From ff2b27c6d081f7117df0e585a6f2a7d865d34b1a Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Mon, 2 Dec 2024 00:58:52 -0500 Subject: [PATCH] Reduce PE boilerplate --- BinaryObjectScanner/GameEngine/RenderWare.cs | 7 +--- BinaryObjectScanner/Packer/ASPack.cs | 5 --- .../Packer/AdvancedInstaller.cs | 5 --- .../Packer/AutoPlayMediaStudio.cs | 5 --- BinaryObjectScanner/Packer/CExe.cs | 5 --- BinaryObjectScanner/Packer/DotFuscator.cs | 5 --- BinaryObjectScanner/Packer/DotNetReactor.cs | 34 ++++++++----------- BinaryObjectScanner/Packer/EXEStealth.cs | 5 --- BinaryObjectScanner/Packer/EmbeddedArchive.cs | 5 --- .../Packer/EmbeddedExecutable.cs | 5 --- BinaryObjectScanner/Packer/GenteeInstaller.cs | 5 --- .../Packer/HyperTechCrackProof.cs | 5 --- BinaryObjectScanner/Packer/InnoSetup.cs | 5 --- BinaryObjectScanner/Packer/InstallAnywhere.cs | 7 +--- BinaryObjectScanner/Packer/InstallerVISE.cs | 7 +--- .../Packer/IntelInstallationFramework.cs | 7 +--- BinaryObjectScanner/Packer/MicrosoftCABSFX.cs | 7 +--- BinaryObjectScanner/Packer/NSIS.cs | 5 --- BinaryObjectScanner/Packer/NeoLite.cs | 5 --- BinaryObjectScanner/Packer/PECompact.cs | 7 +--- BinaryObjectScanner/Packer/Petite.cs | 5 --- BinaryObjectScanner/Packer/SetupFactory.cs | 5 --- BinaryObjectScanner/Packer/SevenZipSFX.cs | 5 --- BinaryObjectScanner/Packer/Shrinker.cs | 5 --- BinaryObjectScanner/Packer/UPX.cs | 5 --- BinaryObjectScanner/Packer/WinRARSFX.cs | 5 --- BinaryObjectScanner/Packer/WinZipSFX.cs | 5 --- BinaryObjectScanner/Packer/WiseInstaller.cs | 5 --- BinaryObjectScanner/Protection/ActiveMARK.cs | 5 --- BinaryObjectScanner/Protection/AegiSoft.cs | 7 +--- BinaryObjectScanner/Protection/AlphaROM.cs | 5 --- BinaryObjectScanner/Protection/Armadillo.cs | 11 ++---- BinaryObjectScanner/Protection/ByteShield.cs | 5 --- BinaryObjectScanner/Protection/CDCheck.cs | 5 --- BinaryObjectScanner/Protection/CDDVDCops.cs | 5 --- BinaryObjectScanner/Protection/CDGuard.cs | 7 +--- BinaryObjectScanner/Protection/CDKey.cs | 5 --- BinaryObjectScanner/Protection/CDLock.cs | 5 --- BinaryObjectScanner/Protection/CDSHiELDSE.cs | 5 --- .../Protection/CenegaProtectDVD.cs | 5 --- BinaryObjectScanner/Protection/Channelware.cs | 5 --- .../Protection/ChosenBytesCodeLock.cs | 5 --- BinaryObjectScanner/Protection/CopyKiller.cs | 6 ---- BinaryObjectScanner/Protection/CopyLok.cs | 5 --- BinaryObjectScanner/Protection/CrypKey.cs | 5 --- BinaryObjectScanner/Protection/Cucko.cs | 5 --- BinaryObjectScanner/Protection/Denuvo.cs | 5 --- BinaryObjectScanner/Protection/DigiGuard.cs | 5 --- BinaryObjectScanner/Protection/DiscGuard.cs | 5 --- BinaryObjectScanner/Protection/EAAntiCheat.cs | 5 --- .../Protection/EasyAntiCheat.cs | 5 --- .../Protection/ElectronicArts.cs | 5 --- BinaryObjectScanner/Protection/Engine32.cs | 5 --- BinaryObjectScanner/Protection/GFWL.cs | 5 --- BinaryObjectScanner/Protection/Gefest.cs | 5 --- BinaryObjectScanner/Protection/HexaLock.cs | 5 --- .../Protection/ImpulseReactor.cs | 5 --- BinaryObjectScanner/Protection/Intenium.cs | 5 --- BinaryObjectScanner/Protection/JoWood.cs | 5 --- .../Protection/KalypsoLauncher.cs | 5 --- BinaryObjectScanner/Protection/LabelGate.cs | 5 --- BinaryObjectScanner/Protection/LaserLok.cs | 7 +--- .../Protection/MGIRegistration.cs | 5 --- .../Protection/Macrovision.CDilla.cs | 5 --- .../Macrovision.CactusDataShield.cs | 5 --- .../Protection/Macrovision.FLEXnet.cs | 5 --- .../Protection/Macrovision.RipGuard.cs | 5 --- .../Protection/Macrovision.SafeCast.cs | 5 --- .../Protection/Macrovision.SafeDisc.cs | 5 --- BinaryObjectScanner/Protection/Macrovision.cs | 5 --- BinaryObjectScanner/Protection/MediaCloQ.cs | 5 --- BinaryObjectScanner/Protection/MediaMax.cs | 5 --- BinaryObjectScanner/Protection/NEACProtect.cs | 4 --- BinaryObjectScanner/Protection/NProtect.cs | 5 --- .../Protection/OnlineRegistration.cs | 5 --- BinaryObjectScanner/Protection/OpenMG.cs | 5 --- BinaryObjectScanner/Protection/Origin.cs | 5 --- BinaryObjectScanner/Protection/PlayJ.cs | 5 --- BinaryObjectScanner/Protection/ProtectDisc.cs | 6 +--- .../Protection/RainbowSentinel.cs | 5 --- BinaryObjectScanner/Protection/RealArcade.cs | 5 --- BinaryObjectScanner/Protection/Roxxe.cs | 5 --- BinaryObjectScanner/Protection/SVKP.cs | 5 --- BinaryObjectScanner/Protection/SecuROM.cs | 6 +--- BinaryObjectScanner/Protection/SmartE.cs | 6 +--- BinaryObjectScanner/Protection/SoftLock.cs | 5 --- BinaryObjectScanner/Protection/SolidShield.cs | 6 +--- BinaryObjectScanner/Protection/StarForce.cs | 7 +--- BinaryObjectScanner/Protection/Steam.cs | 5 --- BinaryObjectScanner/Protection/Sysiphus.cs | 5 --- BinaryObjectScanner/Protection/Tages.cs | 5 --- BinaryObjectScanner/Protection/Themida.cs | 5 --- BinaryObjectScanner/Protection/ThreePLock.cs | 7 +--- .../Protection/ThreeTwoOneStudios.cs | 5 --- BinaryObjectScanner/Protection/Uplay.cs | 5 --- BinaryObjectScanner/Protection/WMDS.cs | 5 --- .../Protection/WTMCDProtect.cs | 5 --- BinaryObjectScanner/Protection/XCP.cs | 5 --- 98 files changed, 33 insertions(+), 518 deletions(-) diff --git a/BinaryObjectScanner/GameEngine/RenderWare.cs b/BinaryObjectScanner/GameEngine/RenderWare.cs index 07ba12a9..b2303eb2 100644 --- a/BinaryObjectScanner/GameEngine/RenderWare.cs +++ b/BinaryObjectScanner/GameEngine/RenderWare.cs @@ -20,18 +20,13 @@ namespace BinaryObjectScanner.GameEngine /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in Redump entries 20138, 55823, and 102493. bool rwcsegSection = pex.ContainsSection("_rwcseg", exact: true); // Found in Redump entry 20138. bool rwdsegSection = pex.ContainsSection("_rwdseg", exact: true); // TODO: Check if this indicates a specific version, or if these sections are present in multiple. - if (rwcsegSection || rwdsegSection) + if (rwcsegSection || rwdsegSection) return "RenderWare"; return null; diff --git a/BinaryObjectScanner/Packer/ASPack.cs b/BinaryObjectScanner/Packer/ASPack.cs index a57b76c7..cb95ef8f 100644 --- a/BinaryObjectScanner/Packer/ASPack.cs +++ b/BinaryObjectScanner/Packer/ASPack.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .aspack section, if it exists if (pex.ContainsSection(".aspack", exact: true)) return "ASPack 2.29"; diff --git a/BinaryObjectScanner/Packer/AdvancedInstaller.cs b/BinaryObjectScanner/Packer/AdvancedInstaller.cs index fa55fc51..eb92cf25 100644 --- a/BinaryObjectScanner/Packer/AdvancedInstaller.cs +++ b/BinaryObjectScanner/Packer/AdvancedInstaller.cs @@ -10,11 +10,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .rdata section strings, if they exist var strs = pex.GetFirstSectionStrings(".rdata"); if (strs != null) diff --git a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs index 886a3390..df58fcc7 100644 --- a/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs +++ b/BinaryObjectScanner/Packer/AutoPlayMediaStudio.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Known to detect versions 5.0.0.3 - 8.1.0.0 var name = pex.ProductName; if (name.OptionalStartsWith("AutoPlay Media Studio", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Packer/CExe.cs b/BinaryObjectScanner/Packer/CExe.cs index 144011c9..90b0f44c 100644 --- a/BinaryObjectScanner/Packer/CExe.cs +++ b/BinaryObjectScanner/Packer/CExe.cs @@ -17,11 +17,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // If there are exactly 2 resources with type 99 if (pex.FindResourceByNamedType("99, ").Count == 2) return "CExe"; diff --git a/BinaryObjectScanner/Packer/DotFuscator.cs b/BinaryObjectScanner/Packer/DotFuscator.cs index 4a3fbe60..df2d7e10 100644 --- a/BinaryObjectScanner/Packer/DotFuscator.cs +++ b/BinaryObjectScanner/Packer/DotFuscator.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .text section strings, if they exist var strs = pex.GetFirstSectionStrings(".text"); if (strs != null) diff --git a/BinaryObjectScanner/Packer/DotNetReactor.cs b/BinaryObjectScanner/Packer/DotNetReactor.cs index 398ca1dd..e4784910 100644 --- a/BinaryObjectScanner/Packer/DotNetReactor.cs +++ b/BinaryObjectScanner/Packer/DotNetReactor.cs @@ -22,10 +22,6 @@ namespace BinaryObjectScanner.Packer { // TODO: Detect version // TODO: Further refine checks using https://github.com/horsicq/Detect-It-Easy/blob/075a70b1484d1d84d1dc37c86aac16188d5a84e7/db/PE/NetReactor.2.sg and https://github.com/cod3nym/detection-rules/blob/main/yara/dotnet/obf_net_reactor.yar - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; // Get the .text section, if it exists var textData = pex.GetFirstSectionData(".text"); @@ -38,9 +34,9 @@ namespace BinaryObjectScanner.Packer new(new byte?[] { 0x3C, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x49, 0x6D, 0x70, 0x6C, 0x65, 0x6D, 0x65, 0x6E, + 0x49, 0x6D, 0x70, 0x6C, 0x65, 0x6D, 0x65, 0x6E, 0x74, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x44, 0x65, - 0x74, 0x61, 0x69, 0x6C, 0x73, 0x3E, 0x7B, null, + 0x74, 0x61, 0x69, 0x6C, 0x73, 0x3E, 0x7B, null, null, null, null, null, null, null, null, 0x2D, null, null, null, null, 0x2D, null, null, null, null, 0x2D, null, null, null, null, 0x2D, null, @@ -54,7 +50,7 @@ namespace BinaryObjectScanner.Packer new(new byte?[] { 0x3C, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x49, 0x6D, 0x70, 0x6C, 0x65, 0x6D, 0x65, 0x6E, + 0x49, 0x6D, 0x70, 0x6C, 0x65, 0x6D, 0x65, 0x6E, 0x74, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6C, 0x73, 0x3E, 0x00, 0x52, 0x53, 0x41 @@ -64,24 +60,24 @@ namespace BinaryObjectScanner.Packer // 3{.[9].-.[9].-.[9].} new(new byte?[] { - 0x33, 0x7B, 0x00, null, null, null, null, null, - null, null, null, null, 0x00, 0x2D, 0x00, null, - null, null, null, null, null, null, null, null, - 0x00, 0x2D, 0x00, null, null, null, null, null, - null, null, null, null, 0x00, 0x2D, 0x00, null, - null, null, null, null, null, null, null, null, - 0x00, 0x7D, 0x00 + 0x33, 0x7B, 0x00, null, null, null, null, null, + null, null, null, null, 0x00, 0x2D, 0x00, null, + null, null, null, null, null, null, null, null, + 0x00, 0x2D, 0x00, null, null, null, null, null, + null, null, null, null, 0x00, 0x2D, 0x00, null, + null, null, null, null, null, null, null, null, + 0x00, 0x7D, 0x00 }, ".NET Reactor (Unconfirmed - Please report to us on GitHub)"), // Adapted from https://github.com/cod3nym/detection-rules/blob/main/yara/dotnet/obf_net_reactor.yar and confirmed to work with "KalypsoLauncher.dll" from Redump entry 95617. // {[8]-[4]-[4]-[4]-[12]} new(new byte?[] { - 0x3C, 0x4D, 0x6F, 0x64, 0x75, 0x6C, 0x65, 0x3E, - 0x7B, null, null, null, null, null, null, null, - null, 0x2D, null, null, null, null, 0x2D, null, - null, null, null, 0x2D, null, null, null, null, - 0x2D, null, null, null, null, null, null, null, + 0x3C, 0x4D, 0x6F, 0x64, 0x75, 0x6C, 0x65, 0x3E, + 0x7B, null, null, null, null, null, null, null, + null, 0x2D, null, null, null, null, 0x2D, null, + null, null, null, 0x2D, null, null, null, null, + 0x2D, null, null, null, null, null, null, null, null, null, null, null, null, 0x7D }, ".NET Reactor (Unconfirmed - Please report to us on GitHub)") }; diff --git a/BinaryObjectScanner/Packer/EXEStealth.cs b/BinaryObjectScanner/Packer/EXEStealth.cs index 701a3d5d..d693b18a 100644 --- a/BinaryObjectScanner/Packer/EXEStealth.cs +++ b/BinaryObjectScanner/Packer/EXEStealth.cs @@ -39,11 +39,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // The ExeS/EXES/*mtw sections seem to map to the Import Table // 2.6/2.51 // `ExeStealth - www.webtoolmaster.com` diff --git a/BinaryObjectScanner/Packer/EmbeddedArchive.cs b/BinaryObjectScanner/Packer/EmbeddedArchive.cs index 63635e9c..5da41cad 100644 --- a/BinaryObjectScanner/Packer/EmbeddedArchive.cs +++ b/BinaryObjectScanner/Packer/EmbeddedArchive.cs @@ -15,11 +15,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the resources that have a PKZIP signature if (pex.ResourceData != null) { diff --git a/BinaryObjectScanner/Packer/EmbeddedExecutable.cs b/BinaryObjectScanner/Packer/EmbeddedExecutable.cs index 33309448..79363033 100644 --- a/BinaryObjectScanner/Packer/EmbeddedExecutable.cs +++ b/BinaryObjectScanner/Packer/EmbeddedExecutable.cs @@ -15,11 +15,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the resources that have an executable signature if (pex.ResourceData != null) { diff --git a/BinaryObjectScanner/Packer/GenteeInstaller.cs b/BinaryObjectScanner/Packer/GenteeInstaller.cs index 4ece87fc..5a303041 100644 --- a/BinaryObjectScanner/Packer/GenteeInstaller.cs +++ b/BinaryObjectScanner/Packer/GenteeInstaller.cs @@ -10,11 +10,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) diff --git a/BinaryObjectScanner/Packer/HyperTechCrackProof.cs b/BinaryObjectScanner/Packer/HyperTechCrackProof.cs index 9f57445b..8fec1f89 100644 --- a/BinaryObjectScanner/Packer/HyperTechCrackProof.cs +++ b/BinaryObjectScanner/Packer/HyperTechCrackProof.cs @@ -14,11 +14,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // This check may be overly limiting, as it excludes the sample provided to DiE (https://github.com/horsicq/Detect-It-Easy/issues/102). // TODO: Find further samples and invesitgate if the "peC" section is only present on specific versions. bool importTableMatch = Array.Exists(pex.Model.ImportTable?.ImportDirectoryTable ?? [], diff --git a/BinaryObjectScanner/Packer/InnoSetup.cs b/BinaryObjectScanner/Packer/InnoSetup.cs index 34918c1b..cee58470 100644 --- a/BinaryObjectScanner/Packer/InnoSetup.cs +++ b/BinaryObjectScanner/Packer/InnoSetup.cs @@ -34,11 +34,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) diff --git a/BinaryObjectScanner/Packer/InstallAnywhere.cs b/BinaryObjectScanner/Packer/InstallAnywhere.cs index 74fec49f..0ee0c623 100644 --- a/BinaryObjectScanner/Packer/InstallAnywhere.cs +++ b/BinaryObjectScanner/Packer/InstallAnywhere.cs @@ -11,12 +11,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - - var name= pex.FileDescription; + var name = pex.FileDescription; if (name.OptionalStartsWith("InstallAnywhere Self Extractor", StringComparison.OrdinalIgnoreCase)) return $"InstallAnywhere {GetVersion(pex)}"; diff --git a/BinaryObjectScanner/Packer/InstallerVISE.cs b/BinaryObjectScanner/Packer/InstallerVISE.cs index be865622..ee4220db 100644 --- a/BinaryObjectScanner/Packer/InstallerVISE.cs +++ b/BinaryObjectScanner/Packer/InstallerVISE.cs @@ -11,11 +11,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) @@ -23,7 +18,7 @@ namespace BinaryObjectScanner.Packer if (strs.Exists(s => s.Contains("ViseMain"))) return "Installer VISE"; } - + return null; } diff --git a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs index bc61cbad..d745d2ad 100644 --- a/BinaryObjectScanner/Packer/IntelInstallationFramework.cs +++ b/BinaryObjectScanner/Packer/IntelInstallationFramework.cs @@ -10,12 +10,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - - var name= pex.FileDescription; + var name = pex.FileDescription; if (name.OptionalEquals("Intel(R) Installation Framework", StringComparison.OrdinalIgnoreCase) || name.OptionalEquals("Intel Installation Framework", StringComparison.OrdinalIgnoreCase)) { diff --git a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs index 307826af..f9a699a2 100644 --- a/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs +++ b/BinaryObjectScanner/Packer/MicrosoftCABSFX.cs @@ -11,12 +11,7 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - - var name= pex.InternalName; + var name = pex.InternalName; if (name.OptionalEquals("Wextract", StringComparison.OrdinalIgnoreCase)) return $"Microsoft CAB SFX {GetVersion(pex)}"; diff --git a/BinaryObjectScanner/Packer/NSIS.cs b/BinaryObjectScanner/Packer/NSIS.cs index 16f702a9..d67c449f 100644 --- a/BinaryObjectScanner/Packer/NSIS.cs +++ b/BinaryObjectScanner/Packer/NSIS.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.AssemblyDescription; if (name.OptionalStartsWith("Nullsoft Install System")) return $"NSIS {name!.Substring("Nullsoft Install System".Length).Trim()}"; diff --git a/BinaryObjectScanner/Packer/NeoLite.cs b/BinaryObjectScanner/Packer/NeoLite.cs index 55658894..37e7adff 100644 --- a/BinaryObjectScanner/Packer/NeoLite.cs +++ b/BinaryObjectScanner/Packer/NeoLite.cs @@ -19,11 +19,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .neolit section, if it exists. // TODO: Check if this section is also present in NeoLite 1.X. if (pex.ContainsSection(".neolit", exact: true)) diff --git a/BinaryObjectScanner/Packer/PECompact.cs b/BinaryObjectScanner/Packer/PECompact.cs index c0f9059a..562661ed 100644 --- a/BinaryObjectScanner/Packer/PECompact.cs +++ b/BinaryObjectScanner/Packer/PECompact.cs @@ -10,11 +10,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // 0x4F434550 is "PECO" if (pex.Model.COFFFileHeader?.PointerToSymbolTable == 0x4F434550) return "PE Compact v1.x"; @@ -32,7 +27,7 @@ namespace BinaryObjectScanner.Packer { if (textSection.PointerToLinenumbers != 0) return $"PE Compact v{textSection.PointerToLinenumbers} (internal version)"; - + return "PE Compact v2.x (or newer)"; } diff --git a/BinaryObjectScanner/Packer/Petite.cs b/BinaryObjectScanner/Packer/Petite.cs index 6b341fdd..f551db7b 100644 --- a/BinaryObjectScanner/Packer/Petite.cs +++ b/BinaryObjectScanner/Packer/Petite.cs @@ -10,11 +10,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .petite section, if it exists -- TODO: Is there a version number that can be found? if (pex.ContainsSection(".petite", exact: true)) return "PEtite"; diff --git a/BinaryObjectScanner/Packer/SetupFactory.cs b/BinaryObjectScanner/Packer/SetupFactory.cs index 18da1fbc..e23dc81c 100644 --- a/BinaryObjectScanner/Packer/SetupFactory.cs +++ b/BinaryObjectScanner/Packer/SetupFactory.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Known to detect versions 7.0.5.1 - 9.1.0.0 var name = pex.LegalCopyright; if (name.OptionalStartsWith("Setup Engine", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Packer/SevenZipSFX.cs b/BinaryObjectScanner/Packer/SevenZipSFX.cs index a97d76be..b0f87cbb 100644 --- a/BinaryObjectScanner/Packer/SevenZipSFX.cs +++ b/BinaryObjectScanner/Packer/SevenZipSFX.cs @@ -8,11 +8,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the assembly description, if possible if (pex.AssemblyDescription.OptionalStartsWith("7-Zip Self-extracting Archive")) return $"7-Zip SFX {pex.AssemblyDescription!.Substring("7-Zip Self-extracting Archive ".Length)}"; diff --git a/BinaryObjectScanner/Packer/Shrinker.cs b/BinaryObjectScanner/Packer/Shrinker.cs index 4bc25c89..7a8e15f7 100644 --- a/BinaryObjectScanner/Packer/Shrinker.cs +++ b/BinaryObjectScanner/Packer/Shrinker.cs @@ -10,11 +10,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .shrink0 and .shrink2 sections, if they exist -- TODO: Confirm if both are needed or either/or is fine if (pex.ContainsSection(".shrink0", true) || pex.ContainsSection(".shrink2", true)) return "Shrinker"; diff --git a/BinaryObjectScanner/Packer/UPX.cs b/BinaryObjectScanner/Packer/UPX.cs index d091d501..d7aea595 100644 --- a/BinaryObjectScanner/Packer/UPX.cs +++ b/BinaryObjectScanner/Packer/UPX.cs @@ -17,11 +17,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Check header padding strings if (pex.HeaderPaddingStrings != null && pex.HeaderPaddingStrings.Count > 0) { diff --git a/BinaryObjectScanner/Packer/WinRARSFX.cs b/BinaryObjectScanner/Packer/WinRARSFX.cs index 6484daee..c24b8035 100644 --- a/BinaryObjectScanner/Packer/WinRARSFX.cs +++ b/BinaryObjectScanner/Packer/WinRARSFX.cs @@ -8,11 +8,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.AssemblyDescription; if (name.OptionalContains("WinRAR archiver")) return "WinRAR SFX"; diff --git a/BinaryObjectScanner/Packer/WinZipSFX.cs b/BinaryObjectScanner/Packer/WinZipSFX.cs index c5123270..f0d6370e 100644 --- a/BinaryObjectScanner/Packer/WinZipSFX.cs +++ b/BinaryObjectScanner/Packer/WinZipSFX.cs @@ -39,11 +39,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Check the export directory table, if it exists if (pex.Model.ExportTable?.ExportDirectoryTable != null) { diff --git a/BinaryObjectScanner/Packer/WiseInstaller.cs b/BinaryObjectScanner/Packer/WiseInstaller.cs index c17ad822..1ea836c7 100644 --- a/BinaryObjectScanner/Packer/WiseInstaller.cs +++ b/BinaryObjectScanner/Packer/WiseInstaller.cs @@ -43,11 +43,6 @@ namespace BinaryObjectScanner.Packer /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // If we match a known header if (GetPEFormat(pex) != null) return "Wise Installation Wizard Module"; diff --git a/BinaryObjectScanner/Protection/ActiveMARK.cs b/BinaryObjectScanner/Protection/ActiveMARK.cs index c89b4834..d0e50051 100644 --- a/BinaryObjectScanner/Protection/ActiveMARK.cs +++ b/BinaryObjectScanner/Protection/ActiveMARK.cs @@ -35,11 +35,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the entry point data, if it exists if (pex.EntryPointData != null) { diff --git a/BinaryObjectScanner/Protection/AegiSoft.cs b/BinaryObjectScanner/Protection/AegiSoft.cs index 74ee7b51..05c3a2bd 100644 --- a/BinaryObjectScanner/Protection/AegiSoft.cs +++ b/BinaryObjectScanner/Protection/AegiSoft.cs @@ -22,11 +22,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // There are possibly identifying Product Names for some files used in AegiSoft License Manager, but they were deemed too overmatching to use for the time being (Found in Redump entry 73521/IA item "Nova_HoyleCasino99USA").. // "Asc001.dll" has the Product Name "Install Dynamic Link Library". // "Asc002.dll" has the Product Name "Transact Dynamic Link Library". @@ -53,7 +48,7 @@ namespace BinaryObjectScanner.Protection // ÿÿÿÿ\\.\ASCLM new(new byte?[] { - 0xFF, 0xFF, 0xFF, 0xFF, 0x5C, 0x5C, 0x2E, 0x5C, + 0xFF, 0xFF, 0xFF, 0xFF, 0x5C, 0x5C, 0x2E, 0x5C, 0x41, 0x53, 0x43, 0x4C, 0x4D }, "AegiSoft License Manager"), }; diff --git a/BinaryObjectScanner/Protection/AlphaROM.cs b/BinaryObjectScanner/Protection/AlphaROM.cs index b348ec37..6786b729 100644 --- a/BinaryObjectScanner/Protection/AlphaROM.cs +++ b/BinaryObjectScanner/Protection/AlphaROM.cs @@ -47,11 +47,6 @@ namespace BinaryObjectScanner.Protection // TODO: Add support for detecting Alpha-ROM found in older games made with the RealLive engine. // TODO: Add version detection for Alpha-ROM. - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/Armadillo.cs b/BinaryObjectScanner/Protection/Armadillo.cs index 9ea60168..658a6f23 100644 --- a/BinaryObjectScanner/Protection/Armadillo.cs +++ b/BinaryObjectScanner/Protection/Armadillo.cs @@ -3,7 +3,7 @@ using BinaryObjectScanner.Interfaces; using SabreTools.Serialization.Wrappers; namespace BinaryObjectScanner.Protection -{ +{ /// /// Armadillo was a license manager, packer, and DRM by "The Silicon Realm Toolworks": https://web.archive.org/web/20030203101931/http://www.siliconrealms.com/armadillo.shtml /// They were later bought by Digital River, and updated their website: https://web.archive.org/web/20031203021152/http://www.siliconrealms.com/armadillo.shtml @@ -13,21 +13,16 @@ namespace BinaryObjectScanner.Protection /// Digital River itself also advertised Armadillo at first: https://web.archive.org/web/20040116043029/http://www.digitalriver.com:80/corporate/solutions06.shtml /// But then only advertised SoftwarePassport once it was released: https://web.archive.org/web/20040604065907/http://www.digitalriver.com/corporate/solutions06.shtml /// - + // TODO: Add extraction // TODO: Add version checking, if possible // https://raw.githubusercontent.com/wolfram77web/app-peid/master/userdb.txt - + public class Armadillo : IExtractableExecutable { /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .nicode section, if it exists if (pex.ContainsSection(".nicode", exact: true)) return "Armadillo"; diff --git a/BinaryObjectScanner/Protection/ByteShield.cs b/BinaryObjectScanner/Protection/ByteShield.cs index b8d5f183..20103c83 100644 --- a/BinaryObjectScanner/Protection/ByteShield.cs +++ b/BinaryObjectScanner/Protection/ByteShield.cs @@ -42,11 +42,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "LineRider2.exe" in Redump entry 6236 var name = pex.FileDescription; if (name.OptionalEquals("ByteShield Client")) diff --git a/BinaryObjectScanner/Protection/CDCheck.cs b/BinaryObjectScanner/Protection/CDCheck.cs index f5fd59ac..6755f104 100644 --- a/BinaryObjectScanner/Protection/CDCheck.cs +++ b/BinaryObjectScanner/Protection/CDCheck.cs @@ -8,11 +8,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.Comments; if (name.OptionalContains("CDCheck utlity for Microsoft Game Studios")) return "Microsoft Game Studios CD Check"; diff --git a/BinaryObjectScanner/Protection/CDDVDCops.cs b/BinaryObjectScanner/Protection/CDDVDCops.cs index 1608e9f0..74fc61a1 100644 --- a/BinaryObjectScanner/Protection/CDDVDCops.cs +++ b/BinaryObjectScanner/Protection/CDDVDCops.cs @@ -163,11 +163,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the stub executable data, if it exists if (pex.StubExecutableData != null) { diff --git a/BinaryObjectScanner/Protection/CDGuard.cs b/BinaryObjectScanner/Protection/CDGuard.cs index 6e240b96..0ae1a3a5 100644 --- a/BinaryObjectScanner/Protection/CDGuard.cs +++ b/BinaryObjectScanner/Protection/CDGuard.cs @@ -25,11 +25,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Investigate the numerous ".guard" sections present in "Randevu.exe" in Redump entry 97142. // Get the export directory table @@ -47,7 +42,7 @@ namespace BinaryObjectScanner.Protection // Found in "Randevu.exe" in Redump entry 97142. bool match = Array.Exists(pex.Model.ImportTable.ImportDirectoryTable, idte => idte?.Name != null && idte.Name.Equals("cdguard.dll", StringComparison.OrdinalIgnoreCase)); if (match) - return "CD-Guard Copy Protection System"; + return "CD-Guard Copy Protection System"; } return null; diff --git a/BinaryObjectScanner/Protection/CDKey.cs b/BinaryObjectScanner/Protection/CDKey.cs index 53f66750..a2998b23 100644 --- a/BinaryObjectScanner/Protection/CDKey.cs +++ b/BinaryObjectScanner/Protection/CDKey.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.InternalName; if (name.OptionalEquals("CDKey", StringComparison.OrdinalIgnoreCase)) return "CD-Key / Serial"; diff --git a/BinaryObjectScanner/Protection/CDLock.cs b/BinaryObjectScanner/Protection/CDLock.cs index 1a7dd207..fd216a9a 100644 --- a/BinaryObjectScanner/Protection/CDLock.cs +++ b/BinaryObjectScanner/Protection/CDLock.cs @@ -30,11 +30,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section, if it exists var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA"); if (dataSectionRaw != null) diff --git a/BinaryObjectScanner/Protection/CDSHiELDSE.cs b/BinaryObjectScanner/Protection/CDSHiELDSE.cs index ab2b7bae..8f632769 100644 --- a/BinaryObjectScanner/Protection/CDSHiELDSE.cs +++ b/BinaryObjectScanner/Protection/CDSHiELDSE.cs @@ -8,11 +8,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Indicates Hypertech Crack Proof as well? //// Get the import directory table //if (pex.Model.ImportTable?.ImportDirectoryTable != null) diff --git a/BinaryObjectScanner/Protection/CenegaProtectDVD.cs b/BinaryObjectScanner/Protection/CenegaProtectDVD.cs index 077b8a74..1d188e38 100644 --- a/BinaryObjectScanner/Protection/CenegaProtectDVD.cs +++ b/BinaryObjectScanner/Protection/CenegaProtectDVD.cs @@ -17,11 +17,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the export directory table if (pex.Model.ExportTable?.ExportDirectoryTable != null) { diff --git a/BinaryObjectScanner/Protection/Channelware.cs b/BinaryObjectScanner/Protection/Channelware.cs index a82d17e1..90b6e4a8 100644 --- a/BinaryObjectScanner/Protection/Channelware.cs +++ b/BinaryObjectScanner/Protection/Channelware.cs @@ -25,11 +25,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "AbeWincw.dll" in Redump entry 116358 and in "TOYSGMcw.dll" in the "TOYSTORY" installation folder from Redump entry 12354. var name = pex.ProductName; if (name.OptionalEquals("ChannelWare Utilities")) diff --git a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs index ac20e898..8cfb7ed7 100644 --- a/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs +++ b/BinaryObjectScanner/Protection/ChosenBytesCodeLock.cs @@ -24,11 +24,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "Code-Lock.ocx" in Code-Lock version 2.35. // Also worth noting is the File Description for this file, which is "A future for you, a challenge for the rest.". var name = pex.ProductName; diff --git a/BinaryObjectScanner/Protection/CopyKiller.cs b/BinaryObjectScanner/Protection/CopyKiller.cs index 8d52faa5..9c590aba 100644 --- a/BinaryObjectScanner/Protection/CopyKiller.cs +++ b/BinaryObjectScanner/Protection/CopyKiller.cs @@ -20,12 +20,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // TODO: Figure out how to differentiate between V3.99 and V3.99a. - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Figure out why this check doesn't work. // Found in "autorun.exe" in CopyKiller V3.64, V3.99, and V3.99a. var name = pex.ProductName; diff --git a/BinaryObjectScanner/Protection/CopyLok.cs b/BinaryObjectScanner/Protection/CopyLok.cs index e5b548ab..2f2a839e 100644 --- a/BinaryObjectScanner/Protection/CopyLok.cs +++ b/BinaryObjectScanner/Protection/CopyLok.cs @@ -25,11 +25,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // If there are more than 2 icd-prefixed sections, then we have a match // Though this is the same name that SafeDisc uses for protected executables, this seems to be a coincidence. // Found in Redump entries 31557, 31674, 31675, 31708, 38239, 44210, and 53929. diff --git a/BinaryObjectScanner/Protection/CrypKey.cs b/BinaryObjectScanner/Protection/CrypKey.cs index 8d214a8f..dc259ec0 100644 --- a/BinaryObjectScanner/Protection/CrypKey.cs +++ b/BinaryObjectScanner/Protection/CrypKey.cs @@ -15,11 +15,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the code/CODE section strings, if they exist var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/Cucko.cs b/BinaryObjectScanner/Protection/Cucko.cs index 661c9cdf..1b92ca7b 100644 --- a/BinaryObjectScanner/Protection/Cucko.cs +++ b/BinaryObjectScanner/Protection/Cucko.cs @@ -15,11 +15,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .text section, if it exists var textData = pex.GetFirstSectionData(".text"); if (textData != null) diff --git a/BinaryObjectScanner/Protection/Denuvo.cs b/BinaryObjectScanner/Protection/Denuvo.cs index 20b86266..f108c1bf 100644 --- a/BinaryObjectScanner/Protection/Denuvo.cs +++ b/BinaryObjectScanner/Protection/Denuvo.cs @@ -34,11 +34,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // All current checks for Denuvo Anti-Cheat come from Doom Eternal Update 1 (Steam Depot 782332, Manifest 7064393210727378308). // Found in "denuvo-anti-cheat.sys". diff --git a/BinaryObjectScanner/Protection/DigiGuard.cs b/BinaryObjectScanner/Protection/DigiGuard.cs index 4ce52bde..db4079d1 100644 --- a/BinaryObjectScanner/Protection/DigiGuard.cs +++ b/BinaryObjectScanner/Protection/DigiGuard.cs @@ -28,11 +28,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "Start.exe" in IA item "Nova_DellBigWIGDVD_USA"/Redump entry 108588. var name = pex.FileDescription; if (name.OptionalEquals("DigiGuard3 Client")) diff --git a/BinaryObjectScanner/Protection/DiscGuard.cs b/BinaryObjectScanner/Protection/DiscGuard.cs index a42b9137..ddbf9c73 100644 --- a/BinaryObjectScanner/Protection/DiscGuard.cs +++ b/BinaryObjectScanner/Protection/DiscGuard.cs @@ -40,11 +40,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "IOSLinksys.dll" (Redump entries 31914, 46743, 46961, 79284, and 79374). var name = pex.FileDescription; if (name.OptionalStartsWith("IOSLinkNT", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/EAAntiCheat.cs b/BinaryObjectScanner/Protection/EAAntiCheat.cs index 1120c56c..5ecef679 100644 --- a/BinaryObjectScanner/Protection/EAAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EAAntiCheat.cs @@ -21,11 +21,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; // Found in "EAAntiCheat.GameServiceLauncher.exe" and "EAAntiCheat.Installer.exe" in "Plants vs. Zombies: Battle for Neighborville" (Steam Depot 1262241, Manifest 8124759833120741594). if (!string.IsNullOrEmpty(name) && name!.Contains("EA Anticheat")) diff --git a/BinaryObjectScanner/Protection/EasyAntiCheat.cs b/BinaryObjectScanner/Protection/EasyAntiCheat.cs index 2d6514d4..07be0f21 100644 --- a/BinaryObjectScanner/Protection/EasyAntiCheat.cs +++ b/BinaryObjectScanner/Protection/EasyAntiCheat.cs @@ -24,11 +24,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; // Found in "VideoHorrorSociety.exe" ("Video Horror Society", Patch 1.0.70309, Steam). if (!string.IsNullOrEmpty(name) && name!.Contains("Easy Anti-Cheat Bootstrapper (EOS)")) diff --git a/BinaryObjectScanner/Protection/ElectronicArts.cs b/BinaryObjectScanner/Protection/ElectronicArts.cs index ae3e1099..90f16b7d 100644 --- a/BinaryObjectScanner/Protection/ElectronicArts.cs +++ b/BinaryObjectScanner/Protection/ElectronicArts.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("EReg MFC Application")) return $"EA CdKey Registration Module {pex.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/Engine32.cs b/BinaryObjectScanner/Protection/Engine32.cs index 5cafe64f..264ecbdd 100644 --- a/BinaryObjectScanner/Protection/Engine32.cs +++ b/BinaryObjectScanner/Protection/Engine32.cs @@ -17,11 +17,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Most every tested sample of "engine32.dll" has a product name of "engine32", and the file description typically follows the naming pattern of "[Game Name] DLL-helper". // Detects Engine32 within the game executables that contain it. diff --git a/BinaryObjectScanner/Protection/GFWL.cs b/BinaryObjectScanner/Protection/GFWL.cs index 99557785..f46716da 100644 --- a/BinaryObjectScanner/Protection/GFWL.cs +++ b/BinaryObjectScanner/Protection/GFWL.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalStartsWith("Games for Windows - LIVE Zero Day Piracy Protection", StringComparison.OrdinalIgnoreCase)) return $"Games for Windows LIVE - Zero Day Piracy Protection Module {pex.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/Gefest.cs b/BinaryObjectScanner/Protection/Gefest.cs index 04c4ebef..f91e4fc7 100644 --- a/BinaryObjectScanner/Protection/Gefest.cs +++ b/BinaryObjectScanner/Protection/Gefest.cs @@ -21,11 +21,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the header padding strings, if it exists if (pex.HeaderPaddingStrings != null) { diff --git a/BinaryObjectScanner/Protection/HexaLock.cs b/BinaryObjectScanner/Protection/HexaLock.cs index 99007341..1ac5bdd9 100644 --- a/BinaryObjectScanner/Protection/HexaLock.cs +++ b/BinaryObjectScanner/Protection/HexaLock.cs @@ -34,11 +34,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Fix the following checks, as this information is visible via Windows Explorer but isn't currently being seen by BOS. // Found in "HCPSMng.exe". var name = pex.FileDescription; diff --git a/BinaryObjectScanner/Protection/ImpulseReactor.cs b/BinaryObjectScanner/Protection/ImpulseReactor.cs index 71f9d309..8c7e87ed 100644 --- a/BinaryObjectScanner/Protection/ImpulseReactor.cs +++ b/BinaryObjectScanner/Protection/ImpulseReactor.cs @@ -15,11 +15,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("ImpulseReactor Dynamic Link Library")) return $"Impulse Reactor Core Module {pex.GetInternalVersion()}"; diff --git a/BinaryObjectScanner/Protection/Intenium.cs b/BinaryObjectScanner/Protection/Intenium.cs index 9786a916..89688ff5 100644 --- a/BinaryObjectScanner/Protection/Intenium.cs +++ b/BinaryObjectScanner/Protection/Intenium.cs @@ -24,11 +24,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - if (pex.FindGenericResource("NO NESTED PRMS SUPPORTED").Count > 0) return "INTENIUM Trial & Buy Protection"; diff --git a/BinaryObjectScanner/Protection/JoWood.cs b/BinaryObjectScanner/Protection/JoWood.cs index 736f3032..1bf0407a 100644 --- a/BinaryObjectScanner/Protection/JoWood.cs +++ b/BinaryObjectScanner/Protection/JoWood.cs @@ -16,11 +16,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .ext section, if it exists if (pex.ContainsSection(".ext ", exact: true)) { diff --git a/BinaryObjectScanner/Protection/KalypsoLauncher.cs b/BinaryObjectScanner/Protection/KalypsoLauncher.cs index 8235a080..dd610f25 100644 --- a/BinaryObjectScanner/Protection/KalypsoLauncher.cs +++ b/BinaryObjectScanner/Protection/KalypsoLauncher.cs @@ -23,11 +23,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Investigate if there are any viable checks for the game EXE itself. // "Styx" is found as the File Description and Product Name in "KalypsoLauncher.dll", but checks aren't included due to the risk of false positives. diff --git a/BinaryObjectScanner/Protection/LabelGate.cs b/BinaryObjectScanner/Protection/LabelGate.cs index 649b707f..e1b09cd1 100644 --- a/BinaryObjectScanner/Protection/LabelGate.cs +++ b/BinaryObjectScanner/Protection/LabelGate.cs @@ -21,11 +21,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Should be present on all LabelGate CD2 discs (Redump entry 95010 and product ID SVWC-7185). var name = pex.FileDescription; if (name.OptionalStartsWith("MAGIQLIP2 Installer", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/LaserLok.cs b/BinaryObjectScanner/Protection/LaserLok.cs index 96729616..b180a5e5 100644 --- a/BinaryObjectScanner/Protection/LaserLok.cs +++ b/BinaryObjectScanner/Protection/LaserLok.cs @@ -49,11 +49,6 @@ namespace BinaryObjectScanner.Protection // 0x33 // }, "LaserLok 5"), - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Packed by SPEEnc V2 Asterios Parlamentas.PE byte?[] check = [ @@ -188,7 +183,7 @@ namespace BinaryObjectScanner.Protection return Encoding.ASCII.GetString(sectionContent, position + 76, 4); } - public static string? GetVersion16Bit(string firstMatchedString, IEnumerable? files) + private static string? GetVersion16Bit(string firstMatchedString, IEnumerable? files) { if (!File.Exists(firstMatchedString)) return string.Empty; diff --git a/BinaryObjectScanner/Protection/MGIRegistration.cs b/BinaryObjectScanner/Protection/MGIRegistration.cs index 643a107d..cb3b9fbf 100644 --- a/BinaryObjectScanner/Protection/MGIRegistration.cs +++ b/BinaryObjectScanner/Protection/MGIRegistration.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.ProductName; // Found in "Register.dll" in IA item "MGIPhotoSuite4.0AndPhotoVista2.02001". diff --git a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs index 58e08448..3f554f29 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CDilla.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CDilla.cs @@ -62,11 +62,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? CDillaCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; // Found in in "cdilla52.dll" from C-Dilla LMS version 3.24.010. diff --git a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs index 7eb2b5fb..6309b7ab 100644 --- a/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs +++ b/BinaryObjectScanner/Protection/Macrovision.CactusDataShield.cs @@ -35,11 +35,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? CactusDataShieldCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs index b03e74df..d3f3a201 100644 --- a/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs +++ b/BinaryObjectScanner/Protection/Macrovision.FLEXnet.cs @@ -14,11 +14,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? FLEXnetCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.ProductName; // Found in "IsSvcInstDanceEJay7.dll" in IA item "computer200709dvd" (Dance eJay 7). diff --git a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs index ce637d06..220d37ab 100644 --- a/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs +++ b/BinaryObjectScanner/Protection/Macrovision.RipGuard.cs @@ -21,11 +21,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? RipGuardCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "RGASDEV.SYS" in the Black Lagoon Season 1 DVD Steelbook box set (Geneon ID 12970). var name = pex.FileDescription; if (name.OptionalEquals("rgasdev", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs index 0f312c59..d2811481 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeCast.cs @@ -69,11 +69,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? SafeCastCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Investigate import hint/name table entry "CdaSysInstall" // TODO: Investigate string table entries: "CDWP02DG", "CDWP02DG", "CDWS02DG" // TODO: Invesitgate if the "AdobeLM.dll" file (along with mentions of "AdobeLM" in executables) uniquely identifies SafeCast, or if it can be used with different DRM. (Found in IA item ccd0605) diff --git a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs index b4ec4661..419933a0 100644 --- a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs +++ b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs @@ -43,11 +43,6 @@ namespace BinaryObjectScanner.Protection /// internal static string? SafeDiscCheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in Redump entry 57986. if (pex.Model.ImportTable?.HintNameTable != null) { diff --git a/BinaryObjectScanner/Protection/Macrovision.cs b/BinaryObjectScanner/Protection/Macrovision.cs index 7b4fc8c9..1903789b 100644 --- a/BinaryObjectScanner/Protection/Macrovision.cs +++ b/BinaryObjectScanner/Protection/Macrovision.cs @@ -46,11 +46,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Check for specific indications for individual Macrovision protections. var resultsList = new List(); diff --git a/BinaryObjectScanner/Protection/MediaCloQ.cs b/BinaryObjectScanner/Protection/MediaCloQ.cs index 5b22a061..c0b228f4 100644 --- a/BinaryObjectScanner/Protection/MediaCloQ.cs +++ b/BinaryObjectScanner/Protection/MediaCloQ.cs @@ -18,11 +18,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in scvfy.exe on "Charley Pride - A Tribute to Jim Reeves" (barcode "7 816190222-2 4"). var name = pex.FileDescription; if (name.OptionalStartsWith("scvfy MFC Application", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/MediaMax.cs b/BinaryObjectScanner/Protection/MediaMax.cs index b33de5b2..b6f13900 100644 --- a/BinaryObjectScanner/Protection/MediaMax.cs +++ b/BinaryObjectScanner/Protection/MediaMax.cs @@ -18,11 +18,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Used to detect "LicGen.exe", found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) var name = pex.FileDescription; if (name.OptionalStartsWith("LicGen Module", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/NEACProtect.cs b/BinaryObjectScanner/Protection/NEACProtect.cs index 4679caec..089d5142 100644 --- a/BinaryObjectScanner/Protection/NEACProtect.cs +++ b/BinaryObjectScanner/Protection/NEACProtect.cs @@ -25,10 +25,6 @@ namespace BinaryObjectScanner.Protection public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { // Most of the relevant executables are highly obfuscated, making executable detection mostly impractical. - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; // Get the .neac0 and .neac1 sections, if they exist. // Found in "NeacSafe64.sys" and "NeacSafe.sys". diff --git a/BinaryObjectScanner/Protection/NProtect.cs b/BinaryObjectScanner/Protection/NProtect.cs index be6f95e5..a5d84efb 100644 --- a/BinaryObjectScanner/Protection/NProtect.cs +++ b/BinaryObjectScanner/Protection/NProtect.cs @@ -33,11 +33,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Investigate if there are any viable checks for the game EXE itself. var name = pex.FileDescription; diff --git a/BinaryObjectScanner/Protection/OnlineRegistration.cs b/BinaryObjectScanner/Protection/OnlineRegistration.cs index c011dcde..6a3cb504 100644 --- a/BinaryObjectScanner/Protection/OnlineRegistration.cs +++ b/BinaryObjectScanner/Protection/OnlineRegistration.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Is this too broad in general? var name = pex.InternalName; if (name.OptionalStartsWith("EReg", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/OpenMG.cs b/BinaryObjectScanner/Protection/OpenMG.cs index 606655c4..8ed9bdd0 100644 --- a/BinaryObjectScanner/Protection/OpenMG.cs +++ b/BinaryObjectScanner/Protection/OpenMG.cs @@ -19,11 +19,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in many different OpenMG related files ("Touch" by Amerie). var name = pex.LegalTrademarks; if (name.OptionalStartsWith("OpenMG", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/Origin.cs b/BinaryObjectScanner/Protection/Origin.cs index 2a40a32b..7293e963 100644 --- a/BinaryObjectScanner/Protection/Origin.cs +++ b/BinaryObjectScanner/Protection/Origin.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalEquals("Origin", StringComparison.OrdinalIgnoreCase)) return "Origin"; diff --git a/BinaryObjectScanner/Protection/PlayJ.cs b/BinaryObjectScanner/Protection/PlayJ.cs index f45268fe..d2912a22 100644 --- a/BinaryObjectScanner/Protection/PlayJ.cs +++ b/BinaryObjectScanner/Protection/PlayJ.cs @@ -16,11 +16,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "PlayJ.exe" (https://web.archive.org/web/20010417025347/http://dlp.playj.com:80/playj/PlayJIns266.exe) and "CACTUSPJ.exe" ("Volumia!" by Puur (Barcode 7 43218 63282 2) (Discogs Release Code [r795427])). var name = pex.FileDescription; if (name.OptionalStartsWith("PlayJ Music Player", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/ProtectDisc.cs b/BinaryObjectScanner/Protection/ProtectDisc.cs index c858770b..66c60d08 100644 --- a/BinaryObjectScanner/Protection/ProtectDisc.cs +++ b/BinaryObjectScanner/Protection/ProtectDisc.cs @@ -16,12 +16,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the 4th and 5th sections, if they exist (example names: ACE4/ACE5) (Found in Redump entries 94792, 94793) + var sections = pex.Model.SectionTable ?? []; for (int i = 3; i < sections.Length; i++) { var nthSectionData = pex.GetSectionData(i); diff --git a/BinaryObjectScanner/Protection/RainbowSentinel.cs b/BinaryObjectScanner/Protection/RainbowSentinel.cs index 42880bc3..97e15b15 100644 --- a/BinaryObjectScanner/Protection/RainbowSentinel.cs +++ b/BinaryObjectScanner/Protection/RainbowSentinel.cs @@ -129,11 +129,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Figure out why resources for "RNBOVTMP.DLL", "SENTTEMP.DLL", "SNTI386.DLL", and "SX32W.DL_"/"SX32W.DLL" aren't getting read properly, causing checks for these files to not work. var name = pex.FileDescription; diff --git a/BinaryObjectScanner/Protection/RealArcade.cs b/BinaryObjectScanner/Protection/RealArcade.cs index dd923ec5..3a441008 100644 --- a/BinaryObjectScanner/Protection/RealArcade.cs +++ b/BinaryObjectScanner/Protection/RealArcade.cs @@ -18,11 +18,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data section strings, if they exist var strs = pex.GetFirstSectionStrings(".data"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/Roxxe.cs b/BinaryObjectScanner/Protection/Roxxe.cs index de0ab231..c5197b12 100644 --- a/BinaryObjectScanner/Protection/Roxxe.cs +++ b/BinaryObjectScanner/Protection/Roxxe.cs @@ -16,11 +16,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the code/CODE section strings, if they exist var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/SVKP.cs b/BinaryObjectScanner/Protection/SVKP.cs index ec43201a..382d0ae9 100644 --- a/BinaryObjectScanner/Protection/SVKP.cs +++ b/BinaryObjectScanner/Protection/SVKP.cs @@ -26,11 +26,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Investigate the "Debugger or tool for monitoring detected!!!.Application cannot be run with debugger or monitoring tool(s) loaded!. Please unload it and restart the application" strings present in seemingly every version. // Get the entry point data, if it exists. diff --git a/BinaryObjectScanner/Protection/SecuROM.cs b/BinaryObjectScanner/Protection/SecuROM.cs index 8e30ca44..af8bcfe2 100644 --- a/BinaryObjectScanner/Protection/SecuROM.cs +++ b/BinaryObjectScanner/Protection/SecuROM.cs @@ -14,11 +14,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("SecuROM PA")) return $"SecuROM Product Activation v{pex.GetInternalVersion()}"; @@ -62,6 +57,7 @@ namespace BinaryObjectScanner.Protection } // Get the sections 5+, if they exist (example names: .fmqyrx, .vcltz, .iywiak) + var sections = pex.Model.SectionTable ?? []; for (int i = 4; i < sections.Length; i++) { var nthSection = sections[i]; diff --git a/BinaryObjectScanner/Protection/SmartE.cs b/BinaryObjectScanner/Protection/SmartE.cs index e7851422..e04422be 100644 --- a/BinaryObjectScanner/Protection/SmartE.cs +++ b/BinaryObjectScanner/Protection/SmartE.cs @@ -11,12 +11,8 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the last section strings, if they exist + var sections = pex.Model.SectionTable ?? []; var strs = pex.GetSectionStrings(sections.Length - 1); if (strs != null) { diff --git a/BinaryObjectScanner/Protection/SoftLock.cs b/BinaryObjectScanner/Protection/SoftLock.cs index 24d46671..61414598 100644 --- a/BinaryObjectScanner/Protection/SoftLock.cs +++ b/BinaryObjectScanner/Protection/SoftLock.cs @@ -16,11 +16,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" var name = pex.InternalName; if (name.OptionalEquals("Softlock Protected Application")) diff --git a/BinaryObjectScanner/Protection/SolidShield.cs b/BinaryObjectScanner/Protection/SolidShield.cs index ad99b7d6..96975e23 100644 --- a/BinaryObjectScanner/Protection/SolidShield.cs +++ b/BinaryObjectScanner/Protection/SolidShield.cs @@ -17,11 +17,6 @@ namespace BinaryObjectScanner.Protection { // TODO: Investigate ".pseudo" section found in "tvdm.dll" in Redump entry 68166. - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalStartsWith("DVM Library", StringComparison.OrdinalIgnoreCase)) return $"SolidShield {pex.GetInternalVersion()}"; @@ -76,6 +71,7 @@ namespace BinaryObjectScanner.Protection return "SolidShield EXE Wrapper v1"; // Search the last two available sections + var sections = pex.Model.SectionTable ?? []; for (int i = Math.Max(sections.Length - 2, 0); i < sections.Length; i++) { // Get the nth section strings, if they exist diff --git a/BinaryObjectScanner/Protection/StarForce.cs b/BinaryObjectScanner/Protection/StarForce.cs index afa5ec55..844a3d59 100644 --- a/BinaryObjectScanner/Protection/StarForce.cs +++ b/BinaryObjectScanner/Protection/StarForce.cs @@ -19,11 +19,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // TODO: Find what fvinfo field actually maps to this var name = pex.FileDescription; @@ -65,7 +60,7 @@ namespace BinaryObjectScanner.Protection if (name.OptionalEquals("CORE.ADMIN", StringComparison.Ordinal)) return $"StarForce {pex.GetInternalVersion()}"; - + // These checks currently disabled due being possibly too generic: // Found in "protect.dll" in Redump entry 94805. // if (name.OptionalEquals("CORE.DLL", StringComparison.Ordinal)) diff --git a/BinaryObjectScanner/Protection/Steam.cs b/BinaryObjectScanner/Protection/Steam.cs index 48bab049..c5cb2899 100644 --- a/BinaryObjectScanner/Protection/Steam.cs +++ b/BinaryObjectScanner/Protection/Steam.cs @@ -11,11 +11,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("Steam Autorun Setup")) return "Steam"; diff --git a/BinaryObjectScanner/Protection/Sysiphus.cs b/BinaryObjectScanner/Protection/Sysiphus.cs index 559fb685..c55f4110 100644 --- a/BinaryObjectScanner/Protection/Sysiphus.cs +++ b/BinaryObjectScanner/Protection/Sysiphus.cs @@ -9,11 +9,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .data/DATA section strings, if they exist var strs = pex.GetFirstSectionStrings(".data") ?? pex.GetFirstSectionStrings("DATA"); if (strs != null) diff --git a/BinaryObjectScanner/Protection/Tages.cs b/BinaryObjectScanner/Protection/Tages.cs index 10318f58..a57cc3e3 100644 --- a/BinaryObjectScanner/Protection/Tages.cs +++ b/BinaryObjectScanner/Protection/Tages.cs @@ -14,11 +14,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Known TAGES Driver Setup filenames: // - DrvSetup.exe // - DrvSetup_x64.exe diff --git a/BinaryObjectScanner/Protection/Themida.cs b/BinaryObjectScanner/Protection/Themida.cs index 8548f2d5..51bde32f 100644 --- a/BinaryObjectScanner/Protection/Themida.cs +++ b/BinaryObjectScanner/Protection/Themida.cs @@ -26,11 +26,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the "Arcsoft " section strings, if they exist var strs = pex.GetFirstSectionStrings("Arcsoft "); if (strs != null) diff --git a/BinaryObjectScanner/Protection/ThreePLock.cs b/BinaryObjectScanner/Protection/ThreePLock.cs index 83ac19a3..5fdc513d 100644 --- a/BinaryObjectScanner/Protection/ThreePLock.cs +++ b/BinaryObjectScanner/Protection/ThreePLock.cs @@ -13,12 +13,7 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - - //This produced false positives in some DirectX 9.0c installer files + // This produced false positives in some DirectX 9.0c installer files //"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW" // Get the .ldr and .ldt sections, if they exist diff --git a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs index 6a6ac5ce..15df9004 100644 --- a/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs +++ b/BinaryObjectScanner/Protection/ThreeTwoOneStudios.cs @@ -8,11 +8,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Check the dialog box resources if (pex.FindDialogByTitle("321Studios Activation").Count > 0) return $"321Studios Online Activation"; diff --git a/BinaryObjectScanner/Protection/Uplay.cs b/BinaryObjectScanner/Protection/Uplay.cs index 8a156d56..33a44f92 100644 --- a/BinaryObjectScanner/Protection/Uplay.cs +++ b/BinaryObjectScanner/Protection/Uplay.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("Ubisoft Connect Installer")) return "Uplay / Ubisoft Connect"; diff --git a/BinaryObjectScanner/Protection/WMDS.cs b/BinaryObjectScanner/Protection/WMDS.cs index f97ac370..f83837c0 100644 --- a/BinaryObjectScanner/Protection/WMDS.cs +++ b/BinaryObjectScanner/Protection/WMDS.cs @@ -18,11 +18,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Found on "All That I Am" by Santana (Barcode 8 2876-59773-2 6) var name = pex.FileDescription; if (name.OptionalStartsWith("Windows Media Data Session Licensing Engine", StringComparison.OrdinalIgnoreCase)) diff --git a/BinaryObjectScanner/Protection/WTMCDProtect.cs b/BinaryObjectScanner/Protection/WTMCDProtect.cs index ae9565d5..3bfd5a45 100644 --- a/BinaryObjectScanner/Protection/WTMCDProtect.cs +++ b/BinaryObjectScanner/Protection/WTMCDProtect.cs @@ -12,11 +12,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - var name = pex.FileDescription; if (name.OptionalContains("Copy Protection Viewer")) return "WTM Protection Viewer"; diff --git a/BinaryObjectScanner/Protection/XCP.cs b/BinaryObjectScanner/Protection/XCP.cs index 4b099198..eea19cd9 100644 --- a/BinaryObjectScanner/Protection/XCP.cs +++ b/BinaryObjectScanner/Protection/XCP.cs @@ -13,11 +13,6 @@ namespace BinaryObjectScanner.Protection /// public string? CheckExecutable(string file, PortableExecutable pex, bool includeDebug) { - // Get the sections from the executable, if possible - var sections = pex.Model.SectionTable; - if (sections == null) - return null; - // Get the .rdata section strings, if they exist List? strs = pex.GetFirstSectionStrings(".rdata"); if (strs != null)