHeader;
-
#region 2.0 Variants
// 2.0 (MS-DOS/16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0086
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x00012BE6
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006C
- && neh.NonResidentNamesTableOffset == 0x000044B8
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0086
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x00012BE6
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006C
+ && nex.NonResidentNamesTableOffset == 0x000044B8
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.0 (MS-DOS/16-bit)";
// 2.0 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0086
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x00013174
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006C
- && neh.NonResidentNamesTableOffset == 0x00000198
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0086
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x00013174
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006C
+ && nex.NonResidentNamesTableOffset == 0x00000198
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.0 (16-bit)";
// Compact 2.0 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0080
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x000124A0
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0003
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006A
- && neh.NonResidentNamesTableOffset == 0x00000192
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0080
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x000124A0
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0003
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006A
+ && nex.NonResidentNamesTableOffset == 0x00000192
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Compact 2.0 (16-bit)";
// Software Installation 2.0 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00CD
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x000136FA
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0005
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0097
- && neh.ModuleReferenceTableOffset == 0x00A3
- && neh.ImportedNamesTableOffset == 0x00AD
- && neh.NonResidentNamesTableOffset == 0x000001DF
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00CD
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x000136FA
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0005
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0097
+ && nex.ModuleReferenceTableOffset == 0x00A3
+ && nex.ImportedNamesTableOffset == 0x00AD
+ && nex.NonResidentNamesTableOffset == 0x000001DF
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Software Installation 2.0 (16-bit)";
#endregion
@@ -390,139 +392,145 @@ namespace BurnOutSharp.PackerType
#region 2.1 RC2 Variants
// 2.1 RC2 (MS-DOS/16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0086
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x00013386
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006C
- && neh.NonResidentNamesTableOffset == 0x000043C8
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0086
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x00013386
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006C
+ && nex.NonResidentNamesTableOffset == 0x000043C8
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.1 RC2 (MS-DOS/16-bit)";
// 2.1 RC2 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00BE
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x00013E56
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A4
- && neh.NonResidentNamesTableOffset == 0x000001D0
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00BE
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x00013E56
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A4
+ && nex.NonResidentNamesTableOffset == 0x000001D0
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.1 RC2 (16-bit)";
// Compact 2.1 RC2 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0080
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x00012B84
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0003
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006A
- && neh.NonResidentNamesTableOffset == 0x00000192
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0080
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x00012B84
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0003
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006A
+ && nex.NonResidentNamesTableOffset == 0x00000192
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Compact 2.1 RC2 (16-bit)";
// Software Installation 2.1 RC2 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00BE
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x000143AC
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A4
- && neh.NonResidentNamesTableOffset == 0x000001D0
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00BE
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x000143AC
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A4
+ && nex.NonResidentNamesTableOffset == 0x000001D0
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Software Installation 2.1 RC2 (16-bit)";
#endregion
@@ -530,139 +538,145 @@ namespace BurnOutSharp.PackerType
#region 2.1 Variants
// 2.1 (MS-DOS/16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0086
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x3A00
- && neh.InitialCSIPSetting == 0x00013396
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006C
- && neh.NonResidentNamesTableOffset == 0x000043C8
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0086
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x3A00
+ && nex.InitialCSIPSetting == 0x00013396
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006C
+ && nex.NonResidentNamesTableOffset == 0x000043C8
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.1 (MS-DOS/16-bit)";
// 2.1 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00BE
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x3A00
- && neh.InitialCSIPSetting == 0x00013E7E
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A4
- && neh.NonResidentNamesTableOffset == 0x000001D0
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00BE
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x3A00
+ && nex.InitialCSIPSetting == 0x00013E7E
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A4
+ && nex.NonResidentNamesTableOffset == 0x000001D0
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "2.1 (16-bit)";
// Compact 2.1 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0080
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x3A00
- && neh.InitialCSIPSetting == 0x00012B90
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0003
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006A
- && neh.NonResidentNamesTableOffset == 0x00000192
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0080
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x3A00
+ && nex.InitialCSIPSetting == 0x00012B90
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0003
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006A
+ && nex.NonResidentNamesTableOffset == 0x00000192
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Compact 2.1 (16-bit)";
// Software Installation 2.1 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00BE
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x3A00
- && neh.InitialCSIPSetting == 0x00014408
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A4
- && neh.NonResidentNamesTableOffset == 0x000001D0
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00BE
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x3A00
+ && nex.InitialCSIPSetting == 0x00014408
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A4
+ && nex.NonResidentNamesTableOffset == 0x000001D0
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Software Installation 2.1 (16-bit)";
#endregion
@@ -670,105 +684,109 @@ namespace BurnOutSharp.PackerType
#region Misc. Variants
// Personal Edition (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x0086
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x0A
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x4000
- && neh.InitialCSIPSetting == 0x0001317C
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0058
- && neh.ModuleReferenceTableOffset == 0x0064
- && neh.ImportedNamesTableOffset == 0x006C
- && neh.NonResidentNamesTableOffset == 0x00000198
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x0086
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.ProtectedModeOnly
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x4000
+ && nex.InitialCSIPSetting == 0x0001317C
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0058
+ && nex.ModuleReferenceTableOffset == 0x0064
+ && nex.ImportedNamesTableOffset == 0x006C
+ && nex.NonResidentNamesTableOffset == 0x00000198
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Personal Edition (16-bit)";
// Personal Edition 32-bit (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00BE
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x2000
- && neh.InitialStackAlloc == 0x3C00
- && neh.InitialCSIPSetting == 0x00013E7C
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0004
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A4
- && neh.NonResidentNamesTableOffset == 0x000001D0
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00BE
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x2000
+ && nex.InitialStackAlloc == 0x3C00
+ && nex.InitialCSIPSetting == 0x00013E7C
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0004
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A4
+ && nex.NonResidentNamesTableOffset == 0x000001D0
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Personal Edition 32-bit (16-bit)";
// Personal Edition 32-bit Build 1260/1285 (16-bit)
- if (neh.LinkerVersion == 0x11
- && neh.LinkerRevision == 0x20
- && neh.EntryTableOffset == 0x00C6
- && neh.EntryTableSize == 0x0002
- && neh.CrcChecksum == 0x00000000
- && neh.ProgramFlags == 0x02
- && neh.ApplicationFlags == 0x03
- && neh.Autodata == 0x0003
- && neh.InitialHeapAlloc == 0x43DC
- && neh.InitialStackAlloc == 0x2708
- && neh.InitialCSIPSetting == 0x00014ADC
- && neh.InitialSSSPSetting == 0x00030000
- && neh.FileSegmentCount == 0x0003
- && neh.ModuleReferenceTableSize == 0x0005
- && neh.NonResidentNameTableSize == 0x004B
- && neh.SegmentTableOffset == 0x0040
- && neh.ResourceTableOffset == 0x0058
- && neh.ResidentNameTableOffset == 0x0090
- && neh.ModuleReferenceTableOffset == 0x009C
- && neh.ImportedNamesTableOffset == 0x00A6
- && neh.NonResidentNamesTableOffset == 0x000001D8
- && neh.MovableEntriesCount == 0x0000
- && neh.SegmentAlignmentShiftCount == 0x0001
- && neh.ResourceEntriesCount == 0x0000
- && neh.TargetOperatingSystem == 0x02
- && neh.AdditionalFlags == 0x00
- && neh.ReturnThunkOffset == 0x0000
- && neh.SegmentReferenceThunkOffset == 0x0000
- && neh.MinCodeSwapAreaSize == 0x0000
- && neh.WindowsSDKRevision == 0x00
- && neh.WindowsSDKVersion == 0x03)
+ if (nex.LinkerVersion == 0x11
+ && nex.LinkerRevision == 0x20
+ && nex.EntryTableOffset == 0x00C6
+ && nex.EntryTableSize == 0x0002
+ && nex.CrcChecksum == 0x00000000
+ && nex.FlagWord == (Models.NewExecutable.HeaderFlag.MULTIPLEDATA
+ | Models.NewExecutable.HeaderFlag.FullScreen
+ | Models.NewExecutable.HeaderFlag.WindowsPMCompatible)
+ && nex.AutomaticDataSegmentNumber == 0x0003
+ && nex.InitialHeapAlloc == 0x43DC
+ && nex.InitialStackAlloc == 0x2708
+ && nex.InitialCSIPSetting == 0x00014ADC
+ && nex.InitialSSSPSetting == 0x00030000
+ && nex.FileSegmentCount == 0x0003
+ && nex.ModuleReferenceTableSize == 0x0005
+ && nex.NonResidentNameTableSize == 0x004B
+ && nex.SegmentTableOffset == 0x0040
+ && nex.ResourceTableOffset == 0x0058
+ && nex.ResidentNameTableOffset == 0x0090
+ && nex.ModuleReferenceTableOffset == 0x009C
+ && nex.ImportedNamesTableOffset == 0x00A6
+ && nex.NonResidentNamesTableOffset == 0x000001D8
+ && nex.MovableEntriesCount == 0x0000
+ && nex.SegmentAlignmentShiftCount == 0x0001
+ && nex.ResourceEntriesCount == 0x0000
+ && nex.TargetOperatingSystem == Models.NewExecutable.OperatingSystem.WINDOWS
+ && nex.AdditionalFlags == 0x00
+ && nex.ReturnThunkOffset == 0x0000
+ && nex.SegmentReferenceThunkOffset == 0x0000
+ && nex.MinCodeSwapAreaSize == 0x0000
+ && nex.WindowsSDKRevision == 0x00
+ && nex.WindowsSDKVersion == 0x03)
return "Personal Edition 32-bit Build 1260/1285 (16-bit)";
#endregion
@@ -782,8 +800,8 @@ namespace BurnOutSharp.PackerType
private string GetNEUnknownHeaderVersion(NewExecutable nex, string file, bool includeDebug)
{
// TODO: Like with PE, convert this into a preread in the header code
- int resourceStart = nex.DOSStubHeader.NewExeHeaderAddr + nex.NewExecutableHeader.ResourceTableOffset;
- int resourceEnd = nex.DOSStubHeader.NewExeHeaderAddr + nex.NewExecutableHeader.ModuleReferenceTableOffset;
+ int resourceStart = (int)(nex.Stub_NewExeHeaderAddr + nex.ResourceTableOffset);
+ int resourceEnd = (int)(nex.Stub_NewExeHeaderAddr + nex.ModuleReferenceTableOffset);
int resourceLength = resourceEnd - resourceStart;
var resourceData = nex.ReadArbitraryRange(resourceStart, resourceLength);
@@ -813,137 +831,134 @@ namespace BurnOutSharp.PackerType
/// TODO: Research to see if the versions are embedded elsewhere in these files
private string GetPEHeaderVersion(PortableExecutable pex)
{
- var ifh = pex.ImageFileHeader;
- var ioh = pex.OptionalHeader;
-
// 2.2.3063
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x38BE7AC9
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x38BE7AC9
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x05
- && ioh.MinorLinkerVersion == 0x0A
- && ioh.SizeOfCode == 0x00005C00
- && ioh.SizeOfInitializedData == 0x00004C00
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x00003E71
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00007000
- && ioh.ImageBasePE32 == 0x00400000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x05
+ && pex.OH_MinorLinkerVersion == 0x0A
+ && pex.OH_SizeOfCode == 0x00005C00
+ && pex.OH_SizeOfInitializedData == 0x00004C00
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x00003E71
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00007000
+ && pex.OH_ImageBase == 0x00400000)
return "2.2.3063";
// 2.2.4003
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x3A5B1B69
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x3A5B1B69
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x05
- && ioh.MinorLinkerVersion == 0x0A
- && ioh.SizeOfCode == 0x00004A00
- && ioh.SizeOfInitializedData == 0x00002A00
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x000039D8
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00006000
- && ioh.ImageBasePE32 == 0x00400000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x05
+ && pex.OH_MinorLinkerVersion == 0x0A
+ && pex.OH_SizeOfCode == 0x00004A00
+ && pex.OH_SizeOfInitializedData == 0x00002A00
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x000039D8
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00006000
+ && pex.OH_ImageBase == 0x00400000)
return "2.2.4003";
// Software Installation 2.2.4003
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x3A5B1B81
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x3A5B1B81
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x05
- && ioh.MinorLinkerVersion == 0x0A
- && ioh.SizeOfCode == 0x00005600
- && ioh.SizeOfInitializedData == 0x00002A00
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x00003F8F
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00007000
- && ioh.ImageBasePE32 == 0x00400000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x05
+ && pex.OH_MinorLinkerVersion == 0x0A
+ && pex.OH_SizeOfCode == 0x00005600
+ && pex.OH_SizeOfInitializedData == 0x00002A00
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x00003F8F
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00007000
+ && pex.OH_ImageBase == 0x00400000)
return "Software Installation 2.2.4003";
// 2.2.4325
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x3BFBB8FA
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x3BFBB8FA
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x06
- && ioh.MinorLinkerVersion == 0x00
- && ioh.SizeOfCode == 0x00006000
- && ioh.SizeOfInitializedData == 0x0000F000
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x00003EF0
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00007000
- && ioh.ImageBasePE32 == 0x00400000
- && ioh.SectionAlignment == 0x00001000
- && ioh.FileAlignment == 0x00001000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x06
+ && pex.OH_MinorLinkerVersion == 0x00
+ && pex.OH_SizeOfCode == 0x00006000
+ && pex.OH_SizeOfInitializedData == 0x0000F000
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x00003EF0
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00007000
+ && pex.OH_ImageBase == 0x00400000
+ && pex.OH_SectionAlignment == 0x00001000
+ && pex.OH_FileAlignment == 0x00001000)
return "2.2.4325";
// 2.2.5196
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x3D2AFCAD
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x3D2AFCAD
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x07
- && ioh.MinorLinkerVersion == 0x00
- && ioh.SizeOfCode == 0x00007000
- && ioh.SizeOfInitializedData == 0x00010000
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x00004554
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00008000
- && ioh.ImageBasePE32 == 0x00400000
- && ioh.SectionAlignment == 0x00001000
- && ioh.FileAlignment == 0x00001000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x07
+ && pex.OH_MinorLinkerVersion == 0x00
+ && pex.OH_SizeOfCode == 0x00007000
+ && pex.OH_SizeOfInitializedData == 0x00010000
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x00004554
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00008000
+ && pex.OH_ImageBase == 0x00400000
+ && pex.OH_SectionAlignment == 0x00001000
+ && pex.OH_FileAlignment == 0x00001000)
return "2.2.5196";
// 2.2.6202
- if (ifh.Machine == MachineType.IMAGE_FILE_MACHINE_I386
- && ifh.NumberOfSections == 0x0005
- && ifh.TimeDateStamp == 0x4100F776
- && ifh.PointerToSymbolTable == 0x00000000
- && ifh.NumberOfSymbols == 0x00000000
- && ifh.SizeOfOptionalHeader == 0x00E0
- && (ushort)ifh.Characteristics == 0x010F
+ if (pex.Machine == Models.PortableExecutable.MachineType.IMAGE_FILE_MACHINE_I386
+ && pex.NumberOfSections == 0x0005
+ && pex.TimeDateStamp == 0x4100F776
+ && pex.PointerToSymbolTable == 0x00000000
+ && pex.NumberOfSymbols == 0x00000000
+ && pex.SizeOfOptionalHeader == 0x00E0
+ && (ushort)pex.Characteristics == 0x010F
- && ioh.Magic == OptionalHeaderType.PE32
- && ioh.MajorLinkerVersion == 0x07
- && ioh.MinorLinkerVersion == 0x00
- && ioh.SizeOfCode == 0x00007000
- && ioh.SizeOfInitializedData == 0x00010000
- && ioh.SizeOfUninitializedData == 0x00000000
- && ioh.AddressOfEntryPoint == 0x00004603
- && ioh.BaseOfCode == 0x00001000
- && ioh.BaseOfData == 0x00008000
- && ioh.ImageBasePE32 == 0x00400000)
+ && pex.OH_Magic == Models.PortableExecutable.OptionalHeaderMagicNumber.PE32
+ && pex.OH_MajorLinkerVersion == 0x07
+ && pex.OH_MinorLinkerVersion == 0x00
+ && pex.OH_SizeOfCode == 0x00007000
+ && pex.OH_SizeOfInitializedData == 0x00010000
+ && pex.OH_SizeOfUninitializedData == 0x00000000
+ && pex.OH_AddressOfEntryPoint == 0x00004603
+ && pex.OH_BaseOfCode == 0x00001000
+ && pex.OH_BaseOfData == 0x00008000
+ && pex.OH_ImageBase == 0x00400000)
return "2.2.6202";
return null;
diff --git a/BurnOutSharp/PackerType/WiseInstaller.cs b/BurnOutSharp/PackerType/WiseInstaller.cs
index 4ad0aaad..060e6de5 100644
--- a/BurnOutSharp/PackerType/WiseInstaller.cs
+++ b/BurnOutSharp/PackerType/WiseInstaller.cs
@@ -2,11 +2,10 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
using Wise = WiseUnpacker.WiseUnpacker;
namespace BurnOutSharp.PackerType
@@ -20,9 +19,8 @@ namespace BurnOutSharp.PackerType
///
public string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ /// Check we have a valid executable
+ if (nex == null)
return null;
// TODO: Don't read entire file
@@ -49,8 +47,9 @@ namespace BurnOutSharp.PackerType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -58,13 +57,13 @@ namespace BurnOutSharp.PackerType
new ContentMatchSet(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Wise Installation Wizard Module"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -72,7 +71,7 @@ namespace BurnOutSharp.PackerType
new ContentMatchSet(new byte?[] { 0x57, 0x69, 0x73, 0x65, 0x4D, 0x61, 0x69, 0x6E }, "Wise Installation Wizard Module"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/PackerType/dotFuscator.cs b/BurnOutSharp/PackerType/dotFuscator.cs
index d149937c..beaf7dd0 100644
--- a/BurnOutSharp/PackerType/dotFuscator.cs
+++ b/BurnOutSharp/PackerType/dotFuscator.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.PackerType
{
@@ -22,7 +22,7 @@ namespace BurnOutSharp.PackerType
return null;
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -35,7 +35,7 @@ namespace BurnOutSharp.PackerType
}, "dotFuscator"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/ActiveMARK.cs b/BurnOutSharp/ProtectionType/ActiveMARK.cs
index 09e0df7e..14a85638 100644
--- a/BurnOutSharp/ProtectionType/ActiveMARK.cs
+++ b/BurnOutSharp/ProtectionType/ActiveMARK.cs
@@ -1,7 +1,7 @@
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -39,134 +39,135 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
+ // TODO: Re-enable all Entry Point checks after implementing
// Get the entry point data, if it exists
- if (pex.EntryPointRaw != null)
- {
- var matchers = new List
- {
- // Checks sourced from https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
- new ContentMatchSet(new byte?[]
- {
- 0x79, 0x11, 0x7F, 0xAB, 0x9A, 0x4A, 0x83, 0xB5,
- 0xC9, 0x6B, 0x1A, 0x48, 0xF9, 0x27, 0xB4, 0x25,
- }, "ActiveMARK"),
+ // if (pex.EntryPointRaw != null)
+ // {
+ // var matchers = new List
+ // {
+ // // Checks sourced from https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x79, 0x11, 0x7F, 0xAB, 0x9A, 0x4A, 0x83, 0xB5,
+ // 0xC9, 0x6B, 0x1A, 0x48, 0xF9, 0x27, 0xB4, 0x25,
+ // }, "ActiveMARK"),
- new ContentMatchSet(new byte?[]
- {
- 0x20, 0x2D, 0x2D, 0x4D, 0x50, 0x52, 0x4D, 0x4D,
- 0x47, 0x56, 0x41, 0x2D, 0x2D, 0x00, 0x75, 0x73,
- 0x65, 0x72, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
- 0x00, 0x4D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
- 0x42, 0x6F, 0x78, 0x41, 0x00, 0x54, 0x68, 0x69,
- 0x73, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63,
- 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x63, 0x61,
- 0x6E, 0x6E, 0x6F, 0x74, 0x20, 0x72, 0x75, 0x6E,
- 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6E,
- 0x20, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x20,
- 0x64, 0x65, 0x62, 0x75, 0x67,
- }, "ActiveMARK 5.x -> Trymedia Systems Inc. (h)"),
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x20, 0x2D, 0x2D, 0x4D, 0x50, 0x52, 0x4D, 0x4D,
+ // 0x47, 0x56, 0x41, 0x2D, 0x2D, 0x00, 0x75, 0x73,
+ // 0x65, 0x72, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
+ // 0x00, 0x4D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+ // 0x42, 0x6F, 0x78, 0x41, 0x00, 0x54, 0x68, 0x69,
+ // 0x73, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63,
+ // 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x63, 0x61,
+ // 0x6E, 0x6E, 0x6F, 0x74, 0x20, 0x72, 0x75, 0x6E,
+ // 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6E,
+ // 0x20, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x20,
+ // 0x64, 0x65, 0x62, 0x75, 0x67,
+ // }, "ActiveMARK 5.x -> Trymedia Systems Inc. (h)"),
- new ContentMatchSet(new byte?[]
- {
- 0x20, 0x2D, 0x2D, 0x4D, 0x50, 0x52, 0x4D, 0x4D,
- 0x47, 0x56, 0x41, 0x2D, 0x2D, 0x00, 0x75, 0x73,
- 0x65, 0x72, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
- 0x00, 0x4D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
- 0x42, 0x6F, 0x78, 0x41, 0x00, 0x54, 0x68, 0x69,
- 0x73, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63,
- 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x63, 0x61,
- 0x6E, 0x6E, 0x6F, 0x74, 0x20, 0x72, 0x75, 0x6E,
- 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6E,
- 0x20, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x20,
- 0x64, 0x65, 0x62, 0x75, 0x67, 0x67, 0x65, 0x72,
- 0x20, 0x69, 0x6E, 0x20, 0x6D, 0x65, 0x6D, 0x6F,
- 0x72, 0x79, 0x2E, 0x0D, 0x0A, 0x50, 0x6C, 0x65,
- 0x61, 0x73, 0x65, 0x20, 0x75, 0x6E, 0x6C, 0x6F,
- 0x61, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64,
- 0x65, 0x62, 0x75, 0x67, 0x67, 0x65, 0x72, 0x20,
- 0x61, 0x6E, 0x64, 0x20, 0x72, 0x65, 0x73, 0x74,
- 0x61, 0x72, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63, 0x61, 0x74,
- 0x69, 0x6F, 0x6E, 0x2E, 0x00, 0x57, 0x61, 0x72,
- 0x6E, 0x69, 0x6E, 0x67,
- }, "ActiveMARK 5.x -> Trymedia Systems,Inc."),
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x20, 0x2D, 0x2D, 0x4D, 0x50, 0x52, 0x4D, 0x4D,
+ // 0x47, 0x56, 0x41, 0x2D, 0x2D, 0x00, 0x75, 0x73,
+ // 0x65, 0x72, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
+ // 0x00, 0x4D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+ // 0x42, 0x6F, 0x78, 0x41, 0x00, 0x54, 0x68, 0x69,
+ // 0x73, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63,
+ // 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x63, 0x61,
+ // 0x6E, 0x6E, 0x6F, 0x74, 0x20, 0x72, 0x75, 0x6E,
+ // 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x61, 0x6E,
+ // 0x20, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x20,
+ // 0x64, 0x65, 0x62, 0x75, 0x67, 0x67, 0x65, 0x72,
+ // 0x20, 0x69, 0x6E, 0x20, 0x6D, 0x65, 0x6D, 0x6F,
+ // 0x72, 0x79, 0x2E, 0x0D, 0x0A, 0x50, 0x6C, 0x65,
+ // 0x61, 0x73, 0x65, 0x20, 0x75, 0x6E, 0x6C, 0x6F,
+ // 0x61, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64,
+ // 0x65, 0x62, 0x75, 0x67, 0x67, 0x65, 0x72, 0x20,
+ // 0x61, 0x6E, 0x64, 0x20, 0x72, 0x65, 0x73, 0x74,
+ // 0x61, 0x72, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20,
+ // 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63, 0x61, 0x74,
+ // 0x69, 0x6F, 0x6E, 0x2E, 0x00, 0x57, 0x61, 0x72,
+ // 0x6E, 0x69, 0x6E, 0x67,
+ // }, "ActiveMARK 5.x -> Trymedia Systems,Inc."),
- new ContentMatchSet(new byte?[]
- {
- 0xBE, 0x48, 0x01, 0x40, 0x00, 0xAD, 0x8B, 0xF8,
- 0x95, 0xA5, 0x33, 0xC0, 0x33, 0xC9, 0xAB, 0x48,
- 0xAB, 0xF7, 0xD8, 0xB1, 0x04, 0xF3, 0xAB, 0xC1,
- 0xE0, 0x0A, 0xB5, 0x1C, 0xF3, 0xAB, 0xAD, 0x50,
- 0x97, 0x51, 0xAD, 0x87, 0xF5, 0x58, 0x8D, 0x54,
- 0x86, 0x5C, 0xFF, 0xD5, 0x72, 0x5A, 0x2C, 0x03,
- 0x73, 0x02, 0xB0, 0x00, 0x3C, 0x07, 0x72, 0x02,
- 0x2C, 0x03, 0x50, 0x0F, 0xB6, 0x5F, 0xFF, 0xC1,
- 0xE3, 0x03, 0xB3, 0x00, 0x8D, 0x1C, 0x5B, 0x8D,
- 0x9C, 0x9E, 0x0C, 0x10, 0x00, 0x00, 0xB0, 0x01,
- 0x67, 0xE3, 0x29, 0x8B, 0xD7, 0x2B, 0x56, 0x0C,
- 0x8A, 0x2A, 0x33, 0xD2, 0x84, 0xE9, 0x0F, 0x95,
- 0xC6, 0x52, 0xFE, 0xC6, 0x8A, 0xD0, 0x8D, 0x14,
- 0x93, 0xFF, 0xD5, 0x5A, 0x9F, 0x12, 0xC0, 0xD0,
- 0xE9, 0x74, 0x0E, 0x9E, 0x1A, 0xF2, 0x74, 0xE4,
- 0xB4, 0x00, 0x33, 0xC9, 0xB5, 0x01, 0xFF, 0x55,
- 0xCC, 0x33, 0xC9, 0xE9, 0xDF, 0x00, 0x00, 0x00,
- 0x8B, 0x5E, 0x0C, 0x83, 0xC2, 0x30, 0xFF, 0xD5,
- 0x73, 0x50, 0x83, 0xC2, 0x30, 0xFF, 0xD5, 0x72,
- 0x1B, 0x83, 0xC2, 0x30, 0xFF, 0xD5, 0x72, 0x2B,
- 0x3C, 0x07, 0xB0, 0x09, 0x72, 0x02, 0xB0, 0x0B,
- 0x50, 0x8B, 0xC7, 0x2B, 0x46, 0x0C, 0xB1, 0x80,
- 0x8A, 0x00, 0xEB, 0xCF, 0x83, 0xC2, 0x60, 0xFF,
- 0xD5, 0x87, 0x5E, 0x10, 0x73, 0x0D, 0x83, 0xC2,
- 0x30, 0xFF, 0xD5, 0x87, 0x5E, 0x14, 0x73, 0x03,
- 0x87, 0x5E, 0x18, 0x3C, 0x07, 0xB0, 0x08, 0x72,
- 0x02, 0xB0, 0x0B, 0x50, 0x53, 0x8D, 0x96, 0x7C,
- 0x07, 0x00, 0x00, 0xFF, 0x55, 0xD0, 0x5B, 0x91,
- 0xEB, 0x77, 0x3C, 0x07, 0xB0, 0x07, 0x72, 0x02,
- 0xB0, 0x0A, 0x50, 0x87, 0x5E, 0x10, 0x87, 0x5E,
- 0x14, 0x89, 0x5E, 0x18, 0x8D, 0x96, 0xC4, 0x0B,
- 0x00, 0x00, 0xFF, 0x55, 0xD0, 0x50, 0x48,
- }, "ActiveMARK 5.x -> Trymedia Systems,Inc. (h)"),
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0xBE, 0x48, 0x01, 0x40, 0x00, 0xAD, 0x8B, 0xF8,
+ // 0x95, 0xA5, 0x33, 0xC0, 0x33, 0xC9, 0xAB, 0x48,
+ // 0xAB, 0xF7, 0xD8, 0xB1, 0x04, 0xF3, 0xAB, 0xC1,
+ // 0xE0, 0x0A, 0xB5, 0x1C, 0xF3, 0xAB, 0xAD, 0x50,
+ // 0x97, 0x51, 0xAD, 0x87, 0xF5, 0x58, 0x8D, 0x54,
+ // 0x86, 0x5C, 0xFF, 0xD5, 0x72, 0x5A, 0x2C, 0x03,
+ // 0x73, 0x02, 0xB0, 0x00, 0x3C, 0x07, 0x72, 0x02,
+ // 0x2C, 0x03, 0x50, 0x0F, 0xB6, 0x5F, 0xFF, 0xC1,
+ // 0xE3, 0x03, 0xB3, 0x00, 0x8D, 0x1C, 0x5B, 0x8D,
+ // 0x9C, 0x9E, 0x0C, 0x10, 0x00, 0x00, 0xB0, 0x01,
+ // 0x67, 0xE3, 0x29, 0x8B, 0xD7, 0x2B, 0x56, 0x0C,
+ // 0x8A, 0x2A, 0x33, 0xD2, 0x84, 0xE9, 0x0F, 0x95,
+ // 0xC6, 0x52, 0xFE, 0xC6, 0x8A, 0xD0, 0x8D, 0x14,
+ // 0x93, 0xFF, 0xD5, 0x5A, 0x9F, 0x12, 0xC0, 0xD0,
+ // 0xE9, 0x74, 0x0E, 0x9E, 0x1A, 0xF2, 0x74, 0xE4,
+ // 0xB4, 0x00, 0x33, 0xC9, 0xB5, 0x01, 0xFF, 0x55,
+ // 0xCC, 0x33, 0xC9, 0xE9, 0xDF, 0x00, 0x00, 0x00,
+ // 0x8B, 0x5E, 0x0C, 0x83, 0xC2, 0x30, 0xFF, 0xD5,
+ // 0x73, 0x50, 0x83, 0xC2, 0x30, 0xFF, 0xD5, 0x72,
+ // 0x1B, 0x83, 0xC2, 0x30, 0xFF, 0xD5, 0x72, 0x2B,
+ // 0x3C, 0x07, 0xB0, 0x09, 0x72, 0x02, 0xB0, 0x0B,
+ // 0x50, 0x8B, 0xC7, 0x2B, 0x46, 0x0C, 0xB1, 0x80,
+ // 0x8A, 0x00, 0xEB, 0xCF, 0x83, 0xC2, 0x60, 0xFF,
+ // 0xD5, 0x87, 0x5E, 0x10, 0x73, 0x0D, 0x83, 0xC2,
+ // 0x30, 0xFF, 0xD5, 0x87, 0x5E, 0x14, 0x73, 0x03,
+ // 0x87, 0x5E, 0x18, 0x3C, 0x07, 0xB0, 0x08, 0x72,
+ // 0x02, 0xB0, 0x0B, 0x50, 0x53, 0x8D, 0x96, 0x7C,
+ // 0x07, 0x00, 0x00, 0xFF, 0x55, 0xD0, 0x5B, 0x91,
+ // 0xEB, 0x77, 0x3C, 0x07, 0xB0, 0x07, 0x72, 0x02,
+ // 0xB0, 0x0A, 0x50, 0x87, 0x5E, 0x10, 0x87, 0x5E,
+ // 0x14, 0x89, 0x5E, 0x18, 0x8D, 0x96, 0xC4, 0x0B,
+ // 0x00, 0x00, 0xFF, 0x55, 0xD0, 0x50, 0x48,
+ // }, "ActiveMARK 5.x -> Trymedia Systems,Inc. (h)"),
- new ContentMatchSet(new byte?[]
- {
- 0x79, 0x07, 0x0F, 0xB7, 0x07, 0x47, 0x50, 0x47,
- 0xB9, 0x57, 0x48, 0xF2, 0xAE, 0x55, 0xFF, 0x96,
- 0x84, null, 0x00, 0x00, 0x09, 0xC0, 0x74, 0x07,
- 0x89, 0x03, 0x83, 0xC3, 0x04, 0xEB, 0xD8, 0xFF,
- 0x96, 0x88, null, 0x00, 0x00, 0x61, 0xE9, null,
- null, null, 0xFF,
- }, "ActiveMARK R5.31.1140 -> Trymedia"),
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x79, 0x07, 0x0F, 0xB7, 0x07, 0x47, 0x50, 0x47,
+ // 0xB9, 0x57, 0x48, 0xF2, 0xAE, 0x55, 0xFF, 0x96,
+ // 0x84, null, 0x00, 0x00, 0x09, 0xC0, 0x74, 0x07,
+ // 0x89, 0x03, 0x83, 0xC3, 0x04, 0xEB, 0xD8, 0xFF,
+ // 0x96, 0x88, null, 0x00, 0x00, 0x61, 0xE9, null,
+ // null, null, 0xFF,
+ // }, "ActiveMARK R5.31.1140 -> Trymedia"),
- new ContentMatchSet(new byte?[]
- {
- 0x89, 0x25, null, null, null, null, null, null,
- null, null, 0xEB,
- }, "ActiveMark -> Trymedia Systems Inc."),
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x89, 0x25, null, null, null, null, null, null,
+ // null, null, 0xEB,
+ // }, "ActiveMark -> Trymedia Systems Inc."),
- new ContentMatchSet(new byte?[]
- {
- 0x89, 0x25, null, null, null, null, 0x33, 0xED,
- 0x55, 0x8B, 0xEC, 0xE8, null, null, null, null,
- 0x8B, 0xD0, 0x81, 0xE2, 0xFF, 0x00, 0x00, 0x00,
- 0x89, 0x15, null, null, null, null, 0x8B, 0xD0,
- 0xC1, 0xEA, 0x08, 0x81, 0xE2, 0xFF, 0x00, 0x00,
- 0x00, 0xA3, null, null, null, null, 0xD1, 0xE0,
- 0x0F, 0x93, 0xC3, 0x33, 0xC0, 0x8A, 0xC3, 0xA3,
- null, null, null, null, 0x68, 0xFF, 0x00, 0x00,
- 0x00, 0xE8, null, null, null, null, 0x6A, 0x00,
- 0xE8, null, null, null, null, 0xA3, null, null,
- null, null, 0xBB, null, null, null, null, 0xC7,
- 0x03, 0x44, 0x00, 0x00, 0x00,
- }, "ActiveMark -> Trymedia Systems Inc."),
- };
+ // new ContentMatchSet(new byte?[]
+ // {
+ // 0x89, 0x25, null, null, null, null, 0x33, 0xED,
+ // 0x55, 0x8B, 0xEC, 0xE8, null, null, null, null,
+ // 0x8B, 0xD0, 0x81, 0xE2, 0xFF, 0x00, 0x00, 0x00,
+ // 0x89, 0x15, null, null, null, null, 0x8B, 0xD0,
+ // 0xC1, 0xEA, 0x08, 0x81, 0xE2, 0xFF, 0x00, 0x00,
+ // 0x00, 0xA3, null, null, null, null, 0xD1, 0xE0,
+ // 0x0F, 0x93, 0xC3, 0x33, 0xC0, 0x8A, 0xC3, 0xA3,
+ // null, null, null, null, 0x68, 0xFF, 0x00, 0x00,
+ // 0x00, 0xE8, null, null, null, null, 0x6A, 0x00,
+ // 0xE8, null, null, null, null, 0xA3, null, null,
+ // null, null, 0xBB, null, null, null, null, 0xC7,
+ // 0x03, 0x44, 0x00, 0x00, 0x00,
+ // }, "ActiveMark -> Trymedia Systems Inc."),
+ // };
- string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
- if (!string.IsNullOrWhiteSpace(match))
- return match;
- }
+ // string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
+ // if (!string.IsNullOrWhiteSpace(match))
+ // return match;
+ // }
// Get the overlay data, if it exists
- if (pex.OverlayRaw != null)
+ if (pex.Overlay != null)
{
var matchers = new List
{
@@ -174,13 +175,13 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x00, 0x54, 0x4D, 0x53, 0x41, 0x4D, 0x56, 0x4F, 0x48, }, "ActiveMARK"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.OverlayRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.Overlay, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the last .bss section, if it exists
- var bssSectionRaw = pex.ReadRawSection(".bss", first: false);
+ var bssSectionRaw = pex.GetLastSectionData(".bss");
if (bssSectionRaw != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/AegiSoft.cs b/BurnOutSharp/ProtectionType/AegiSoft.cs
index c89fdc6c..a59bff56 100644
--- a/BurnOutSharp/ProtectionType/AegiSoft.cs
+++ b/BurnOutSharp/ProtectionType/AegiSoft.cs
@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -33,8 +33,9 @@ namespace BurnOutSharp.ProtectionType
// "Asc005.dll" has the Product Name "OrderWizard Dynamic Link Library".
// "Asc006.exe" has the Product Name "AGENT Application".
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -47,7 +48,7 @@ namespace BurnOutSharp.ProtectionType
}, "AegiSoft License Manager"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/AlphaROM.cs b/BurnOutSharp/ProtectionType/AlphaROM.cs
index 5bac72eb..05c31c48 100644
--- a/BurnOutSharp/ProtectionType/AlphaROM.cs
+++ b/BurnOutSharp/ProtectionType/AlphaROM.cs
@@ -1,7 +1,7 @@
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -54,8 +54,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -68,13 +69,13 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43, 0x30, 0x30, 0x30, 0x30 }, "Alpha-ROM"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -112,13 +113,13 @@ namespace BurnOutSharp.ProtectionType
}, "Alpha-ROM"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the overlay data, if it exists
- if (pex.OverlayRaw != null)
+ if (pex.Overlay != null)
{
var matchers = new List
{
@@ -127,7 +128,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43, 0x30, 0x30, 0x30, 0x30 }, "Alpha-ROM"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.OverlayRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.Overlay, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/CDCheck.cs b/BurnOutSharp/ProtectionType/CDCheck.cs
index 093173f6..a01e5932 100644
--- a/BurnOutSharp/ProtectionType/CDCheck.cs
+++ b/BurnOutSharp/ProtectionType/CDCheck.cs
@@ -1,7 +1,7 @@
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -16,7 +16,7 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -28,7 +28,7 @@ namespace BurnOutSharp.ProtectionType
}, "Microsoft Game Studios CD Check"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/CDDVDCops.cs b/BurnOutSharp/ProtectionType/CDDVDCops.cs
index 9b390d6e..04cd64d5 100644
--- a/BurnOutSharp/ProtectionType/CDDVDCops.cs
+++ b/BurnOutSharp/ProtectionType/CDDVDCops.cs
@@ -2,10 +2,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -45,9 +44,8 @@ namespace BurnOutSharp.ProtectionType
///
public string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
// TODO: Don't read entire file
diff --git a/BurnOutSharp/ProtectionType/CDKey.cs b/BurnOutSharp/ProtectionType/CDKey.cs
index 41015d1f..6dc58724 100644
--- a/BurnOutSharp/ProtectionType/CDKey.cs
+++ b/BurnOutSharp/ProtectionType/CDKey.cs
@@ -1,6 +1,6 @@
using System;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/CDLock.cs b/BurnOutSharp/ProtectionType/CDLock.cs
index d31b62e0..797da301 100644
--- a/BurnOutSharp/ProtectionType/CDLock.cs
+++ b/BurnOutSharp/ProtectionType/CDLock.cs
@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -34,8 +34,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -51,7 +52,7 @@ namespace BurnOutSharp.ProtectionType
}, "CD-Lock"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
index 736e7ad7..7ef63ba1 100644
--- a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
+++ b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs
@@ -1,7 +1,7 @@
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -16,7 +16,7 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the code/CODE section, if it exists
- var codeSectionRaw = pex.ReadRawSection("code", first: true) ?? pex.ReadRawSection("CODE", first: true);
+ var codeSectionRaw = pex.GetFirstSectionData("code") ?? pex.GetFirstSectionData("CODE");
if (codeSectionRaw != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/CactusDataShield.cs b/BurnOutSharp/ProtectionType/CactusDataShield.cs
index 0f0e8181..931e357b 100644
--- a/BurnOutSharp/ProtectionType/CactusDataShield.cs
+++ b/BurnOutSharp/ProtectionType/CactusDataShield.cs
@@ -4,9 +4,9 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -62,8 +62,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -74,13 +75,13 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rsrc section, if it exists
- var rsrcSectionRaw = pex.ReadRawSection(".rsrc", first: false);
+ var rsrcSectionRaw = pex.GetLastSectionData(".rsrc");
if (rsrcSectionRaw != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs b/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs
index 73ddef46..5ce3ca08 100644
--- a/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs
+++ b/BurnOutSharp/ProtectionType/CenegaProtectDVD.cs
@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/ChosenBytesCode-Lock.cs b/BurnOutSharp/ProtectionType/ChosenBytesCode-Lock.cs
index aae4bccd..501a16d1 100644
--- a/BurnOutSharp/ProtectionType/ChosenBytesCode-Lock.cs
+++ b/BurnOutSharp/ProtectionType/ChosenBytesCode-Lock.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -59,7 +59,7 @@ namespace BurnOutSharp.ProtectionType
return $"ChosenBytes Code-Lock {pex.ProductVersion}";
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -72,7 +72,7 @@ namespace BurnOutSharp.ProtectionType
}, "ChosenBytes Code-Lock"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/CopyLok.cs b/BurnOutSharp/ProtectionType/CopyLok.cs
index 3a370a09..bf3aba28 100644
--- a/BurnOutSharp/ProtectionType/CopyLok.cs
+++ b/BurnOutSharp/ProtectionType/CopyLok.cs
@@ -1,6 +1,6 @@
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -33,7 +33,7 @@ namespace BurnOutSharp.ProtectionType
// If there are more than 2 icd-prefixed sections, then we have a match
// Though this is the same name that SafeDisc uses for protected executables, this seems to be a coincidence.
// Found in Redump entries 31557, 31674, 31675, 31708, 38239, 44210, and 53929.
- int icdSectionCount = pex.GetSectionNames().Count(s => s.StartsWith("icd"));
+ int icdSectionCount = pex.SectionNames.Count(s => s.StartsWith("icd"));
if (icdSectionCount >= 2)
return "CopyLok / CodeLok";
diff --git a/BurnOutSharp/ProtectionType/Cucko.cs b/BurnOutSharp/ProtectionType/Cucko.cs
index c498cd6d..34c70672 100644
--- a/BurnOutSharp/ProtectionType/Cucko.cs
+++ b/BurnOutSharp/ProtectionType/Cucko.cs
@@ -1,7 +1,7 @@
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -20,7 +20,7 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the .text section, if it exists
- if (pex.TextSectionRaw == null)
+ if (!pex.ContainsSection(".text"))
return null;
var matchers = new List
@@ -35,7 +35,7 @@ namespace BurnOutSharp.ProtectionType
}, "Cucko (EA Custom)")
};
- return MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ return MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
}
}
}
diff --git a/BurnOutSharp/ProtectionType/Denuvo.cs b/BurnOutSharp/ProtectionType/Denuvo.cs
index 224e2e5a..213eab47 100644
--- a/BurnOutSharp/ProtectionType/Denuvo.cs
+++ b/BurnOutSharp/ProtectionType/Denuvo.cs
@@ -1,11 +1,10 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -66,19 +65,20 @@ namespace BurnOutSharp.ProtectionType
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Denuvo%20protector.2.sg
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/_denuvoComplete.2.sg
+ // TODO: Re-enable all Entry Point checks after implementing
// Denuvo Protector
- if (pex.OptionalHeader.Magic == OptionalHeaderType.PE32Plus && pex.EntryPointRaw != null)
- {
- byte?[] denuvoProtector = new byte?[]
- {
- 0x48, 0x8D, 0x0D, null, null, null, null, null,
- null, null, null, 0xE9, null, null, null, null,
- 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- };
+ // if (pex.OptionalHeader.Magic == OptionalHeaderType.PE32Plus && pex.EntryPointRaw != null)
+ // {
+ // byte?[] denuvoProtector = new byte?[]
+ // {
+ // 0x48, 0x8D, 0x0D, null, null, null, null, null,
+ // null, null, null, 0xE9, null, null, null, null,
+ // 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ // };
- if (pex.EntryPointRaw.StartsWith(denuvoProtector))
- return "Denuvo Protector";
- }
+ // if (pex.EntryPointRaw.StartsWith(denuvoProtector))
+ // return "Denuvo Protector";
+ // }
// Denuvo
var timingMatchers = new List
@@ -92,171 +92,172 @@ namespace BurnOutSharp.ProtectionType
}, "Denuvo")
};
- if (pex.ContainsSection(".arch") || pex.ContainsSection(".srdata") || !string.IsNullOrWhiteSpace(MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, timingMatchers, includeDebug)))
- {
- if (pex.OptionalHeader.Magic == OptionalHeaderType.PE32Plus)
- {
- var matchers = new List
- {
- // Mad Max, Metal Gear Solid: TPP, Rise of the Tomb Raider
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x51, 0x52, 0x41, 0x50, 0x41, 0x51, 0x4C, 0x8D,
- null, null, null, null, null, 0x4C, 0x8D, null,
- null, null, null, null, 0x4D, 0x29, 0xC1,
- },
- end: 0
- ),
- "Denuvo v1.0 (x64)"),
+ // TODO: Re-enable all Entry Point checks after implementing
+ // if (pex.ContainsSection(".arch") || pex.ContainsSection(".srdata") || !string.IsNullOrWhiteSpace(MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, timingMatchers, includeDebug)))
+ // {
+ // if (pex.OH_Magic == OptionalHeaderType.PE32Plus)
+ // {
+ // var matchers = new List
+ // {
+ // // Mad Max, Metal Gear Solid: TPP, Rise of the Tomb Raider
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x51, 0x52, 0x41, 0x50, 0x41, 0x51, 0x4C, 0x8D,
+ // null, null, null, null, null, 0x4C, 0x8D, null,
+ // null, null, null, null, 0x4D, 0x29, 0xC1,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v1.0 (x64)"),
- // Lords of the Fallen, Batman: AK, Just Cause 3, Sherlock Holmes: TdD, Tales of Berseria etc
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x48, 0x8D, 0x0D, null, null, null, null, 0xE9,
- null, null, null, null,
- },
- end: 0
- ),
- "Denuvo v2.0a (x64)"),
+ // // Lords of the Fallen, Batman: AK, Just Cause 3, Sherlock Holmes: TdD, Tales of Berseria etc
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x48, 0x8D, 0x0D, null, null, null, null, 0xE9,
+ // null, null, null, null,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v2.0a (x64)"),
- // Yesterday Origins
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x48, 0x89, null, null, null, null, null, 0x48,
- 0x89, null, null, null, null, null, 0x4C, 0x89,
- null, null, null, null, null, 0x4C, 0x89, null,
- null, null, null, null, 0x48, 0x83, 0xFA, 0x01,
- },
- end: 0
- ),
- "Denuvo v2.0b (x64)"),
+ // // Yesterday Origins
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x48, 0x89, null, null, null, null, null, 0x48,
+ // 0x89, null, null, null, null, null, 0x4C, 0x89,
+ // null, null, null, null, null, 0x4C, 0x89, null,
+ // null, null, null, null, 0x48, 0x83, 0xFA, 0x01,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v2.0b (x64)"),
- // Sniper Ghost Warrior 3 (beta), Dead Rising 4 (SteamStub-free)
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- null, null, null, null, null, null, null, null,
- 0x4C, 0x89, 0x1C, 0x24, 0x49, 0x89, 0xE3,
- },
- end: 0
- ),
- "Denuvo v3.0a (x64)"),
+ // // Sniper Ghost Warrior 3 (beta), Dead Rising 4 (SteamStub-free)
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // null, null, null, null, null, null, null, null,
+ // 0x4C, 0x89, 0x1C, 0x24, 0x49, 0x89, 0xE3,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v3.0a (x64)"),
- // Train Sim World CSX Heavy Haul
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x4D, 0x8D, null, null, null, null, null, null,
- null, null, null, 0x48, 0x89, null, null, null,
- null, null, 0x48, 0x8D, null, null, 0x48, 0x89,
- null, 0x48, 0x89, null, 0x48, 0x89,
- },
- end: 0
- ),
- "Denuvo v3.0b (x64)"),
- };
+ // // Train Sim World CSX Heavy Haul
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x4D, 0x8D, null, null, null, null, null, null,
+ // null, null, null, 0x48, 0x89, null, null, null,
+ // null, null, 0x48, 0x8D, null, null, 0x48, 0x89,
+ // null, 0x48, 0x89, null, 0x48, 0x89,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v3.0b (x64)"),
+ // };
- string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
- if (!string.IsNullOrWhiteSpace(match))
- return match;
+ // string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
+ // if (!string.IsNullOrWhiteSpace(match))
+ // return match;
- return "Denuvo (Unknown x64 Version)";
+ // return "Denuvo (Unknown x64 Version)";
- //// Check if steam_api64.dll present
- //if (PE.isLibraryPresent("steam_api64.dll"))
- //{
- // // Override additional info
- // sOptions = "x64 -> Steam";
- // bDetected = 1;
- //}
- //// Check if uplay_r1_loader64.dll present
- //if (PE.isLibraryPresent("uplay_r1_loader64.dll"))
- //{
- // // Override additional info
- // sOptions = "x64 -> uPlay";
- // bDetected = 1;
- //}
- //// Check if uplay_r2_loader64.dll present
- //if (PE.isLibraryPresent("uplay_r2_loader64.dll"))
- //{
- // // Override additional info
- // sOptions = "x64 -> uPlay";
- // bDetected = 1;
- //}
- //// Check if Core/Activation64.dll present
- //if (PE.isLibraryPresent("Core/Activation64.dll"))
- //{
- // // Override additional info
- // sOptions = "x64 -> Origin";
- // bDetected = 1;
- //}
- }
- else
- {
- var matchers = new List
- {
- // Pro Evolution Soccer 2017, Champions of Anteria
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x55, 0x89, 0xE5, 0x8D, null, null, null, null,
- null, null, 0xE8, null, null, null, null, 0xE8,
- null, null, null, null, 0xE8, null, null, null,
- null, 0xE8, null, null, null, null,
- },
- end: 0
- ),
- "Denuvo v1.0 (x86)"),
+ // //// Check if steam_api64.dll present
+ // //if (PE.isLibraryPresent("steam_api64.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x64 -> Steam";
+ // // bDetected = 1;
+ // //}
+ // //// Check if uplay_r1_loader64.dll present
+ // //if (PE.isLibraryPresent("uplay_r1_loader64.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x64 -> uPlay";
+ // // bDetected = 1;
+ // //}
+ // //// Check if uplay_r2_loader64.dll present
+ // //if (PE.isLibraryPresent("uplay_r2_loader64.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x64 -> uPlay";
+ // // bDetected = 1;
+ // //}
+ // //// Check if Core/Activation64.dll present
+ // //if (PE.isLibraryPresent("Core/Activation64.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x64 -> Origin";
+ // // bDetected = 1;
+ // //}
+ // }
+ // else
+ // {
+ // var matchers = new List
+ // {
+ // // Pro Evolution Soccer 2017, Champions of Anteria
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x55, 0x89, 0xE5, 0x8D, null, null, null, null,
+ // null, null, 0xE8, null, null, null, null, 0xE8,
+ // null, null, null, null, 0xE8, null, null, null,
+ // null, 0xE8, null, null, null, null,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v1.0 (x86)"),
- // Romance of 13 Kingdoms, 2Dark
- new ContentMatchSet(
- new ContentMatch(
- new byte?[]
- {
- 0x8D, null, null, null, null, null, null, 0x89,
- 0x7C, 0x24, 0x04, 0x89, 0xE7,
- },
- end: 0
- ),
- "Denuvo v2.0 (x86)"),
- };
+ // // Romance of 13 Kingdoms, 2Dark
+ // new ContentMatchSet(
+ // new ContentMatch(
+ // new byte?[]
+ // {
+ // 0x8D, null, null, null, null, null, null, 0x89,
+ // 0x7C, 0x24, 0x04, 0x89, 0xE7,
+ // },
+ // end: 0
+ // ),
+ // "Denuvo v2.0 (x86)"),
+ // };
- string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
- if (!string.IsNullOrWhiteSpace(match))
- return match;
+ // string match = MatchUtil.GetFirstMatch(file, pex.EntryPointRaw, matchers, includeDebug);
+ // if (!string.IsNullOrWhiteSpace(match))
+ // return match;
- //// Check if steam_api64.dll present
- //if (PE.isLibraryPresent("steam_api.dll"))
- //{
- // // Override additional info
- // sOptions = "x86 -> Steam";
- // bDetected = 1;
- //}
- //// Check if uplay_r1_loader.dll present
- //if (PE.isLibraryPresent("uplay_r1_loader.dll"))
- //{
- // // Override additional info
- // sOptions = "x86 -> uPlay";
- // bDetected = 1;
- //}
- //// Check if Core/Activation.dll present
- //if (PE.isLibraryPresent("Core/Activation.dll"))
- //{
- // // Override additional info
- // sOptions = "x86 -> Origin";
- // bDetected = 1;
- //}
- }
- }
+ // //// Check if steam_api64.dll present
+ // //if (PE.isLibraryPresent("steam_api.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x86 -> Steam";
+ // // bDetected = 1;
+ // //}
+ // //// Check if uplay_r1_loader.dll present
+ // //if (PE.isLibraryPresent("uplay_r1_loader.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x86 -> uPlay";
+ // // bDetected = 1;
+ // //}
+ // //// Check if Core/Activation.dll present
+ // //if (PE.isLibraryPresent("Core/Activation.dll"))
+ // //{
+ // // // Override additional info
+ // // sOptions = "x86 -> Origin";
+ // // bDetected = 1;
+ // //}
+ // }
+ // }
return null;
}
diff --git a/BurnOutSharp/ProtectionType/DiscGuard.cs b/BurnOutSharp/ProtectionType/DiscGuard.cs
index 01ef346e..0e13f95a 100644
--- a/BurnOutSharp/ProtectionType/DiscGuard.cs
+++ b/BurnOutSharp/ProtectionType/DiscGuard.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -54,8 +54,7 @@ namespace BurnOutSharp.ProtectionType
return $"DiscGuard";
// Get the .vbn section, if it exists
- var DiscGuardSection = pex.ReadRawSection(".vbn");
- if (DiscGuardSection != null)
+ if (pex.ContainsSection(".vbn"))
{
var matchers = new List
{
@@ -106,13 +105,13 @@ namespace BurnOutSharp.ProtectionType
}, "DiscGuard"),
};
- string match = MatchUtil.GetFirstMatch(file, DiscGuardSection, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".vbn"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rsrc section, if it exists
- var rsrcSection = pex.ReadRawSection(".rsrc");
+ var rsrcSection = pex.GetFirstSectionData(".rsrc");
if (rsrcSection != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/EasyAntiCheat.cs b/BurnOutSharp/ProtectionType/EasyAntiCheat.cs
index 390089ef..9a942e6e 100644
--- a/BurnOutSharp/ProtectionType/EasyAntiCheat.cs
+++ b/BurnOutSharp/ProtectionType/EasyAntiCheat.cs
@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/ElectronicArts.cs b/BurnOutSharp/ProtectionType/ElectronicArts.cs
index d7a75c77..79306670 100644
--- a/BurnOutSharp/ProtectionType/ElectronicArts.cs
+++ b/BurnOutSharp/ProtectionType/ElectronicArts.cs
@@ -1,9 +1,10 @@
using System;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Linq;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -29,12 +30,12 @@ namespace BurnOutSharp.ProtectionType
if (name?.Equals("CDCode", StringComparison.Ordinal) == true)
return $"EA CdKey Registration Module {Utilities.GetInternalVersion(pex)}";
- var resource = pex.FindResource(dataContains: "A\0b\0o\0u\0t\0 \0C\0D\0K\0e\0y");
- if (resource != null)
+ if (pex.FindDialogByTitle("About CDKey").Any())
return $"EA CdKey Registration Module {Utilities.GetInternalVersion(pex)}";
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -46,13 +47,13 @@ namespace BurnOutSharp.ProtectionType
}, Utilities.GetInternalVersion, "EA CdKey Registration Module"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -65,13 +66,13 @@ namespace BurnOutSharp.ProtectionType
}, "EA DRM Protection"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -84,7 +85,7 @@ namespace BurnOutSharp.ProtectionType
}, "EA DRM Protection"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/GFWL.cs b/BurnOutSharp/ProtectionType/GFWL.cs
index 8487f3be..5068633d 100644
--- a/BurnOutSharp/ProtectionType/GFWL.cs
+++ b/BurnOutSharp/ProtectionType/GFWL.cs
@@ -1,10 +1,10 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -25,7 +25,7 @@ namespace BurnOutSharp.ProtectionType
return $"Games for Windows LIVE {Utilities.GetInternalVersion(pex)}";
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -33,7 +33,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x78, 0x6C, 0x69, 0x76, 0x65, 0x2E, 0x64, 0x6C, 0x6C }, "Games for Windows LIVE"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/HexaLock.cs b/BurnOutSharp/ProtectionType/HexaLock.cs
index 8313d324..74bac6d0 100644
--- a/BurnOutSharp/ProtectionType/HexaLock.cs
+++ b/BurnOutSharp/ProtectionType/HexaLock.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/ImpulseReactor.cs b/BurnOutSharp/ProtectionType/ImpulseReactor.cs
index 3857a103..b66fbabe 100644
--- a/BurnOutSharp/ProtectionType/ImpulseReactor.cs
+++ b/BurnOutSharp/ProtectionType/ImpulseReactor.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -27,12 +27,12 @@ namespace BurnOutSharp.ProtectionType
if (name?.Contains("ImpulseReactor Dynamic Link Library") == true)
return $"Impulse Reactor Core Module {Utilities.GetInternalVersion(pex)}";
- name = pex.OriginalFileName;
+ name = pex.OriginalFilename;
if (name?.Contains("ReactorActivate.exe") == true)
return $"Stardock Product Activation {Utilities.GetInternalVersion(pex)}";
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
// CVPInitializeClient
byte?[] check = new byte?[]
@@ -41,7 +41,7 @@ namespace BurnOutSharp.ProtectionType
0x61, 0x6C, 0x69, 0x7A, 0x65, 0x43, 0x6C, 0x69,
0x65, 0x6E, 0x74
};
- bool containsCheck = pex.ResourceDataSectionRaw.FirstPosition(check, out int position);
+ bool containsCheck = pex.GetFirstSectionData(".rdata").FirstPosition(check, out int position);
// TODO: Find what resource this is in
// A + (char)0x00 + T + (char)0x00 + T + (char)0x00 + L + (char)0x00 + I + (char)0x00 + S + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + E + (char)0x00 + L + (char)0x00 + E + (char)0x00 + M + (char)0x00 + E + (char)0x00 + N + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + N + (char)0x00 + O + (char)0x00 + T + (char)0x00 + A + (char)0x00 + T + (char)0x00 + I + (char)0x00 + O + (char)0x00 + N + (char)0x00
@@ -54,7 +54,7 @@ namespace BurnOutSharp.ProtectionType
0x4E, 0x00, 0x4F, 0x00, 0x54, 0x00, 0x41, 0x00,
0x54, 0x00, 0x49, 0x00, 0x4F, 0x00, 0x4E
};
- bool containsCheck2 = pex.ResourceDataSectionRaw.FirstPosition(check2, out int position2);
+ bool containsCheck2 = pex.GetFirstSectionData(".rdata").FirstPosition(check2, out int position2);
if (containsCheck && containsCheck2)
return $"Impulse Reactor Core Module {Utilities.GetInternalVersion(pex)}" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty);
diff --git a/BurnOutSharp/ProtectionType/Intenium.cs b/BurnOutSharp/ProtectionType/Intenium.cs
index 18cc00dd..6072b6d1 100644
--- a/BurnOutSharp/ProtectionType/Intenium.cs
+++ b/BurnOutSharp/ProtectionType/Intenium.cs
@@ -1,5 +1,6 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Linq;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -29,8 +30,8 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- var fileNameResource = pex.FindResource(dataContains: $"NO NESTED PRMS SUPPORTED");
- if (fileNameResource != null)
+ var fileNameResource = pex.FindGenericResource("NO NESTED PRMS SUPPORTED");
+ if (fileNameResource.Any())
return "INTENIUM Trial & Buy Protection";
return null;
diff --git a/BurnOutSharp/ProtectionType/JoWood.cs b/BurnOutSharp/ProtectionType/JoWood.cs
index f975eb03..fe343024 100644
--- a/BurnOutSharp/ProtectionType/JoWood.cs
+++ b/BurnOutSharp/ProtectionType/JoWood.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Generic;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -25,8 +25,7 @@ namespace BurnOutSharp.ProtectionType
if (extSection)
{
// Get the .dcrtext section, if it exists
- var dcrtextSectionRaw = pex.ReadRawSection(".dcrtext");
- if (dcrtextSectionRaw != null)
+ if (pex.ContainsSection(".dcrtext"))
{
var matchers = new List
{
@@ -40,7 +39,7 @@ namespace BurnOutSharp.ProtectionType
}, GetVersion, "JoWood X-Prot"),
};
- string match = MatchUtil.GetFirstMatch(file, dcrtextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".dcrtext"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/LabelGate.cs b/BurnOutSharp/ProtectionType/LabelGate.cs
index d5d94824..8aed7eb5 100644
--- a/BurnOutSharp/ProtectionType/LabelGate.cs
+++ b/BurnOutSharp/ProtectionType/LabelGate.cs
@@ -2,9 +2,9 @@ using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -34,8 +34,9 @@ namespace BurnOutSharp.ProtectionType
if (name?.StartsWith("MQSTART", StringComparison.OrdinalIgnoreCase) == true)
return $"LabelGate CD2 Media Player";
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -44,7 +45,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x4C, 0x47, 0x43, 0x44, 0x32, 0x5F, 0x4C, 0x41, 0x55, 0x4E, 0x43, 0x48 }, "LabelGate CD2"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/LaserLok.cs b/BurnOutSharp/ProtectionType/LaserLok.cs
index 0907c3f9..ddffc049 100644
--- a/BurnOutSharp/ProtectionType/LaserLok.cs
+++ b/BurnOutSharp/ProtectionType/LaserLok.cs
@@ -3,10 +3,10 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -64,15 +64,15 @@ namespace BurnOutSharp.ProtectionType
0x6C, 0x61, 0x6D, 0x65, 0x6E, 0x74, 0x61, 0x73,
0x2E, 0x50, 0x45
};
- int endDosStub = pex.DOSStubHeader.NewExeHeaderAddr;
- bool containsCheck = pex.DOSStubHeader.ExecutableData.FirstPosition(check, out int position);
+ int endDosStub = (int)pex.Stub_NewExeHeaderAddr;
+ bool containsCheck = pex.StubExecutableData.FirstPosition(check, out int position);
// If the .text section doesn't exist, then the second check can't be found
bool containsCheck2 = false;
int position2 = -1;
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
// GetModuleHandleA + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + GetProcAddress + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + LoadLibraryA + (char)0x00 + (char)0x00 + KERNEL32.dll + (char)0x00 + ëy + (char)0x01 + SNIF/MPVI
byte?[] check2 = new byte?[]
@@ -87,15 +87,15 @@ namespace BurnOutSharp.ProtectionType
0x45, 0x4C, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
0x00, 0xEB, 0x79, 0x01, null, null, null, null,
};
- containsCheck2 = pex.TextSectionRaw.FirstPosition(check2, out position2);
+ containsCheck2 = pex.GetFirstSectionData(".text").FirstPosition(check2, out position2);
}
if (containsCheck && containsCheck2)
- return $"LaserLok {GetVersion(pex.TextSectionRaw, position2)} {GetBuild(pex.TextSectionRaw, true)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty);
+ return $"LaserLok {GetVersion(pex.GetFirstSectionData(".text"), position2)} {GetBuild(pex.GetFirstSectionData(".text"), true)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position}, {position2})" : string.Empty);
else if (containsCheck && !containsCheck2)
- return $"LaserLok Marathon {GetBuild(pex.TextSectionRaw, false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position})" : string.Empty);
+ return $"LaserLok Marathon {GetBuild(pex.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position})" : string.Empty);
else if (!containsCheck && containsCheck2)
- return $"LaserLok {GetVersion(pex.TextSectionRaw, --position2)} {GetBuild(pex.TextSectionRaw, false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position2})" : string.Empty);
+ return $"LaserLok {GetVersion(pex.GetFirstSectionData(".text"), --position2)} {GetBuild(pex.GetFirstSectionData(".text"), false)} [Check disc for physical ring]" + (includeDebug ? $" (Index {position2})" : string.Empty);
return null;
}
diff --git a/BurnOutSharp/ProtectionType/Macrovision.CDilla.cs b/BurnOutSharp/ProtectionType/Macrovision.CDilla.cs
index d5478b91..f434dd9e 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.CDilla.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.CDilla.cs
@@ -1,12 +1,8 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
-using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -38,9 +34,8 @@ namespace BurnOutSharp.ProtectionType
///
public string CDillaCheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
// TODO: Implement NE checks for "CDILLA05", "CDILLA10", "CDILLA16", and "CDILLA40".
@@ -73,8 +68,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -86,7 +82,7 @@ namespace BurnOutSharp.ProtectionType
0x5C, 0x52, 0x54, 0x53 }, "C-Dilla License Management System"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/Macrovision.CactusDataShield.cs b/BurnOutSharp/ProtectionType/Macrovision.CactusDataShield.cs
index af76cb3d..0d96045d 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.CactusDataShield.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.CactusDataShield.cs
@@ -2,10 +2,10 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/Macrovision.FLEXnet.cs b/BurnOutSharp/ProtectionType/Macrovision.FLEXnet.cs
index 879507f5..1a811800 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.FLEXnet.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.FLEXnet.cs
@@ -1,11 +1,5 @@
using System;
-using System.Collections.Concurrent;
-using System.Collections.Generic;
-using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
-using BurnOutSharp.Matching;
-using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/Macrovision.SafeCast.cs b/BurnOutSharp/ProtectionType/Macrovision.SafeCast.cs
index 6a17bf0c..b295ba2e 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.SafeCast.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.SafeCast.cs
@@ -1,12 +1,8 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
-using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -37,9 +33,8 @@ namespace BurnOutSharp.ProtectionType
///
public string SafeCastCheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
// TODO: Implement the following NE checks:
@@ -59,8 +54,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -73,7 +69,7 @@ namespace BurnOutSharp.ProtectionType
0x74 }, "SafeCast"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/Macrovision.SafeDisc.cs b/BurnOutSharp/ProtectionType/Macrovision.SafeDisc.cs
index 4c9d0ad4..97e572aa 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.SafeDisc.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.SafeDisc.cs
@@ -2,10 +2,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/Macrovision.cs b/BurnOutSharp/ProtectionType/Macrovision.cs
index 5c3cd6c1..5d01f0f1 100644
--- a/BurnOutSharp/ProtectionType/Macrovision.cs
+++ b/BurnOutSharp/ProtectionType/Macrovision.cs
@@ -1,14 +1,10 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.NE;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
-using static System.Net.WebRequestMethods;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -20,9 +16,8 @@ namespace BurnOutSharp.ProtectionType
///
public string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug)
{
- // Get the DOS stub from the executable, if possible
- var stub = nex?.DOSStubHeader;
- if (stub == null)
+ // Check we have a valid executable
+ if (nex == null)
return null;
List resultsList = new List();
@@ -195,7 +190,7 @@ namespace BurnOutSharp.ProtectionType
return $"SafeDisc SRV Tool APP {GetSafeDiscDiagExecutableVersion(pex)}";
// This subtract is needed because BoG_ starts before the section
- var sectionRaw = pex.ReadRawSection(sectionName, first: true, offset: -64);
+ var sectionRaw = pex.GetFirstSectionDataWithOffset(sectionName, offset: -64);
if (sectionRaw != null)
{
// TODO: Add more checks to help differentiate between SafeDisc and SafeCast.
diff --git a/BurnOutSharp/ProtectionType/MediaCloQ.cs b/BurnOutSharp/ProtectionType/MediaCloQ.cs
index e7f0a9b2..09a572b9 100644
--- a/BurnOutSharp/ProtectionType/MediaCloQ.cs
+++ b/BurnOutSharp/ProtectionType/MediaCloQ.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs
index 339194fb..1d956fe7 100644
--- a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs
+++ b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs
@@ -1,9 +1,10 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Linq;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -32,12 +33,17 @@ namespace BurnOutSharp.ProtectionType
if (name?.StartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase) == true)
return $"MediaMax CD-3";
- var resource = pex.FindResource(dataContains: "Cd3Ctl");
- if (resource != null)
+ var cd3CtrlResources = pex.FindGenericResource("Cd3Ctl");
+ if (cd3CtrlResources.Any())
+ return $"MediaMax CD-3";
+
+ var limitedProductionResources = pex.FindDialogBoxByItemTitle("This limited production advanced CD is not playable on your computer. It is solely intended for playback on standard CD players.");
+ if (limitedProductionResources.Any())
return $"MediaMax CD-3";
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -49,13 +55,13 @@ namespace BurnOutSharp.ProtectionType
}, "MediaMax CD-3"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -67,7 +73,7 @@ namespace BurnOutSharp.ProtectionType
}, "MediaMax CD-3"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/OnlineRegistration.cs b/BurnOutSharp/ProtectionType/OnlineRegistration.cs
index c314cd8e..ca1c7ffb 100644
--- a/BurnOutSharp/ProtectionType/OnlineRegistration.cs
+++ b/BurnOutSharp/ProtectionType/OnlineRegistration.cs
@@ -1,7 +1,7 @@
using System;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/OpenMG.cs b/BurnOutSharp/ProtectionType/OpenMG.cs
index ac2d78a9..09a9bc8e 100644
--- a/BurnOutSharp/ProtectionType/OpenMG.cs
+++ b/BurnOutSharp/ProtectionType/OpenMG.cs
@@ -2,9 +2,9 @@ using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/Origin.cs b/BurnOutSharp/ProtectionType/Origin.cs
index 75e57461..9d76dd5b 100644
--- a/BurnOutSharp/ProtectionType/Origin.cs
+++ b/BurnOutSharp/ProtectionType/Origin.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/PlayJ.cs b/BurnOutSharp/ProtectionType/PlayJ.cs
index 53f8b26c..5d9f15fe 100644
--- a/BurnOutSharp/ProtectionType/PlayJ.cs
+++ b/BurnOutSharp/ProtectionType/PlayJ.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/ProtectDisc.cs b/BurnOutSharp/ProtectionType/ProtectDisc.cs
index 7bf41da1..8d5d61ed 100644
--- a/BurnOutSharp/ProtectionType/ProtectDisc.cs
+++ b/BurnOutSharp/ProtectionType/ProtectDisc.cs
@@ -1,9 +1,10 @@
using System;
using System.Collections.Generic;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Text;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -18,12 +19,11 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the 4th section, if it exists (example names: ACE4) (Found in Redump entry 94793)
- var fourthSection = sections.Length < 4 ? null : sections[3];
- if (fourthSection != null)
+ // Get the 4th and 5th sections, if they exist (example names: ACE4/ACE5) (Found in Redump entries 94792, 94793)
+ for (int i = 3; i < sections.Length; i++)
{
- var fourthSectionData = pex.ReadRawSection(fourthSection.NameString, first: true);
- if (fourthSectionData != null)
+ var nthSectionData = pex.GetSectionData(i);
+ if (nthSectionData != null)
{
var matchers = new List
{
@@ -31,33 +31,15 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x41, 0x43, 0x45, 0x2D, 0x50, 0x43, 0x44 }, GetVersion6till8, "ProtectDISC"),
};
- string match = MatchUtil.GetFirstMatch(file, fourthSectionData, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, nthSectionData, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
}
- // Get the 5th section, if it exists (example names: ACE5) (Found in Redump entry 94792)
- var fifthSection = sections.Length < 5 ? null : sections[4];
- if (fifthSection != null)
- {
- var fifthSectionData = pex.ReadRawSection(fifthSection.NameString, first: true);
- if (fifthSectionData != null)
- {
- var matchers = new List
- {
- // ACE-PCD
- new ContentMatchSet(new byte?[] { 0x41, 0x43, 0x45, 0x2D, 0x50, 0x43, 0x44 }, GetVersion6till8, "ProtectDISC"),
- };
-
- string match = MatchUtil.GetFirstMatch(file, fifthSectionData, matchers, includeDebug);
- if (!string.IsNullOrWhiteSpace(match))
- return match;
- }
- }
-
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -65,7 +47,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x44, 0x43, 0x50, 0x2D, 0x42, 0x4F, 0x56, 0x00, 0x00 }, GetVersion3till6, "VOB ProtectCD/DVD"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
@@ -74,7 +56,7 @@ namespace BurnOutSharp.ProtectionType
var secondToLastSection = sections.Length > 1 ? sections[sections.Length - 2] : null;
if (secondToLastSection != null)
{
- var secondToLastSectionData = pex.ReadRawSection(secondToLastSection.NameString, first: true);
+ var secondToLastSectionData = pex.GetSectionData(sections.Length - 2);
if (secondToLastSectionData != null)
{
var matchers = new List
@@ -96,11 +78,13 @@ namespace BurnOutSharp.ProtectionType
}
}
+ // TODO: Be better about finding the last section
// Get the last section (example names: ACE5, akxpxgcv, and piofinqb)
var lastSection = sections.LastOrDefault();
if (lastSection != null)
{
- var lastSectionData = pex.ReadRawSection(lastSection.NameString, first: true);
+ string lastSectionName = Encoding.UTF8.GetString(lastSection.Name).TrimEnd('\0');
+ var lastSectionData = pex.GetFirstSectionData(lastSectionName);
if (lastSectionData != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/RainbowSentinel.cs b/BurnOutSharp/ProtectionType/RainbowSentinel.cs
index c46f385a..0adb6558 100644
--- a/BurnOutSharp/ProtectionType/RainbowSentinel.cs
+++ b/BurnOutSharp/ProtectionType/RainbowSentinel.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -30,8 +30,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -45,13 +46,13 @@ namespace BurnOutSharp.ProtectionType
}, "Rainbow Sentinel SuperPro"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -74,7 +75,7 @@ namespace BurnOutSharp.ProtectionType
}, "Rainbow Sentinel SuperPro"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/SVKP.cs b/BurnOutSharp/ProtectionType/SVKP.cs
index add8f89e..8992ec8a 100644
--- a/BurnOutSharp/ProtectionType/SVKP.cs
+++ b/BurnOutSharp/ProtectionType/SVKP.cs
@@ -1,5 +1,5 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -14,11 +14,11 @@ namespace BurnOutSharp.ProtectionType
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
{
// Get the image file header from the executable, if possible
- if (pex?.ImageFileHeader == null)
+ if (pex == null)
return null;
// 0x504B5653 is "SVKP"
- if (pex.ImageFileHeader.PointerToSymbolTable == 0x504B5653)
+ if (pex.PointerToSymbolTable == 0x504B5653)
return "SVKP (Slovak Protector)";
return null;
diff --git a/BurnOutSharp/ProtectionType/SecuROM.cs b/BurnOutSharp/ProtectionType/SecuROM.cs
index b1c7f99c..4c1479c1 100644
--- a/BurnOutSharp/ProtectionType/SecuROM.cs
+++ b/BurnOutSharp/ProtectionType/SecuROM.cs
@@ -2,10 +2,10 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Text;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -44,7 +44,7 @@ namespace BurnOutSharp.ProtectionType
return $"SecuROM SLL Protected (for SecuROM v8.x)";
// Search after the last section
- if (pex.OverlayRaw != null)
+ if (pex.Overlay != null)
{
var matchers = new List
{
@@ -52,7 +52,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x41, 0x64, 0x64, 0x44, 0x03, 0x00, 0x00, 0x00 }, GetV4Version, "SecuROM"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.OverlayRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.Overlay, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
@@ -61,10 +61,10 @@ namespace BurnOutSharp.ProtectionType
for (int i = 4; i < sections.Length; i++)
{
var nthSection = sections[i];
- string nthSectionName = nthSection.NameString;
+ string nthSectionName = Encoding.UTF8.GetString(nthSection.Name).TrimEnd('\0');
if (nthSection != null && nthSectionName != ".idata" && nthSectionName != ".rsrc")
{
- var nthSectionData = pex.ReadRawSection(nthSectionName, first: true);
+ var nthSectionData = pex.GetFirstSectionData(nthSectionName);
if (nthSectionData != null)
{
var matchers = new List
@@ -81,7 +81,7 @@ namespace BurnOutSharp.ProtectionType
}
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -112,7 +112,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x53, 0x65, 0x63, 0x75, 0x45, 0x78, 0x70 }, "WHITELABEL"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
{
if (match.StartsWith("WHITELABEL"))
@@ -240,7 +240,7 @@ namespace BurnOutSharp.ProtectionType
private static string GetV7Version(PortableExecutable pex)
{
int index = 172; // 64 bytes for DOS stub, 236 bytes in total
- byte[] bytes = new ReadOnlySpan(pex.DOSStubHeader.ExecutableData, index, 4).ToArray();
+ byte[] bytes = new ReadOnlySpan(pex.StubExecutableData, index, 4).ToArray();
//SecuROM 7 new and 8
if (bytes[3] == 0x5C) // if (bytes[0] == 0xED && bytes[3] == 0x5C {
@@ -252,15 +252,16 @@ namespace BurnOutSharp.ProtectionType
else
{
index = 58; // 64 bytes for DOS stub, 122 bytes in total
- bytes = new ReadOnlySpan(pex.DOSStubHeader.ExecutableData, index, 2).ToArray();
+ bytes = new ReadOnlySpan(pex.StubExecutableData, index, 2).ToArray();
return $"7.{bytes[0] ^ 0x10:00}.{bytes[1] ^ 0x10:0000}"; //return "7.01-7.10"
}
}
private static string GetV8WhiteLabelVersion(PortableExecutable pex)
{
- // If we don't have a data section, we default to generic
- if (pex.DataSectionRaw == null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
return "8";
// Search .data for the version indicator
@@ -274,13 +275,13 @@ namespace BurnOutSharp.ProtectionType
0x82, 0xD8, 0x0C, 0xAC
});
- (bool success, int position) = matcher.Match(pex.DataSectionRaw);
+ (bool success, int position) = matcher.Match(dataSectionRaw);
// If we can't find the string, we default to generic
if (!success)
return "8";
- byte[] bytes = new ReadOnlySpan(pex.DataSectionRaw, position + 0xAC, 3).ToArray();
+ byte[] bytes = new ReadOnlySpan(dataSectionRaw, position + 0xAC, 3).ToArray();
return $"{bytes[0] ^ 0xCA}.{bytes[1] ^ 0x39:00}.{bytes[2] ^ 0x51:0000}";
}
}
diff --git a/BurnOutSharp/ProtectionType/SmartE.cs b/BurnOutSharp/ProtectionType/SmartE.cs
index be068f3a..16218cb2 100644
--- a/BurnOutSharp/ProtectionType/SmartE.cs
+++ b/BurnOutSharp/ProtectionType/SmartE.cs
@@ -1,10 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -19,22 +18,22 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the .edata section, if it exists
- string match = GetMatchForSection(file, pex.ExportDataSectionRaw, includeDebug);
+ string match = GetMatchForSection(file, pex.GetFirstSectionData(".edata"), includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
// Get the .idata section, if it exists
- match = GetMatchForSection(file, pex.ImportDataSectionRaw, includeDebug);
+ match = GetMatchForSection(file, pex.GetFirstSectionData(".idata"), includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
// Get the .rdata section, if it exists
- match = GetMatchForSection(file, pex.ResourceDataSectionRaw, includeDebug);
+ match = GetMatchForSection(file, pex.GetFirstSectionData(".rdata"), includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
// Get the .tls section, if it exists
- var tlsSectionRaw = pex.ReadRawSection(".tls", first: false);
+ var tlsSectionRaw = pex.GetLastSectionData(".tls");
match = GetMatchForSection(file, tlsSectionRaw, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
@@ -72,7 +71,7 @@ namespace BurnOutSharp.ProtectionType
///
/// Check a section for the SmartE string(s)
///
- private string GetMatchForSection(SectionHeader section, string file, byte[] sectionContent, bool includeDebug)
+ private string GetMatchForSection(Models.PortableExecutable.SectionHeader section, string file, byte[] sectionContent, bool includeDebug)
{
if (section == null)
return null;
diff --git a/BurnOutSharp/ProtectionType/SolidShield.cs b/BurnOutSharp/ProtectionType/SolidShield.cs
index f381f658..a3dfcbae 100644
--- a/BurnOutSharp/ProtectionType/SolidShield.cs
+++ b/BurnOutSharp/ProtectionType/SolidShield.cs
@@ -3,10 +3,10 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -53,8 +53,7 @@ namespace BurnOutSharp.ProtectionType
return $"SolidShield {GetInternalVersion(pex)}";
// Get the .init section, if it exists
- var initSectionRaw = pex.ReadRawSection(".init", first: true);
- if (initSectionRaw != null)
+ if (pex.ContainsSection(".init"))
{
var matchers = new List
{
@@ -68,21 +67,21 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x64, 0x76, 0x6D, 0x2E, 0x64, 0x6C, 0x6C }, "SolidShield EXE Wrapper v1"),
};
- string match = MatchUtil.GetFirstMatch(file, initSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".init"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the wrapper resource, if it exists
- var resource = pex.FindResource(dataContains: "B\0I\0N\0" + (char)0x07 + "\0I\0D\0R\0_\0S\0G\0T\0");
- if (resource != null)
+ var wrapperResources = pex.FindResourceByNamedType("BIN, IDR_SGT");
+ if (wrapperResources.Any())
return "SolidShield EXE Wrapper v1";
// Search the last two available sections
- var sectionNames = pex.GetSectionNames();
+ var sectionNames = pex.SectionNames;
for (int i = (sectionNames.Length >= 2 ? sectionNames.Length - 2 : 0); i < sectionNames.Length; i++)
{
- var nthSectionRaw = pex.ReadRawSection(sectionNames[i], first: false);
+ var nthSectionRaw = pex.GetLastSectionData(sectionNames[i]);
if (nthSectionRaw != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/StarForce.cs b/BurnOutSharp/ProtectionType/StarForce.cs
index fde08f76..bdb2af64 100644
--- a/BurnOutSharp/ProtectionType/StarForce.cs
+++ b/BurnOutSharp/ProtectionType/StarForce.cs
@@ -1,10 +1,10 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -41,7 +41,7 @@ namespace BurnOutSharp.ProtectionType
var rsrcSection = pex.GetLastSection(".rsrc", exact: true);
if (rsrcSection != null)
{
- var rsrcSectionData = pex.ReadRawSection(".rsrc", first: true);
+ var rsrcSectionData = pex.GetLastSectionData(".rsrc");
if (rsrcSectionData != null)
{
var matchers = new List
diff --git a/BurnOutSharp/ProtectionType/Steam.cs b/BurnOutSharp/ProtectionType/Steam.cs
index 39661f09..2944c65b 100644
--- a/BurnOutSharp/ProtectionType/Steam.cs
+++ b/BurnOutSharp/ProtectionType/Steam.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/Sysiphus.cs b/BurnOutSharp/ProtectionType/Sysiphus.cs
index 77bb2771..383f62c6 100644
--- a/BurnOutSharp/ProtectionType/Sysiphus.cs
+++ b/BurnOutSharp/ProtectionType/Sysiphus.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Generic;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -17,8 +17,9 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -30,7 +31,7 @@ namespace BurnOutSharp.ProtectionType
}, GetVersion, "Sysiphus"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/Tages.cs b/BurnOutSharp/ProtectionType/Tages.cs
index 8fee4282..8081db1f 100644
--- a/BurnOutSharp/ProtectionType/Tages.cs
+++ b/BurnOutSharp/ProtectionType/Tages.cs
@@ -2,10 +2,10 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
using BurnOutSharp.Tools;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -44,8 +44,9 @@ namespace BurnOutSharp.ProtectionType
// TODO: Add entry point check
// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Tages.2.sg
- // Get the .data section, if it exists
- if (pex.DataSectionRaw != null)
+ // Get the .data/DATA section, if it exists
+ var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+ if (dataSectionRaw != null)
{
var matchers = new List
{
@@ -53,7 +54,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8, null, null, 0xFF, 0xFF, 0x68 }, GetVersion, "TAGES"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/Themida.cs b/BurnOutSharp/ProtectionType/Themida.cs
index cf37aba2..d4846607 100644
--- a/BurnOutSharp/ProtectionType/Themida.cs
+++ b/BurnOutSharp/ProtectionType/Themida.cs
@@ -1,7 +1,7 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Collections.Generic;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
-using System.Collections.Generic;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -35,8 +35,7 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the "Arcsoft " section, if it exists
- var initSectionRaw = pex.ReadRawSection("Arcsoft ", first: true);
- if (initSectionRaw != null)
+ if (pex.ContainsSection("Arcsoft "))
{
var matchers = new List
{
@@ -46,7 +45,7 @@ namespace BurnOutSharp.ProtectionType
new ContentMatchSet(new byte?[] { 0x54, 0x68, 0x65, 0x6D, 0x69, 0x64, 0x61 }, "Themida"),
};
- string match = MatchUtil.GetFirstMatch(file, initSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData("Arcsoft "), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/ThreePLock.cs b/BurnOutSharp/ProtectionType/ThreePLock.cs
index a85188a9..95e06e57 100644
--- a/BurnOutSharp/ProtectionType/ThreePLock.cs
+++ b/BurnOutSharp/ProtectionType/ThreePLock.cs
@@ -1,5 +1,5 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
-using BurnOutSharp.Interfaces;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs
index a0936541..27880e8c 100644
--- a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs
+++ b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs
@@ -1,5 +1,6 @@
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using System.Linq;
using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -13,8 +14,10 @@ namespace BurnOutSharp.ProtectionType
if (sections == null)
return null;
- var resource = pex.FindResource(dataContains: "3\02\01\0S\0t\0u\0d\0i\0o\0s\0 \0A\0c\0t\0i\0v\0a\0t\0i\0o\0n\0");
- if (resource != null)
+ // Check the dialog box resources
+ if (pex.FindDialogByTitle("321Studios Activation").Any())
+ return $"321Studios Online Activation";
+ else if (pex.FindDialogByTitle("321Studios Phone Activation").Any())
return $"321Studios Online Activation";
return null;
diff --git a/BurnOutSharp/ProtectionType/Uplay.cs b/BurnOutSharp/ProtectionType/Uplay.cs
index 59ac08a2..14d0dc73 100644
--- a/BurnOutSharp/ProtectionType/Uplay.cs
+++ b/BurnOutSharp/ProtectionType/Uplay.cs
@@ -1,8 +1,8 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
diff --git a/BurnOutSharp/ProtectionType/WMDS.cs b/BurnOutSharp/ProtectionType/WMDS.cs
index a2a61b5c..09c889a7 100644
--- a/BurnOutSharp/ProtectionType/WMDS.cs
+++ b/BurnOutSharp/ProtectionType/WMDS.cs
@@ -1,9 +1,9 @@
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -28,7 +28,7 @@ namespace BurnOutSharp.ProtectionType
return $"Windows Media Data Session DRM";
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -47,7 +47,7 @@ namespace BurnOutSharp.ProtectionType
}, "Windows Media Data Session DRM"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/WTMCDProtect.cs b/BurnOutSharp/ProtectionType/WTMCDProtect.cs
index 10463e88..92a801af 100644
--- a/BurnOutSharp/ProtectionType/WTMCDProtect.cs
+++ b/BurnOutSharp/ProtectionType/WTMCDProtect.cs
@@ -1,9 +1,9 @@
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -26,8 +26,7 @@ namespace BurnOutSharp.ProtectionType
return "WTM Protection Viewer";
// Get the CODE section, if it exists
- var codeSectionRaw = pex.ReadRawSection("CODE", first: true);
- if (codeSectionRaw != null)
+ if (pex.ContainsSection("CODE"))
{
var matchers = new List
{
@@ -39,13 +38,13 @@ namespace BurnOutSharp.ProtectionType
}, "WTM CD Protect"),
};
- string match = MatchUtil.GetFirstMatch(file, codeSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData("CODE"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
// Get the .text section, if it exists
- if (pex.TextSectionRaw != null)
+ if (pex.ContainsSection(".text"))
{
var matchers = new List
{
@@ -68,7 +67,7 @@ namespace BurnOutSharp.ProtectionType
}, "WTM Protection Viewer"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.TextSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".text"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs
index 8f3366cb..862e2d3a 100644
--- a/BurnOutSharp/ProtectionType/XCP.cs
+++ b/BurnOutSharp/ProtectionType/XCP.cs
@@ -3,10 +3,10 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
using BurnOutSharp.FileType;
using BurnOutSharp.Interfaces;
using BurnOutSharp.Matching;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.ProtectionType
{
@@ -22,7 +22,7 @@ namespace BurnOutSharp.ProtectionType
return null;
// Get the .rdata section, if it exists
- if (pex.ResourceDataSectionRaw != null)
+ if (pex.ContainsSection(".rdata"))
{
var matchers = new List
{
@@ -47,7 +47,7 @@ namespace BurnOutSharp.ProtectionType
}, "XCP"),
};
- string match = MatchUtil.GetFirstMatch(file, pex.ResourceDataSectionRaw, matchers, includeDebug);
+ string match = MatchUtil.GetFirstMatch(file, pex.GetFirstSectionData(".rdata"), matchers, includeDebug);
if (!string.IsNullOrWhiteSpace(match))
return match;
}
diff --git a/BurnOutSharp/Tools/Utilities.cs b/BurnOutSharp/Tools/Utilities.cs
index 8e44ad69..dfbe0eef 100644
--- a/BurnOutSharp/Tools/Utilities.cs
+++ b/BurnOutSharp/Tools/Utilities.cs
@@ -5,7 +5,7 @@ using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
-using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Wrappers;
namespace BurnOutSharp.Tools
{
@@ -179,19 +179,6 @@ namespace BurnOutSharp.Tools
#region Processed Executable Information
- ///
- /// Get the internal version as reported by the resources
- ///
- /// Byte array representing the file contents
- /// Version string, null on error
- public static string GetInternalVersion(byte[] fileContent)
- {
- if (fileContent == null || !fileContent.Any())
- return null;
-
- return GetInternalVersion(new PortableExecutable(fileContent, 0));
- }
-
///
/// Get the internal version as reported by the resources
///
@@ -207,7 +194,7 @@ namespace BurnOutSharp.Tools
if (!string.IsNullOrWhiteSpace(version))
return version;
- version = pex.ManifestVersion;
+ version = pex.AssemblyVersion;
if (!string.IsNullOrWhiteSpace(version))
return version;
@@ -306,7 +293,7 @@ namespace BurnOutSharp.Tools
/// Byte array representing the file contents
/// Last matched positions in the contents
/// Version string, null on error
- public static string GetInternalVersion(string file, byte[] fileContent, List positions) => GetInternalVersion(fileContent);
+ public static string GetInternalVersion(string file, byte[] fileContent, List positions) => GetInternalVersion(file);
///
/// Wrapper for GetInternalVersion for use in path matching