SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-12 21:31:30 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity
624 Commits 1 Branch 67 Tags
b23a504c7b94de8387104f3dda37d099b31fd97e
Commit Graph

41 Commits

Author SHA1 Message Date
Matt Nadareski
dfee4a8d76 Use debug flag for exception printing 2022-05-15 20:58:27 -07:00
Matt Nadareski
9d7cc4012c Move interfaces to own namespace 2022-05-01 17:41:50 -07:00
Matt Nadareski
f9f2e0d932 Better naming 2022-05-01 17:17:15 -07:00
Matt Nadareski
b933249ff7 Add resource finding on creation 2022-04-02 16:12:23 -07:00
Matt Nadareski
61c09e3c97 Move resource helpers to PortableExecutable 2022-04-02 15:54:51 -07:00
Matt Nadareski
17f8569a7e Only read resource in WinZipSFX 2022-03-15 11:11:44 -07:00
Matt Nadareski
ceae505f4d Switch order of interface parameters 2022-03-14 22:51:17 -07:00
Matt Nadareski
a7e9164f4f Use SourceArray for PE checks 2022-03-14 22:49:35 -07:00
Matt Nadareski
3820546c07 Use SourceArray for NE checks 2022-03-14 22:43:26 -07:00
Matt Nadareski
513e799aa3 Migrate protections to new interfaces 2022-03-14 11:20:11 -07:00
Matt Nadareski
fcbf006e4e Migrate packers to new interfaces 2022-03-14 11:00:17 -07:00
Matt Nadareski
ffb529edb3 Granularly separate out executable types 2022-03-14 10:40:44 -07:00
Matt Nadareski
d6fd0c4d2c Reduce reliance on fileContent; add notes 2021-09-11 22:27:52 -07:00
Matt Nadareski
afdd032f73 Start using more methods to make life easier 2021-09-11 21:03:36 -07:00
Matt Nadareski
214e8d41c7 Pre-read 3 most commonly-used section data 
This also adds comprehensive notes around the sections used in various protections, how they're used, and what we can do with them. It also adds a couple of various notes based on the findings from the protection audit
 2021-09-11 16:47:25 -07:00
Matt Nadareski
b779f2f546 Only deserialze a file once per round of checks 2021-09-10 16:10:15 -07:00
Matt Nadareski
5344de96b2 Cleanup and bugfixes; additional notes 2021-09-10 15:32:37 -07:00
Matt Nadareski
373268a6a8 Convert resource checks to header checks 2021-09-10 13:51:32 -07:00
Matt Nadareski
1b54dd92ab Convert WZ-SFX to section and header based 2021-08-29 11:43:43 -07:00
Matt Nadareski
6cde7b8bef Reduce redundant code in content matchers now 2021-08-25 20:26:43 -07:00
Matt Nadareski
3ab0bcc0ae ContentMatchSets are now expected in IContentCheck 2021-08-25 19:37:32 -07:00
Matt Nadareski
7548646ba2 Create and use the Tools namespace 2021-08-25 15:09:42 -07:00
Matt Nadareski
43845cf722 Rename position flag -> debug flag 2021-08-24 15:19:23 -07:00
Matt Nadareski
3667a5b57a Concurrent protection scans per file (#52) 
* Move to ConcurrentDictionary

* Convert to ConcurrentQueue
 2021-07-18 09:44:23 -07:00
SilasLaspada
65fa2f8481 Greatly improve WinZip SFX version detection (#39) 2021-06-21 21:48:25 -07:00
Matt Nadareski
5240f2eb70 Simplify util method naming 2021-03-22 21:32:58 -07:00
Matt Nadareski
6400c954ef Split matchers more cleanly, comment better 2021-03-22 21:25:14 -07:00
Matt Nadareski
e47a52dbe0 Use framework in even more content protections 2021-03-22 11:43:51 -07:00
Matt Nadareski
8ea54328ef Use framework for WZ-SFX v2 checks 2021-03-22 10:22:56 -07:00
Matt Nadareski
7aca58a6c9 Better split matching code, fix UPX name 2021-03-22 00:41:18 -07:00
Matt Nadareski
15ae2441c3 Use content matching helper, part 5 2021-03-21 22:37:16 -07:00
Matt Nadareski
7e3ef544f0 Use content matching helper, part 2 2021-03-21 15:24:23 -07:00
Matt Nadareski
ab07eb96ce Use content matching helper, part 1 2021-03-21 14:30:37 -07:00
Matt Nadareski
544aaed9da Modify array finding, part 2 2021-03-20 20:47:56 -07:00
Matt Nadareski
b6b7a5e7aa Clean up terminology 2021-03-20 19:23:59 -07:00
Matt Nadareski
cdc4d509ee Modify array finding, part 1 2021-03-20 19:00:22 -07:00
Matt Nadareski
07882f7632 Create and use manifesr version utility 2021-03-20 17:34:31 -07:00
Matt Nadareski
152f6c7051 Reduce size of 32-bit checks 2021-03-14 14:16:54 -07:00
Matt Nadareski
bedbceafa7 Use NE headers for all 16-bit versions 2021-03-14 13:55:26 -07:00
Matt Nadareski
2f19bf7ceb SFX cleanup and add missing check 2021-03-14 00:19:10 -08:00
SilasLaspada
a39ae9facf Add support for WinZip SFX archives (#23) 
* Add inital check for WinZip SFX archives

Every version of WinZip SFX has the string "WinZip Self-Extractor" in it,

* Add basic version detection

Versions 3+ and 2.x are identified radically differently, so make separate methods for them.

* Implement version 3+ detection

Should be very thorough detection, detects every 3+ file I have accurately.

* Cleanup code

General clanup

* Improve version 3+ detection

Use an XML string to determine the version.

* Harden against false positives

* Implement basic extraction

* Partial 2.X version detection

Very crude but effective 2.X detection for 2.0 versions

* Add version detection for 2.1 RC2 variants

* Add 2.1 version detection

* Add 2.2 version detection

Aside from clean-ups, this is the final functional addition

* Address comments
 2021-03-13 20:18:03 -08:00