Bump version to 2.3.0

* Begin overhauling SafeDisc detection

* A new utility method for obtaining the SHA1 hash of a file.
* SHA1-based detection for drvmgt.dll, which is vastly more accurate than the existing size checks.
* (Currently nonfunctional) PEX based checks for newer secdrv.sys versions.
* General clean-up and minor additions.

* Address PR review comments

* Address further PR comments and remove some file size checks

Remove file size checks that are now redundant.

* Add CLCD16 hash based version detection

Add support for detecting a rough version range from the hash of CLCD16.dll, as well as general cleanup.

* Add CLCD32 hash based version detection

Add hash based version checks for CLCD32.dll, which provides reliable detection for 1.X, much more than CLCD16.dll.

* Add CLOKSPL hash based version detection

Add CLOKSPL hash based version detection, which is an excellent indicator of version within 1.X.

* Add detailed SafeDisc version notes, address PR reviews

* Add a note that includes every known SafeDisc and SafeCast version.

* General cleanup and minor detection additions.

* Address PR reviews.

* Various SafeDisc detection improvements

* Add broad version checks for 00000001.TMP.

* Add a few SafeDisc Lite specific CLCD32.DLL checks.

* Remove unneeded dplayerx.dll size checks that were already covered by executable string checks.

* Improve DPlayerX version size checks

Improve DPlayerX existing version size checks and add new ones.

Add new hash checks for previously undetected files.

* Improve secdrv.sys version detection

Improve secdrv.sys version detection using both file size checks and product version checks.

* Fix various false positives

Fix various false positives, as well as incomplete detections.

* Address PR comments

* Properly set check for File Description

.gitmodules

@@ -0,0 +1,12 @@
+[submodule "BurnOutSharp/External/stormlibsharp"]
+	path = BurnOutSharp/External/stormlibsharp
+	url = https://github.com/robpaveza/stormlibsharp.git
+[submodule "HLLibSharp"]
+	path = HLLibSharp
+	url = https://github.com/mnadareski/HLLibSharp
+[submodule "LibMSPackSharp"]
+	path = LibMSPackSharp
+	url = https://github.com/mnadareski/LibMSPackSharp.git
+[submodule "Dtf"]
+	path = Dtf
+	url = https://github.com/wixtoolset/Dtf.git

.vscode/launch.json

@@ -0,0 +1,27 @@
+{
+   // Use IntelliSense to find out which attributes exist for C# debugging
+   // Use hover for the description of the existing attributes
+   // For further information visit https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md
+   "version": "0.2.0",
+   "configurations": [
+        {
+            "name": ".NET Core Launch (console)",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build",
+            // If you have changed target frameworks, make sure to update the program path.
+            "program": "${workspaceFolder}/Test/bin/Debug/netcoreapp3.1/Test.dll",
+            "args": [],
+            "cwd": "${workspaceFolder}/Test",
+            // For more information about the 'console' field, see https://aka.ms/VSCode-CS-LaunchJson-Console
+            "console": "internalConsole",
+            "stopAtEntry": false
+        },
+        {
+            "name": ".NET Core Attach",
+            "type": "coreclr",
+            "request": "attach",
+            "processId": "${command:pickProcess}"
+        }
+    ]
+}

.vscode/tasks.json

@@ -0,0 +1,42 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "build",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "build",
+                "${workspaceFolder}/Test/Test.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "publish",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "publish",
+                "${workspaceFolder}/Test/Test.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "watch",
+            "command": "dotnet",
+            "type": "process",
+            "args": [
+                "watch",
+                "run",
+                "${workspaceFolder}/Test/Test.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}

BurnOutSharp.sln

@@ -1,17 +1,27 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.29306.81
+# Visual Studio Version 17
+VisualStudioVersion = 17.1.32407.343
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "BurnOutSharp", "BurnOutSharp\BurnOutSharp.csproj", "{1DA4212E-6071-4951-B45D-BB74A7838246}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BurnOutSharp", "BurnOutSharp\BurnOutSharp.csproj", "{1DA4212E-6071-4951-B45D-BB74A7838246}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Test", "Test\Test.csproj", "{88735BA2-778D-4192-8EB2-FFF6843719E2}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Test", "Test\Test.csproj", "{88735BA2-778D-4192-8EB2-FFF6843719E2}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{68D10531-99CB-40B1-8912-73FA286C9433}"
 	ProjectSection(SolutionItems) = preProject
+		appveyor.yml = appveyor.yml
+		LICENSE = LICENSE
 		README.md = README.md
 	EndProjectSection
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "HLLibSharp", "HLLibSharp\HLLibSharp\HLLibSharp.csproj", "{14E9764A-A8BF-44C0-A1A8-2C95EA307040}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LibMSPackSharp", "LibMSPackSharp\LibMSPackSharp\LibMSPackSharp.csproj", "{BD8144B8-4857-47E6-9717-E9F2DB374A89}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WixToolset.Dtf.Compression.Cab", "Dtf\src\WixToolset.Dtf.Compression.Cab\WixToolset.Dtf.Compression.Cab.csproj", "{55B1D2D8-7470-4332-96EE-E18079C8A306}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WixToolset.Dtf.Compression", "Dtf\src\WixToolset.Dtf.Compression\WixToolset.Dtf.Compression.csproj", "{3065BE52-CB56-4557-80CD-E3AC57C242F2}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -26,6 +36,22 @@ Global
 		{88735BA2-778D-4192-8EB2-FFF6843719E2}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{88735BA2-778D-4192-8EB2-FFF6843719E2}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{88735BA2-778D-4192-8EB2-FFF6843719E2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{14E9764A-A8BF-44C0-A1A8-2C95EA307040}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{14E9764A-A8BF-44C0-A1A8-2C95EA307040}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{14E9764A-A8BF-44C0-A1A8-2C95EA307040}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{14E9764A-A8BF-44C0-A1A8-2C95EA307040}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BD8144B8-4857-47E6-9717-E9F2DB374A89}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BD8144B8-4857-47E6-9717-E9F2DB374A89}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BD8144B8-4857-47E6-9717-E9F2DB374A89}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BD8144B8-4857-47E6-9717-E9F2DB374A89}.Release|Any CPU.Build.0 = Release|Any CPU
+		{55B1D2D8-7470-4332-96EE-E18079C8A306}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{55B1D2D8-7470-4332-96EE-E18079C8A306}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{55B1D2D8-7470-4332-96EE-E18079C8A306}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{55B1D2D8-7470-4332-96EE-E18079C8A306}.Release|Any CPU.Build.0 = Release|Any CPU
+		{3065BE52-CB56-4557-80CD-E3AC57C242F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3065BE52-CB56-4557-80CD-E3AC57C242F2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3065BE52-CB56-4557-80CD-E3AC57C242F2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3065BE52-CB56-4557-80CD-E3AC57C242F2}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

BurnOutSharp/BurnOutSharp.csproj

@@ -1,27 +1,65 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net462;net472;netcoreapp3.0</TargetFrameworks>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <TargetFrameworks>netstandard2.0</TargetFrameworks>
+    <Title>BurnOutSharp</Title>
+    <AssemblyName>BurnOutSharp</AssemblyName>
+    <Description>Port of BurnOut to C#, with additions</Description>
+    <Authors>Matt Nadareski;Gernot Knippen</Authors>
+    <Product>BurnOutSharp</Product>
+    <Copyright>Copyright (c)2005-2010 Gernot Knippen, Copyright (c)2018-2022 Matt Nadareski</Copyright>
+    <PackageLicenseFile>LICENSE.txt</PackageLicenseFile>
+    <RepositoryUrl>https://github.com/mnadareski/BurnOutSharp</RepositoryUrl>
+    <Version>2.3.0</Version>
+    <AssemblyVersion>2.3.0</AssemblyVersion>
+    <FileVersion>2.3.0</FileVersion>
+    <IncludeSource>true</IncludeSource>
+    <IncludeSymbols>true</IncludeSymbols>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
 
   <ItemGroup>
-    <None Include="BurnOutSharp.nuspec" />
+    <PackageReference Include="OpenMcdf" Version="2.2.1.9" />
+    <PackageReference Include="SharpCompress" Version="0.32.1" />
+    <PackageReference Include="System.Text.Encoding.CodePages" Version="6.0.0" />
+    <PackageReference Include="Teronis.MSBuild.Packaging.ProjectBuildInPackage" Version="1.0.0">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="UnshieldSharp" Version="1.6.8" />
+    <PackageReference Include="WiseUnpacker" Version="1.0.3" />
+    <PackageReference Include="zlib.net-mutliplatform" Version="1.0.6" />
+  </ItemGroup>
+
+  <!-- These are needed for dealing with submodules -->
+  <PropertyGroup>
+    <DefaultItemExcludes>
+      $(DefaultItemExcludes);
+      **\AssemblyInfo.cs;
+      External\stormlibsharp\lib\**;
+      External\stormlibsharp\TestConsole\**
+    </DefaultItemExcludes>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="LICENSE.txt" Pack="true" PackagePath="$(PackageLicenseFile)" />
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LessIO">
-      <Version>0.6.16</Version>
-    </PackageReference>
-    <PackageReference Include="libmspack4n">
-      <Version>0.9.10</Version>
-    </PackageReference>
-    <PackageReference Include="UnshieldSharp">
-      <Version>1.4.2.3</Version>
-    </PackageReference>
-    <PackageReference Include="zlib.net">
-      <Version>1.0.4</Version>
-    </PackageReference>
+    <None Include="*.dll" Pack="true">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      <CopyToPublishDirectory>Always</CopyToPublishDirectory>
+      <PackageCopyToOutput>true</PackageCopyToOutput>
+    </None>
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Dtf\src\WixToolset.Dtf.Compression.Cab\WixToolset.Dtf.Compression.Cab.csproj" />
+    <ProjectReference Include="..\HLLibSharp\HLLibSharp\HLLibSharp.csproj" />
+    <ProjectReference Include="..\LibMSPackSharp\LibMSPackSharp\LibMSPackSharp.csproj" />
   </ItemGroup>
 
 </Project>

BurnOutSharp/BurnOutSharp.nuspec

@@ -1,29 +0,0 @@
-<?xml version="1.0"?>
-<package >
-  <metadata>
-    <id>BurnOutSharp</id>
-    <version>1.03.9.1</version>
-    <title>BurnOutSharp</title>
-    <authors>Matt Nadareski, Gernot Knippen</authors>
-    <owners>Matt Nadareski, Gernot Knippen</owners>
-    <licenseUrl>https://www.gnu.org/licenses/gpl-3.0.txt</licenseUrl>
-    <projectUrl>https://github.com/mnadareski/BurnOutSharp</projectUrl>
-    <requireLicenseAcceptance>false</requireLicenseAcceptance>
-    <description>Port of BurnOut to C#, with additions</description>
-    <copyright>Copyright (c)2005-2010 Gernot Knippen, Copyright (c)2018-2020 Matt Nadareski</copyright>
-    <tags>protection scan burnout</tags>
-    <dependencies>
-      <dependency id="LessIO" version="0.5.0" />
-      <dependency id="libmspack4n" version="0.8.0" />
-      <dependency id="UnshieldSharp" version="1.4.2.3" />
-    </dependencies>
-  </metadata>
-  <files>
-    <file src="bin\Debug\net462\BurnOutSharp.dll" target="lib\net462\BurnOutSharp.dll" />
-    <file src="bin\Debug\net462\BurnOutSharp.pdb" target="lib\net462\BurnOutSharp.pdb" />
-    <file src="bin\Debug\net472\BurnOutSharp.dll" target="lib\net472\BurnOutSharp.dll" />
-    <file src="bin\Debug\net472\BurnOutSharp.pdb" target="lib\net472\BurnOutSharp.pdb" />
-    <file src="bin\Debug\netcoreapp3.0\BurnOutSharp.dll" target="lib\netcoreapp3.0\BurnOutSharp.dll" />
-    <file src="bin\Debug\netcoreapp3.0\BurnOutSharp.pdb" target="lib\netcoreapp3.0\BurnOutSharp.pdb" />
-  </files>
-</package>

BurnOutSharp/EVORE.cs

@@ -1,446 +0,0 @@
-//this file is part of BurnOut
-//Copyright (C)2005-2010 Gernot Knippen
-//Ported code with augments Copyright (C)2018 Matt Nadareski
-//
-//This program is free software; you can redistribute it and/or
-//modify it under the terms of the GNU General Public License
-//as published by the Free Software Foundation; either
-//version 2 of the License, or (at your option) any later version.
-//
-//This program is distributed in the hope that it will be useful,
-//but WITHOUT ANY WARRANTY; without even the implied warranty of
-//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-//GNU General Public License for more details.
-//
-//You can get a copy of the GNU General Public License
-//by writing to the Free Software
-//Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-using System;
-using System.Diagnostics;
-using System.IO;
-using System.Text;
-using System.Threading;
-
-namespace BurnOutSharp
-{
-    internal static class EVORE
-    {
-        private struct Section
-        {
-            public uint iVirtualSize;
-            public uint iVirtualOffset;
-            public uint iRawOffset;
-        }
-
-        private const int WaitSeconds = 20;
-
-        private static Process StartSafe(string file)
-        {
-            if (file == null || !File.Exists(file))
-                return null;
-
-            Process startingprocess = new Process();
-            startingprocess.StartInfo.FileName = file;
-            startingprocess.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
-            startingprocess.StartInfo.CreateNoWindow = true;
-            startingprocess.StartInfo.ErrorDialog = false;
-            try
-            {
-                startingprocess.Start();
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex.Message);
-                return null;
-            }
-            return startingprocess;
-        }
-
-        private static string MakeTempFile(string file, string sExtension = ".exe")
-        {
-            if (file == null || !File.Exists(file))
-                return string.Empty;
-
-            FileInfo filei = new FileInfo(file);
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "tmp", filei.Name + "*" + sExtension));
-            }
-            catch { }
-            filei = filei.CopyTo(Path.GetTempPath() + "tmp" + filei.Name + Directory.GetFiles(Path.GetTempPath(), "tmp" + filei.Name + "*" + sExtension).Length + sExtension, true);
-            filei.Attributes = FileAttributes.Temporary | FileAttributes.NotContentIndexed;
-            return filei.FullName;
-        }
-
-        private static bool IsEXE(string file)
-        {
-            if (file == null || !File.Exists(file))
-                return false;
-
-            BinaryReader breader = new BinaryReader(File.OpenRead(file));
-            breader.ReadBytes(60);
-            int PEHeaderOffset = breader.ReadInt32();
-            breader.BaseStream.Seek(PEHeaderOffset, SeekOrigin.Begin);
-            breader.ReadBytes(22);
-            short Characteristics = breader.ReadInt16();
-            breader.Close();
-            //check if file is dll
-            if ((Characteristics & 0x2000) == 0x2000)
-                return false;
-            else
-                return true;
-        }
-
-        private static string[] CopyDependentDlls(string exefile)
-        {
-            if (exefile == null)
-                return null;
-
-            FileInfo fiExe = new FileInfo(exefile);
-            Section[] sections = ReadSections(exefile);
-            BinaryReader breader = new BinaryReader(File.OpenRead(exefile), Encoding.Default);
-            long lastPosition;
-            string[] saDependentDLLs = null;
-            breader.ReadBytes(60);
-            int PEHeaderOffset = breader.ReadInt32();
-            breader.BaseStream.Seek(PEHeaderOffset + 120 + 8, SeekOrigin.Begin); //120 Bytes till IMAGE_DATA_DIRECTORY array,8 Bytes=size of IMAGE_DATA_DIRECTORY
-            uint ImportTableRVA = breader.ReadUInt32();
-            uint ImportTableSize = breader.ReadUInt32();
-            breader.BaseStream.Seek(RVA2Offset(ImportTableRVA, sections), SeekOrigin.Begin);
-            breader.BaseStream.Seek(12, SeekOrigin.Current);
-            uint DllNameRVA = breader.ReadUInt32();
-            while (DllNameRVA != 0)
-            {
-                string sDllName = "";
-                byte bChar;
-                lastPosition = breader.BaseStream.Position;
-                uint DLLNameOffset = RVA2Offset(DllNameRVA, sections);
-                if (DLLNameOffset > 0)
-                {
-                    breader.BaseStream.Seek(DLLNameOffset, SeekOrigin.Begin);
-                    if (breader.PeekChar() > -1)
-                    {
-                        do
-                        {
-                            bChar = breader.ReadByte();
-                            sDllName += (char)bChar;
-                        } while (bChar != 0 && breader.PeekChar() > -1);
-
-                        sDllName = sDllName.Remove(sDllName.Length - 1, 1);
-                        if (File.Exists(Path.Combine(fiExe.DirectoryName, sDllName)))
-                        {
-                            if (saDependentDLLs == null)
-                                saDependentDLLs = new string[0];
-                            else
-                                saDependentDLLs = new string[saDependentDLLs.Length];
-
-                            FileInfo fiDLL = new FileInfo(Path.Combine(fiExe.DirectoryName, sDllName));
-                            saDependentDLLs[saDependentDLLs.Length - 1] = fiDLL.CopyTo(Path.GetTempPath() + sDllName, true).FullName;
-                        }
-                    }
-
-                    breader.BaseStream.Seek(lastPosition, SeekOrigin.Begin);
-                }
-
-                breader.BaseStream.Seek(4 + 12, SeekOrigin.Current);
-                DllNameRVA = breader.ReadUInt32();
-            }
-
-            breader.Close();
-            return saDependentDLLs;
-        }
-
-        private static Section[] ReadSections(string exefile)
-        {
-            if (exefile == null)
-                return null;
-
-            BinaryReader breader = new BinaryReader(File.OpenRead(exefile));
-            breader.ReadBytes(60);
-            uint PEHeaderOffset = breader.ReadUInt32();
-            breader.BaseStream.Seek(PEHeaderOffset + 6, SeekOrigin.Begin);
-            ushort NumberOfSections = breader.ReadUInt16();
-            breader.BaseStream.Seek(PEHeaderOffset + 120 + 16 * 8, SeekOrigin.Begin);
-            Section[] sections = new Section[NumberOfSections];
-            for (int i = 0; i < NumberOfSections; i++)
-            {
-                breader.BaseStream.Seek(8, SeekOrigin.Current);
-                uint ivs = breader.ReadUInt32();
-                uint ivo = breader.ReadUInt32();
-                breader.BaseStream.Seek(4, SeekOrigin.Current);
-                uint iro = breader.ReadUInt32();
-                breader.BaseStream.Seek(16, SeekOrigin.Current);
-
-                sections[i] = new Section()
-                {
-                    iVirtualSize = ivs,
-                    iVirtualOffset = ivo,
-                    iRawOffset = iro,
-                };
-            }
-            breader.Close();
-            return sections;
-        }
-
-        private static uint RVA2Offset(uint RVA, Section[] sections)
-        {
-            int i = 0;
-            while (i != sections.Length)
-            {
-                if (sections[i].iVirtualOffset <= RVA && sections[i].iVirtualOffset + sections[i].iVirtualSize > RVA)
-                    return RVA - sections[i].iVirtualOffset + sections[i].iRawOffset;
-                i++;
-            }
-            return 0;
-        }
-
-        #region "EVORE version-search-functions"
-
-        public static string SearchProtectDiscVersion(string file)
-        {
-            if (file == null || !File.Exists(file))
-                return string.Empty;
-
-            Process exe = new Process();
-            Process[] processes = new Process[0];
-            string version = "";
-            DateTime timestart;
-            if (!IsEXE(file))
-                return "";
-            string tempexe = MakeTempFile(file);
-            string[] DependentDlls = CopyDependentDlls(file);
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "a*.tmp"));
-            }
-            catch { }
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "PCD*.sys"));
-            }
-            catch { }
-            if (Directory.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc")))
-            {
-                try
-                {
-                    File.Delete(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc", "p*.dll"));
-                }
-                catch { }
-            }
-            exe = StartSafe(tempexe);
-            if (exe == null)
-                return "";
-            timestart = DateTime.Now;
-            do
-            {
-                exe.Refresh();
-                string[] files = null;
-
-                //check for ProtectDisc 8.2-x
-                if (Directory.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc")))
-                {
-                    files = Directory.GetFiles(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc"), "p*.dll");
-                }
-                if (files != null)
-                {
-                    if (files.Length > 0)
-                    {
-                        FileVersionInfo fvinfo = FileVersionInfo.GetVersionInfo(files[0]);
-                        if (fvinfo.FileVersion != "")
-                        {
-                            version = fvinfo.FileVersion.Replace(" ", "").Replace(",", ".");
-                            //ProtectDisc 9 uses a ProtectDisc-Core dll version 8.0.x
-                            if (version.StartsWith("8.0"))
-                                version = "";
-                            fvinfo = null;
-                            break;
-                        }
-                    }
-                }
-
-                //check for ProtectDisc 7.1-8.1
-                files = Directory.GetFiles(Path.GetTempPath(), "a*.tmp");
-                if (files.Length > 0)
-                {
-                    FileVersionInfo fvinfo = FileVersionInfo.GetVersionInfo(files[0]);
-                    if (fvinfo.FileVersion != "")
-                    {
-                        version = fvinfo.FileVersion.Replace(" ", "").Replace(",", ".");
-                        fvinfo = null;
-                        break;
-                    }
-                }
-
-                if (exe.HasExited)
-                    break;
-
-                processes = Process.GetProcessesByName(exe.ProcessName);
-                if (processes.Length == 2)
-                {
-                    processes[0].Refresh();
-                    processes[1].Refresh();
-                    if (processes[1].WorkingSet64 > exe.WorkingSet64)
-                        exe = processes[1];
-                    else if (processes[0].WorkingSet64 > exe.WorkingSet64) //else if (processes[0].Modules.Count > exe.Modules.Count)
-                        exe = processes[0];
-                }
-            } while (processes.Length > 0 && DateTime.Now.Subtract(timestart).TotalSeconds < WaitSeconds);
-
-            Thread.Sleep(500);
-            if (!exe.HasExited)
-            {
-                processes = Process.GetProcessesByName(exe.ProcessName);
-                if (processes.Length == 2)
-                {
-                    try
-                    {
-                        processes[0].Kill();
-                    }
-                    catch { }
-                    processes[0].Close();
-                    try
-                    {
-                        processes[1].Kill();
-                    }
-                    catch { }
-                }
-                else
-                {
-                    exe.Refresh();
-                    try
-                    {
-                        exe.Kill();
-                    }
-                    catch { }
-                }
-            }
-
-            exe.Close();
-            Thread.Sleep(500);
-            if (Directory.Exists(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc")))
-            {
-                try
-                {
-                    File.Delete(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "ProtectDisc", "p*.dll"));
-                }
-                catch { }
-            }
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "a*.tmp"));
-            }
-            catch { }
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "PCD*.sys"));
-            }
-            catch { }
-            File.Delete(tempexe);
-            if (DependentDlls != null)
-            {
-                for (int i = 0; i < DependentDlls.Length; i++)
-                {
-                    try
-                    {
-                        File.Delete(DependentDlls[i]);
-                    }
-                    catch (Exception ex)
-                    {
-                        Console.WriteLine("!error while deleting file " + DependentDlls[i] + "; " + ex.Message);
-                    }
-                }
-            }
-
-            return version;
-        }
-
-        public static string SearchSafeDiscVersion(string file)
-        {
-            if (file == null || !File.Exists(file))
-                return string.Empty;
-
-            Process exe = new Process();
-            string version = "";
-            DateTime timestart;
-            if (!IsEXE(file))
-                return "";
-
-            string tempexe = MakeTempFile(file);
-            string[] DependentDlls = CopyDependentDlls(file);
-            try
-            {
-                Directory.Delete(Path.Combine(Path.GetTempPath(), "~e*"), true);
-            }
-            catch { }
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "~e*"));
-            }
-            catch { }
-
-            exe = StartSafe(tempexe);
-            if (exe == null)
-                return "";
-
-            timestart = DateTime.Now;
-            do
-            {
-                if (Directory.GetDirectories(Path.GetTempPath(), "~e*").Length > 0)
-                {
-                    string[] files = Directory.GetFiles(Directory.GetDirectories(Path.GetTempPath(), "~e*")[0], "~de*.tmp");
-                    if (files.Length > 0)
-                    {
-                        StreamReader sr;
-                        try
-                        {
-                            sr = new StreamReader(files[0], Encoding.Default);
-                            string FileContent = sr.ReadToEnd();
-                            sr.Close();
-                            int position = FileContent.IndexOf("%ld.%ld.%ld, %ld, %s,") - 1;
-                            if (position > -1)
-                                version = FileContent.Substring(position + 28, 12);
-                            break;
-                        }
-                        catch { }
-                    }
-                }
-            } while (!exe.HasExited && DateTime.Now.Subtract(timestart).TotalSeconds < WaitSeconds);
-
-            if (!exe.HasExited)
-                exe.Kill();
-            exe.Close();
-
-            try
-            {
-                Directory.Delete(Path.Combine(Path.GetTempPath(), "~e*"), true);
-            }
-            catch { }
-            try
-            {
-                File.Delete(Path.Combine(Path.GetTempPath(), "~e*"));
-            }
-            catch { }
-            File.Delete(tempexe);
-
-            if (DependentDlls != null)
-            {
-                for (int i = 0; i < DependentDlls.Length; i--)
-                {
-                    try
-                    {
-                        File.Delete(DependentDlls[i]);
-                    }
-                    catch (Exception ex)
-                    {
-                        Console.WriteLine("!error while deleting file " + DependentDlls[i] + "; " + ex.Message);
-                    }
-                }
-            }
-
-            return version;
-        }
-
-        #endregion
-    }
-}

BurnOutSharp/ExecutableType/Microsoft/Constants.cs

@@ -0,0 +1,74 @@
+namespace BurnOutSharp.ExecutableType.Microsoft
+{
+    /// <summary>
+    /// All constant values needed for file header reading
+    /// </summary>
+    internal static class Constants
+    {
+        public const ushort IMAGE_DOS_SIGNATURE = 0x5A4D;       // MZ
+        public const ushort IMAGE_OS2_SIGNATURE = 0x454E;       // NE
+        public const ushort IMAGE_OS2_SIGNATURE_LE = 0x454C;    // LE
+        public const uint IMAGE_NT_SIGNATURE = 0x00004550;      // PE00
+
+        #region IMAGE_DOS_HEADER
+
+        public const ushort ENEWEXE = 0x40;   // Value of E_LFARLC for new .EXEs
+        public const ushort ENEWHDR = 0x003C; // Offset in old hdr. of ptr. to new
+        public const ushort ERESWDS = 0x0010; // No. of reserved words (OLD)
+        public const ushort ERES1WDS = 0x0004; // No. of reserved words in e_res
+        public const ushort ERES2WDS = 0x000A; // No. of reserved words in e_res2
+        public const ushort ECP = 0x0004; // Offset in struct of E_CP 
+        public const ushort ECBLP = 0x0002; // Offset in struct of E_CBLP
+        public const ushort EMINALLOC = 0x000A; // Offset in struct of E_MINALLOC
+
+        #endregion
+
+        #region IMAGE_OS2_HEADER
+
+        public const ushort NERESWORDS = 3;     // 6 bytes reserved
+        public const ushort NECRC = 8;          //Offset into new header of NE_CRC
+
+        #endregion
+
+        #region NewSeg
+
+        public const ushort NSALIGN = 9;        // Segment data aligned on 512 byte boundaries
+        public const ushort NSLOADED = 0x0004;  // ns_sector field contains memory addr
+
+        #endregion
+
+        #region RsrcNameInfo
+
+        public const ushort RSORDID = 0x8000;       /* if high bit of ID set then integer id */
+
+        /* otherwise ID is offset of string from
+           the beginning of the resource table */
+        /* Ideally these are the same as the */
+        /* corresponding segment flags */
+        public const ushort RNMOVE = 0x0010;	  /* Moveable resource */
+        public const ushort RNPURE = 0x0020;	  /* Pure (read-only) resource */
+        public const ushort RNPRELOAD = 0x0040;	  /* Preloaded resource */
+        public const ushort RNDISCARD = 0xF000;	  /* Discard priority level for resource */
+
+        #endregion
+
+        #region IMAGE_OPTIONAL_HEADER
+
+        public const ushort IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16;
+
+        #endregion
+
+        #region IMAGE_SECTION_HEADER
+
+        public const int IMAGE_SIZEOF_SHORT_NAME = 8;
+
+        #endregion
+
+        #region IMAGE_RESOURCE_DATA_ENTRY
+
+        public const uint IMAGE_RESOURCE_DATA_IS_DIRECTORY = 0x80000000;
+        public const uint IMAGE_RESOURCE_NAME_IS_STRING	= 0x80000000;
+
+        #endregion
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/MZ/Headers/MSDOSExecutableHeader.cs

@@ -0,0 +1,217 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.MZ.Headers
+{
+    /// <summary>
+    /// The MS-DOS EXE format, also known as MZ after its signature (the initials of Microsoft engineer Mark Zbykowski),
+    /// was introduced with MS-DOS 2.0 (version 1.0 only sported the simple COM format). It is designed as a relocatable
+    /// executable running under real mode. As such, only DOS and Windows 9x can use this format natively, but there are
+    /// several free DOS emulators (e.g., DOSBox) that support it and that run under various operating systems (e.g.,
+    /// Linux, Amiga, Windows NT, etc.). Although they can exist on their own, MZ executables are embedded in all NE, LE,
+    /// and PE executables, usually as stubs so that when they are ran under DOS, they display a warning.
+    /// </summary>
+    /// <remarks>https://wiki.osdev.org/MZ</remarks>
+    public class MSDOSExecutableHeader
+    {
+        #region Standard Fields
+
+        /// <summary>
+        /// 0x5A4D (ASCII for 'M' and 'Z') [00]
+        /// </summary>
+        public ushort Magic;
+        
+        /// <summary>
+        /// Number of bytes in the last page. [02]
+        /// </summary>
+        public ushort LastPageBytes;
+        
+        /// <summary>
+        /// Number of whole/partial pages. [04]
+        /// </summary>
+        public ushort Pages;
+        
+        /// <summary>
+        /// Number of entries in the relocation table. [06]
+        /// </summary>
+        public ushort Relocations;
+        
+        /// <summary>
+        /// The number of paragraphs taken up by the header.It can be any value, as the loader
+        /// just uses it to find where the actual executable data starts. It may be larger than
+        /// what the "standard" fields take up, and you may use it if you want to include your
+        /// own header metadata, or put the relocation table there, or use it for any other purpose. [08]
+        /// </summary>
+        public ushort HeaderParagraphSize;
+        
+        /// <summary>
+        /// The number of paragraphs required by the program, excluding the PSP and program image.
+        /// If no free block is big enough, the loading stops. [0A]
+        /// </summary>
+        public ushort MinimumExtraParagraphs;
+        
+        /// <summary>
+        /// The number of paragraphs requested by the program.
+        /// If no free block is big enough, the biggest one possible is allocated. [0C]
+        /// </summary>
+        public ushort MaximumExtraParagraphs;
+        
+        /// <summary>
+        /// Relocatable segment address for SS. [0E]
+        /// </summary>
+        public ushort InitialSSValue;
+        
+        /// <summary>
+        /// Initial value for SP. [10]
+        /// </summary>
+        public ushort InitialSPValue;
+        
+        /// <summary>
+        /// When added to the sum of all other words in the file, the result should be zero. [12]
+        /// </summary>
+        public ushort Checksum;
+        
+        /// <summary>
+        /// Initial value for IP. [14]
+        /// </summary>
+        public ushort InitialIPValue;
+        
+        /// <summary>
+        /// Relocatable segment address for CS. [16]
+        /// </summary>
+        public ushort InitialCSValue;
+        
+        /// <summary>
+        /// The (absolute) offset to the relocation table. [18]
+        /// </summary>
+        public ushort RelocationTableAddr;
+        
+        /// <summary>
+        /// Value used for overlay management.
+        /// If zero, this is the main executable. [1A]
+        /// </summary>
+        public ushort OverlayNumber;
+
+        #endregion
+
+        #region PE Extensions
+        
+        /// <summary>
+        /// Reserved words [1C]
+        /// </summary>
+        public ushort[] Reserved1;
+        
+        /// <summary>
+        /// Defined by name but no other information is given; typically zeroes [24]
+        /// </summary>
+        public ushort OEMIdentifier;
+        
+        /// <summary>
+        /// Defined by name but no other information is given; typically zeroes [26]
+        /// </summary>
+        public ushort OEMInformation;
+        
+        /// <summary>
+        /// Reserved words [28]
+        /// </summary>
+        public ushort[] Reserved2;
+        
+        /// <summary>
+        /// Starting address of the PE header [3C]
+        /// </summary>
+        public int NewExeHeaderAddr;
+
+        #endregion
+
+        /// <summary>
+        /// All data after the last item in the header but before the new EXE header address
+        /// </summary>
+        public byte[] ExecutableData;
+
+        public static MSDOSExecutableHeader Deserialize(Stream stream, bool asStub = true)
+        {
+            MSDOSExecutableHeader idh = new MSDOSExecutableHeader();
+
+            idh.Magic = stream.ReadUInt16();
+            idh.LastPageBytes = stream.ReadUInt16();
+            idh.Pages = stream.ReadUInt16();
+            idh.Relocations = stream.ReadUInt16();
+            idh.HeaderParagraphSize = stream.ReadUInt16();
+            idh.MinimumExtraParagraphs = stream.ReadUInt16();
+            idh.MaximumExtraParagraphs = stream.ReadUInt16();
+            idh.InitialSSValue = stream.ReadUInt16();
+            idh.InitialSPValue = stream.ReadUInt16();
+            idh.Checksum = stream.ReadUInt16();
+            idh.InitialIPValue = stream.ReadUInt16();
+            idh.InitialCSValue = stream.ReadUInt16();
+            idh.RelocationTableAddr = stream.ReadUInt16();
+            idh.OverlayNumber = stream.ReadUInt16();
+
+            // If we're not reading as a stub, return now
+            if (!asStub)
+                return idh;
+
+            idh.Reserved1 = new ushort[Constants.ERES1WDS];
+            for (int i = 0; i < Constants.ERES1WDS; i++)
+            {
+                idh.Reserved1[i] = stream.ReadUInt16();
+            }
+
+            idh.OEMIdentifier = stream.ReadUInt16();
+            idh.OEMInformation = stream.ReadUInt16();
+            idh.Reserved2 = new ushort[Constants.ERES2WDS];
+            for (int i = 0; i < Constants.ERES2WDS; i++)
+            {
+                idh.Reserved2[i] = stream.ReadUInt16();
+            }
+
+            idh.NewExeHeaderAddr = stream.ReadInt32();
+            idh.ExecutableData = stream.ReadBytes(idh.NewExeHeaderAddr - (int)stream.Position);
+
+            return idh;
+        }
+
+        public static MSDOSExecutableHeader Deserialize(byte[] content, ref int offset, bool asStub = true)
+        {
+            MSDOSExecutableHeader idh = new MSDOSExecutableHeader();
+
+            idh.Magic = content.ReadUInt16(ref offset);
+            idh.LastPageBytes = content.ReadUInt16(ref offset);
+            idh.Pages = content.ReadUInt16(ref offset);
+            idh.Relocations = content.ReadUInt16(ref offset);
+            idh.HeaderParagraphSize = content.ReadUInt16(ref offset);
+            idh.MinimumExtraParagraphs = content.ReadUInt16(ref offset);
+            idh.MaximumExtraParagraphs = content.ReadUInt16(ref offset);
+            idh.InitialSSValue = content.ReadUInt16(ref offset);
+            idh.InitialSPValue = content.ReadUInt16(ref offset);
+            idh.Checksum = content.ReadUInt16(ref offset);
+            idh.InitialIPValue = content.ReadUInt16(ref offset);
+            idh.InitialCSValue = content.ReadUInt16(ref offset);
+            idh.RelocationTableAddr = content.ReadUInt16(ref offset);
+            idh.OverlayNumber = content.ReadUInt16(ref offset);
+
+            // If we're not reading as a stub, return now
+            if (!asStub)
+                return idh;
+
+            idh.Reserved1 = new ushort[Constants.ERES1WDS];
+            for (int i = 0; i < Constants.ERES1WDS; i++)
+            {
+                idh.Reserved1[i] = content.ReadUInt16(ref offset);
+            }
+
+            idh.OEMIdentifier = content.ReadUInt16(ref offset);
+            idh.OEMInformation = content.ReadUInt16(ref offset);
+            idh.Reserved2 = new ushort[Constants.ERES2WDS];
+            for (int i = 0; i < Constants.ERES2WDS; i++)
+            {
+                idh.Reserved2[i] = content.ReadUInt16(ref offset);
+            }
+
+            idh.NewExeHeaderAddr = content.ReadInt32(ref offset);
+            idh.ExecutableData = content.ReadBytes(ref offset, idh.NewExeHeaderAddr - offset);
+
+            return idh;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Entries/ResidentNameTableEntry.cs

@@ -0,0 +1,79 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+ 
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Entries
+{
+    /// <summary>
+    /// These name strings are case-sensitive and are not null-terminated
+    /// </summary>
+    public class ResidentNameTableEntry
+    {
+        /// <summary>
+        /// Length of the name string that follows.
+        /// A zero value indicates the end of the name table.
+        /// </summary>
+        public byte Length;
+
+        /// <summary>
+        /// ASCII text of the name string.
+        /// </summary>
+        public byte[] Data;
+
+        /// <summary>
+        /// Ordinal number (index into entry table).
+        /// This value is ignored for the module name.
+        /// </summary>
+        public ushort OrdinalNumber;
+
+        /// <summary>
+        /// ASCII text of the name string
+        /// </summary>
+        public string DataAsString
+        {
+            get
+            {
+                if (Data == null)
+                    return string.Empty;
+
+                // Try to read direct as ASCII
+                try
+                {
+                    return Encoding.ASCII.GetString(Data);
+                }
+                catch { }
+
+                // If ASCII encoding fails, then just return an empty string
+                return string.Empty;
+            }
+        }
+
+        public static ResidentNameTableEntry Deserialize(Stream stream)
+        {
+            var rnte = new ResidentNameTableEntry();
+
+            rnte.Length = stream.ReadByteValue();
+            if (rnte.Length == 0)
+                return rnte;
+
+            rnte.Data = stream.ReadBytes(rnte.Length);
+            rnte.OrdinalNumber = stream.ReadUInt16();
+
+            return rnte;
+        }
+
+        public static ResidentNameTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var rnte = new ResidentNameTableEntry();
+
+            rnte.Length = content.ReadByte(ref offset);
+            if (rnte.Length == 0)
+                return rnte;
+
+            rnte.Data = content.ReadBytes(ref offset, rnte.Length);
+            rnte.OrdinalNumber = content.ReadUInt16(ref offset);
+
+            return rnte;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Entries/ResourceNameString.cs

@@ -0,0 +1,44 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Entries
+{
+    /// <summary>
+    /// Resource type and name strings
+    /// </summary>
+    public class ResourceNameString
+    {
+        /// <summary>
+        /// Length of the type or name string that follows. A zero value
+        /// indicates the end of the resource type and name string, also
+        /// the end of the resource table.
+        /// </summary>
+        public byte Length;
+
+        /// <summary>
+        /// ASCII text of the type or name string.
+        /// </summary>
+        public char[] Value;
+
+        public static ResourceNameString Deserialize(Stream stream)
+        {
+            var rns = new ResourceNameString();
+
+            rns.Length = stream.ReadByteValue();
+            rns.Value = stream.ReadChars(rns.Length, Encoding.ASCII);
+
+            return rns;
+        }
+
+        public static ResourceNameString Deserialize(byte[] content, ref int offset)
+        {
+            var rns = new ResourceNameString();
+
+            rns.Length = content.ReadByte(ref offset);
+            rns.Value = Encoding.ASCII.GetChars(content, offset, rns.Length); offset += rns.Length;
+
+            return rns;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Entries/ResourceTableEntry.cs

@@ -0,0 +1,75 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Entries
+{
+    /// <summary>
+    /// A table of resources for this type
+    /// </summary>
+    public class ResourceTableEntry
+    {
+        /// <summary>
+        /// File offset to the contents of the resource data,
+        /// relative to beginning of file. The offset is in terms
+        /// of the alignment shift count value specified at
+        /// beginning of the resource table.
+        /// </summary>
+        public ushort Offset;
+        
+        /// <summary>
+        /// Length of the resource in the file (in bytes).
+        /// </summary>
+        public ushort Length;
+        
+        /// <summary>
+        /// Resource flags
+        /// </summary>
+        public ResourceTableEntryFlags Flags;
+        
+        /// <summary>
+        /// This is an integer type if the high-order
+        /// bit is set (8000h), otherwise it is the offset to the
+        /// resource string, the offset is relative to the
+        /// beginning of the resource table.
+        /// </summary>
+        public ushort ResourceID;
+        
+        /// <summary>
+        /// Reserved.
+        /// </summary>
+        public ushort Handle;
+        
+        /// <summary>
+        /// Reserved.
+        /// </summary>
+        public ushort Usage;
+
+        public static ResourceTableEntry Deserialize(Stream stream)
+        {
+            var ni = new ResourceTableEntry();
+
+            ni.Offset = stream.ReadUInt16();
+            ni.Length = stream.ReadUInt16();
+            ni.Flags = (ResourceTableEntryFlags)stream.ReadUInt16();
+            ni.ResourceID = stream.ReadUInt16();
+            ni.Handle = stream.ReadUInt16();
+            ni.Usage = stream.ReadUInt16();
+
+            return ni;
+        }
+
+        public static ResourceTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var ni = new ResourceTableEntry();
+
+            ni.Offset = content.ReadUInt16(ref offset);
+            ni.Length = content.ReadUInt16(ref offset);
+            ni.Flags = (ResourceTableEntryFlags)content.ReadUInt16(ref offset);
+            ni.ResourceID = content.ReadUInt16(ref offset);
+            ni.Handle = content.ReadUInt16(ref offset);
+            ni.Usage = content.ReadUInt16(ref offset);
+
+            return ni;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Entries/ResourceTypeInformationBlock.cs

@@ -0,0 +1,69 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Entries
+{
+    /// <summary>
+    /// Resource type information block
+    /// </summary>
+    public class ResourceTypeInformationBlock
+    {
+        /// <summary>
+        /// Type ID. This is an integer type if the high-order bit is
+        /// set (8000h); otherwise, it is an offset to the type string,
+        /// the offset is relative to the beginning of the resource
+        /// table. A zero type ID marks the end of the resource type
+        /// information blocks.
+        /// </summary>
+        public ushort TypeID;
+        
+        /// <summary>
+        /// Number of resources for this type.
+        /// </summary>
+        public ushort ResourceCount;
+        
+        /// <summary>
+        /// Reserved.
+        /// </summary>
+        public uint Reserved;
+
+        /// <summary>
+        /// Reserved.
+        /// </summary>
+        public ResourceTableEntry[] ResourceTable;
+
+        public static ResourceTypeInformationBlock Deserialize(Stream stream)
+        {
+            var rtib = new ResourceTypeInformationBlock();
+
+            rtib.TypeID = stream.ReadUInt16();
+            rtib.ResourceCount = stream.ReadUInt16();
+            rtib.Reserved = stream.ReadUInt32();
+
+            rtib.ResourceTable = new ResourceTableEntry[rtib.ResourceCount];
+            for (int i = 0; i < rtib.ResourceCount; i++)
+            {
+                rtib.ResourceTable[i] = ResourceTableEntry.Deserialize(stream);
+            }
+
+            return rtib;
+        }
+
+        public static ResourceTypeInformationBlock Deserialize(byte[] content, ref int offset)
+        {
+            var rtib = new ResourceTypeInformationBlock();
+
+            rtib.TypeID = content.ReadUInt16(ref offset);
+            rtib.ResourceCount = content.ReadUInt16(ref offset);
+            rtib.Reserved = content.ReadUInt32(ref offset);
+
+            rtib.ResourceTable = new ResourceTableEntry[rtib.ResourceCount];
+            for (int i = 0; i < rtib.ResourceCount; i++)
+            {
+                rtib.ResourceTable[i] = ResourceTableEntry.Deserialize(content, ref offset);
+            }
+
+            return rtib;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Entries/SegmentTableEntry.cs

@@ -0,0 +1,61 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Entries
+{
+    /// <summary>
+    /// The segment table contains an entry for each segment in the executable
+    /// file. The number of segment table entries are defined in the segmented
+    /// EXE header. The first entry in the segment table is segment number 1.
+    /// The following is the structure of a segment table entry.
+    /// </summary>
+    public class SegmentTableEntry
+    {
+        /// <summary>
+        /// Logical-sector offset (n byte) to the contents of the segment
+        /// data, relative to the beginning of the file. Zero means no
+        /// file data.
+        /// </summary>
+        public ushort StartFileSector;
+        
+        /// <summary>
+        /// Length of the segment in the file, in bytes. Zero means 64K.
+        /// </summary>
+        public ushort BytesInFile;
+        
+        /// <summary>
+        /// Attribute flags
+        /// </summary>
+        public SegmentTableEntryFlags Flags;
+        
+        /// <summary>
+        /// Minimum allocation size of the segment, in bytes.
+        /// Total size of the segment. Zero means 64K
+        /// </summary>
+        public ushort MinimumAllocation;
+
+        public static SegmentTableEntry Deserialize(Stream stream)
+        {
+            var nste = new SegmentTableEntry();
+
+            nste.StartFileSector = stream.ReadUInt16();
+            nste.BytesInFile = stream.ReadUInt16();
+            nste.Flags = (SegmentTableEntryFlags)stream.ReadUInt16();
+            nste.MinimumAllocation = stream.ReadUInt16();
+
+            return nste;
+        }
+
+        public static SegmentTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var nste = new SegmentTableEntry();
+
+            nste.StartFileSector = content.ReadUInt16(ref offset);
+            nste.BytesInFile = content.ReadUInt16(ref offset);
+            nste.Flags = (SegmentTableEntryFlags)content.ReadUInt16(ref offset);
+            nste.MinimumAllocation = content.ReadUInt16(ref offset);
+
+            return nste;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Headers/NewExecutableHeader.cs

@@ -0,0 +1,256 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Headers
+{
+    /// <summary>
+    /// The NE header is a relatively large structure with multiple characteristics.
+    /// Because of the age of the format some items are unclear in meaning.
+    /// </summary>
+    /// <remarks>http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm</remarks>
+    public class NewExecutableHeader
+    {
+        /// <summary>
+        /// Signature word. [00]
+        /// "N" is low-order byte.
+        /// "E" is high-order byte.
+        /// </summary>
+        public ushort Magic;
+        
+        /// <summary>
+        /// Version number of the linker. [02]
+        /// </summary>
+        public byte LinkerVersion;
+        
+        /// <summary>
+        /// Revision number of the linker. [03]
+        /// </summary>
+        public byte LinkerRevision;
+        
+        /// <summary>
+        /// Entry Table file offset, relative to the beginning of the segmented EXE header. [04]
+        /// </summary>
+        public ushort EntryTableOffset;
+        
+        /// <summary>
+        /// Number of bytes in the entry table. [06]
+        /// </summary>
+        public ushort EntryTableSize;
+        
+        /// <summary>
+        /// 32-bit CRC of entire contents of file. [08]
+        /// These words are taken as 00 during the calculation.
+        /// </summary>
+        public uint CrcChecksum;
+        
+        /// <summary>
+        /// Program flags, bitmapped [0C]
+        /// </summary>
+        public byte ProgramFlags;
+
+        /// <summary>
+        /// Application flags, bitmapped [0D]
+        /// </summary>
+        public byte ApplicationFlags;
+        
+        /// <summary>
+        /// Automatic data segment number [0E]
+        /// </summary>
+        public ushort Autodata;
+        
+        /// <summary>
+        /// Initial heap allocation [10]
+        /// </summary>
+        public ushort InitialHeapAlloc;
+        
+        /// <summary>
+        /// Initial stack allocation [12]
+        /// </summary>
+        public ushort InitialStackAlloc;
+        
+        /// <summary>
+        /// CS:IP entry point, CS is index into segment table [14]
+        /// </summary>
+        public uint InitialCSIPSetting;
+        
+        /// <summary>
+        /// SS:SP inital stack pointer, SS is index into segment table [18]
+        /// </summary>
+        public uint InitialSSSPSetting;
+        
+        /// <summary>
+        /// Number of segments in segment table [1C]
+        /// </summary>
+        public ushort FileSegmentCount;
+        
+        /// <summary>
+        /// Entries in Module Reference Table [1E]
+        /// </summary>
+        public ushort ModuleReferenceTableSize;
+        
+        /// <summary>
+        /// Size of non-resident name table [20]
+        /// </summary>
+        public ushort NonResidentNameTableSize;
+        
+        /// <summary>
+        /// Offset of Segment Table [22]
+        /// </summary>
+        public ushort SegmentTableOffset;
+        
+        /// <summary>
+        /// Offset of Resource Table [24]
+        /// </summary>
+        public ushort ResourceTableOffset;
+        
+        /// <summary>
+        /// Offset of resident name table [26]
+        /// </summary>
+        public ushort ResidentNameTableOffset;
+        
+        /// <summary>
+        /// Offset of Module Reference Table [28]
+        /// </summary>
+        public ushort ModuleReferenceTableOffset;
+        
+        /// <summary>
+        /// Offset of Imported Names Table [2A]
+        /// </summary>
+        public ushort ImportedNamesTableOffset;
+        
+        /// <summary>
+        /// Offset of Non-resident Names Table [2C]
+        /// </summary>
+        public uint NonResidentNamesTableOffset;
+        
+        /// <summary>
+        /// Count of moveable entry points listed in entry table [30]
+        /// </summary>
+        public ushort MovableEntriesCount;
+        
+        /// <summary>
+        /// File allignment size shift count (0-9 (default 512 byte pages)) [32]
+        /// </summary>
+        public ushort SegmentAlignmentShiftCount;
+        
+        /// <summary>
+        /// Count of resource table entries [34]
+        /// </summary>
+        public ushort ResourceEntriesCount;
+        
+        /// <summary>
+        /// Target operating system [36]
+        /// </summary>
+        public byte TargetOperatingSystem;
+        
+        /// <summary>
+        /// Other OS/2 flags [37]
+        /// </summary>
+        public byte AdditionalFlags;
+        
+        /// <summary>
+        /// Offset to return thunks or start of gangload area [38]
+        /// </summary>
+        public ushort ReturnThunkOffset;
+        
+        /// <summary>
+        /// Offset to segment reference thunks or size of gangload area [3A]
+        /// </summary>
+        public ushort SegmentReferenceThunkOffset;
+
+        /// <summary>
+        /// Minimum code swap area size [3C]
+        /// </summary>
+        public ushort MinCodeSwapAreaSize;
+        
+        /// <summary>
+        /// Windows SDK revison number [3E]
+        /// </summary>
+        public byte WindowsSDKRevision;
+        
+        /// <summary>
+        /// Windows SDK version number [3F]
+        /// </summary>
+        public byte WindowsSDKVersion;
+
+        public static NewExecutableHeader Deserialize(Stream stream)
+        {
+            var neh = new NewExecutableHeader();
+
+            neh.Magic = stream.ReadUInt16();
+            neh.LinkerVersion = stream.ReadByteValue();
+            neh.LinkerRevision = stream.ReadByteValue();
+            neh.EntryTableOffset = stream.ReadUInt16();
+            neh.EntryTableSize = stream.ReadUInt16();
+            neh.CrcChecksum = stream.ReadUInt32();
+            neh.ProgramFlags = stream.ReadByteValue();
+            neh.ApplicationFlags = stream.ReadByteValue();
+            neh.Autodata = stream.ReadUInt16();
+            neh.InitialHeapAlloc = stream.ReadUInt16();
+            neh.InitialStackAlloc = stream.ReadUInt16();
+            neh.InitialCSIPSetting = stream.ReadUInt32();
+            neh.InitialSSSPSetting = stream.ReadUInt32();
+            neh.FileSegmentCount = stream.ReadUInt16();
+            neh.ModuleReferenceTableSize = stream.ReadUInt16();
+            neh.NonResidentNameTableSize = stream.ReadUInt16();
+            neh.SegmentTableOffset = stream.ReadUInt16();
+            neh.ResourceTableOffset = stream.ReadUInt16();
+            neh.ResidentNameTableOffset = stream.ReadUInt16();
+            neh.ModuleReferenceTableOffset = stream.ReadUInt16();
+            neh.ImportedNamesTableOffset = stream.ReadUInt16();
+            neh.NonResidentNamesTableOffset = stream.ReadUInt32();
+            neh.MovableEntriesCount = stream.ReadUInt16();
+            neh.SegmentAlignmentShiftCount = stream.ReadUInt16();
+            neh.ResourceEntriesCount = stream.ReadUInt16();
+            neh.TargetOperatingSystem = stream.ReadByteValue();
+            neh.AdditionalFlags = stream.ReadByteValue();
+            neh.ReturnThunkOffset = stream.ReadUInt16();
+            neh.SegmentReferenceThunkOffset = stream.ReadUInt16();
+            neh.MinCodeSwapAreaSize = stream.ReadUInt16();
+            neh.WindowsSDKRevision = stream.ReadByteValue();
+            neh.WindowsSDKVersion = stream.ReadByteValue();
+
+            return neh;
+        }
+
+        public static NewExecutableHeader Deserialize(byte[] content, ref int offset)
+        {
+            var neh = new NewExecutableHeader();
+
+            neh.Magic = content.ReadUInt16(ref offset);
+            neh.LinkerVersion = content.ReadByte(ref offset);
+            neh.LinkerRevision = content.ReadByte(ref offset);
+            neh.EntryTableOffset = content.ReadUInt16(ref offset);
+            neh.EntryTableSize = content.ReadUInt16(ref offset);
+            neh.CrcChecksum = content.ReadUInt32(ref offset);
+            neh.ProgramFlags = content.ReadByte(ref offset);
+            neh.ApplicationFlags = content.ReadByte(ref offset);
+            neh.Autodata = content.ReadUInt16(ref offset);
+            neh.InitialHeapAlloc = content.ReadUInt16(ref offset);
+            neh.InitialStackAlloc = content.ReadUInt16(ref offset);
+            neh.InitialCSIPSetting = content.ReadUInt32(ref offset);
+            neh.InitialSSSPSetting = content.ReadUInt32(ref offset);
+            neh.FileSegmentCount = content.ReadUInt16(ref offset);
+            neh.ModuleReferenceTableSize = content.ReadUInt16(ref offset);
+            neh.NonResidentNameTableSize = content.ReadUInt16(ref offset);
+            neh.SegmentTableOffset = content.ReadUInt16(ref offset);
+            neh.ResourceTableOffset = content.ReadUInt16(ref offset);
+            neh.ResidentNameTableOffset = content.ReadUInt16(ref offset);
+            neh.ModuleReferenceTableOffset = content.ReadUInt16(ref offset);
+            neh.ImportedNamesTableOffset = content.ReadUInt16(ref offset);
+            neh.NonResidentNamesTableOffset = content.ReadUInt32(ref offset);
+            neh.MovableEntriesCount = content.ReadUInt16(ref offset);
+            neh.SegmentAlignmentShiftCount = content.ReadUInt16(ref offset);
+            neh.ResourceEntriesCount = content.ReadUInt16(ref offset);
+            neh.TargetOperatingSystem = content.ReadByte(ref offset);
+            neh.AdditionalFlags = content.ReadByte(ref offset);
+            neh.ReturnThunkOffset = content.ReadUInt16(ref offset);
+            neh.SegmentReferenceThunkOffset = content.ReadUInt16(ref offset);
+            neh.MinCodeSwapAreaSize = content.ReadUInt16(ref offset);
+            neh.WindowsSDKRevision = content.ReadByte(ref offset);
+            neh.WindowsSDKVersion = content.ReadByte(ref offset);
+
+            return neh;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/NewExecutable.cs

@@ -0,0 +1,233 @@
+using System;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.MZ.Headers;
+using BurnOutSharp.ExecutableType.Microsoft.NE.Headers;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE
+{
+    /// <summary>
+    /// The WIN-NE executable format, designed for Windows 3.x, was the "NE", or "New Executable" format.
+    /// Again, a 16bit format, it alleviated the maximum size restrictions that the MZ format had.
+    /// </summary>
+    public class NewExecutable
+    {
+        /// <summary>
+        /// Value determining if the executable is initialized or not
+        /// </summary>
+        public bool Initialized { get; } = false;
+
+        /// <summary>
+        /// Source array that the executable was parsed from
+        /// </summary>
+        private readonly byte[] _sourceArray = null;
+
+        /// <summary>
+        /// Source stream that the executable was parsed from
+        /// </summary>
+        private readonly Stream _sourceStream = null;
+
+        #region Headers
+
+        /// <summary>
+        /// he DOS stub is a valid MZ exe.
+        /// This enables the develper to package both an MS-DOS and Win16 version of the program,
+        /// but normally just prints "This Program requires Microsoft Windows".
+        /// The e_lfanew field (offset 0x3C) points to the NE header.
+        // </summary>
+        public MSDOSExecutableHeader DOSStubHeader;
+
+        /// <summary>
+        /// The NE header is a relatively large structure with multiple characteristics.
+        /// Because of the age of the format some items are unclear in meaning. 
+        /// </summary>
+        public NewExecutableHeader NewExecutableHeader;
+
+        #endregion
+
+        #region Tables
+
+        #endregion
+
+        #region Constructors
+
+        // TODO: Add more and more parts of a standard NE executable, not just the header
+        // TODO: Tables? What about the tables?
+        // TODO: Implement the rest of the structures found at http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm
+        // (Left off at RESIDENT-NAME TABLE)
+
+        /// <summary>
+        /// Create a NewExecutable object from a stream
+        /// </summary>
+        /// <param name="stream">Stream representing a file</param>
+        /// <remarks>
+        /// This constructor assumes that the stream is already in the correct position to start parsing
+        /// </remarks>
+        public NewExecutable(Stream stream)
+        {
+            if (stream == null || !stream.CanRead || !stream.CanSeek)
+                return;
+
+            this.Initialized = Deserialize(stream);
+            this._sourceStream = stream;
+        }
+
+        /// <summary>
+        /// Create a NewExecutable object from a byte array
+        /// </summary>
+        /// <param name="fileContent">Byte array representing a file</param>
+        /// <param name="offset">Positive offset representing the current position in the array</param>
+        public NewExecutable(byte[] fileContent, int offset)
+        {
+            if (fileContent == null || fileContent.Length == 0 || offset < 0)
+                return;
+
+            this.Initialized = Deserialize(fileContent, offset);
+            this._sourceArray = fileContent;
+        }
+
+        /// <summary>
+        /// Deserialize a NewExecutable object from a stream
+        /// </summary>
+        /// <param name="stream">Stream representing a file</param>
+        private bool Deserialize(Stream stream)
+        {
+            try
+            {
+                // Attempt to read the DOS header first
+                this.DOSStubHeader = MSDOSExecutableHeader.Deserialize(stream);
+                stream.Seek(this.DOSStubHeader.NewExeHeaderAddr, SeekOrigin.Begin);
+                if (this.DOSStubHeader.Magic != Constants.IMAGE_DOS_SIGNATURE)
+                    return false;
+                
+                // If the new header address is invalid for the file, it's not a NE
+                if (this.DOSStubHeader.NewExeHeaderAddr >= stream.Length)
+                    return false;
+
+                // Then attempt to read the NE header
+                this.NewExecutableHeader = NewExecutableHeader.Deserialize(stream);
+                if (this.NewExecutableHeader.Magic != Constants.IMAGE_OS2_SIGNATURE)
+                    return false;
+
+            }
+            catch (Exception ex)
+            {
+                //Console.WriteLine($"Errored out on a file: {ex}");
+                return false;
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Deserialize a NewExecutable object from a byte array
+        /// </summary>
+        /// <param name="fileContent">Byte array representing a file</param>
+        /// <param name="offset">Positive offset representing the current position in the array</param>
+        private bool Deserialize(byte[] content, int offset)
+        {
+            try
+            {
+                // Attempt to read the DOS header first
+                this.DOSStubHeader = MSDOSExecutableHeader.Deserialize(content, ref offset);
+                offset = this.DOSStubHeader.NewExeHeaderAddr;
+                if (this.DOSStubHeader.Magic != Constants.IMAGE_DOS_SIGNATURE)
+                    return false;
+
+                // If the new header address is invalid for the file, it's not a PE
+                if (this.DOSStubHeader.NewExeHeaderAddr >= content.Length)
+                    return false;
+
+                // Then attempt to read the NE header
+                this.NewExecutableHeader = NewExecutableHeader.Deserialize(content, ref offset);
+                if (this.NewExecutableHeader.Magic != Constants.IMAGE_OS2_SIGNATURE)
+                    return false;
+            }
+            catch (Exception ex)
+            {
+                //Console.WriteLine($"Errored out on a file: {ex}");
+                return false;
+            }
+
+            return true;
+        }
+
+        #endregion
+
+        #region Helpers
+
+        /// <summary>
+        /// Read an arbitrary range from the source
+        /// </summary>
+        /// <param name="rangeStart">The start of where to read data from, -1 means start of source</param>
+        /// <param name="length">How many bytes to read, -1 means read until end</param>
+        /// <returns></returns>
+        public byte[] ReadArbitraryRange(int rangeStart = -1, int length = -1)
+        {
+            try
+            {
+                // If we have a source stream, use that
+                if (this._sourceStream != null)
+                    return ReadArbitraryRangeFromSourceStream(rangeStart, length);
+
+                // If we have a source array, use that
+                if (this._sourceArray != null)
+                    return ReadArbitraryRangeFromSourceArray(rangeStart, length);
+
+                // Otherwise, return null
+                return null;
+            }
+            catch (Exception ex)
+            {
+                // TODO: How to handle this differently?
+                return null;
+            }
+        }
+
+        /// <summary>
+        /// Read an arbitrary range from the stream source, if possible
+        /// </summary>
+        /// <param name="rangeStart">The start of where to read data from, -1 means start of source</param>
+        /// <param name="length">How many bytes to read, -1 means read until end</param>
+        /// <returns></returns>
+        private byte[] ReadArbitraryRangeFromSourceStream(int rangeStart, int length)
+        {
+            lock (this._sourceStream)
+            {
+                int startingIndex = (int)Math.Max(rangeStart, 0);
+                int readLength = (int)Math.Min(length == -1 ? length = Int32.MaxValue : length, this._sourceStream.Length);
+
+                long originalPosition = this._sourceStream.Position;
+                this._sourceStream.Seek(startingIndex, SeekOrigin.Begin);
+                byte[] sectionData = this._sourceStream.ReadBytes(readLength);
+                this._sourceStream.Seek(originalPosition, SeekOrigin.Begin);
+                return sectionData;
+            }
+        }
+
+        /// <summary>
+        /// Read an arbitrary range from the array source, if possible
+        /// </summary>
+        /// <param name="rangeStart">The start of where to read data from, -1 means start of source</param>
+        /// <param name="length">How many bytes to read, -1 means read until end</param>
+        /// <returns></returns>
+        private byte[] ReadArbitraryRangeFromSourceArray(int rangeStart, int length)
+        {
+            int startingIndex = (int)Math.Max(rangeStart, 0);
+            int readLength = (int)Math.Min(length == -1 ? length = Int32.MaxValue : length, this._sourceArray.Length);
+
+            try
+            {
+                return this._sourceArray.ReadBytes(ref startingIndex, readLength);
+            }
+            catch
+            {
+                // Just absorb errors for now
+                // TODO: Investigate why and when this would be hit
+                return null;
+            }
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Tables/ResidentNameTable.cs

@@ -0,0 +1,59 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.NE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Tables
+{
+    /// <summary>
+    /// The resident-name table follows the resource table, and contains this
+    /// module's name string and resident exported procedure name strings. The
+    /// first string in this table is this module's name. These name strings
+    /// are case-sensitive and are not null-terminated.
+    /// </summary>
+    public class ResidentNameTable
+    {
+        /// <summary>
+        /// The first string in this table is this module's name.
+        /// These name strings are case-sensitive and are not null-terminated.
+        /// </summary>
+        public ResidentNameTableEntry[] NameTableEntries;
+
+        public static ResidentNameTable Deserialize(Stream stream)
+        {
+            var rnt = new ResidentNameTable();
+
+            var nameTableEntries = new List<ResidentNameTableEntry>();
+            while (true)
+            {
+                var rnte = ResidentNameTableEntry.Deserialize(stream);
+                if (rnte == null || rnte.Length == 0)
+                    break;
+
+                nameTableEntries.Add(rnte);
+            }
+
+            rnt.NameTableEntries = nameTableEntries.ToArray();
+
+            return rnt;
+        }
+
+        public static ResidentNameTable Deserialize(byte[] content, ref int offset)
+        {
+            var rnt = new ResidentNameTable();
+
+            var nameTableEntries = new List<ResidentNameTableEntry>();
+            while (true)
+            {
+                var rnte = ResidentNameTableEntry.Deserialize(content, ref offset);
+                if (rnte == null || rnte.Length == 0)
+                    break;
+
+                nameTableEntries.Add(rnte);
+            }
+
+            rnt.NameTableEntries = nameTableEntries.ToArray();
+
+            return rnt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/NE/Tables/ResourceTable.cs

@@ -0,0 +1,101 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.NE.Entries;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.NE.Tables
+{
+    /// <summary>
+    /// The resource table follows the segment table and contains entries for
+    /// each resource in the executable file. The resource table consists of
+    /// an alignment shift count, followed by a table of resource records. The
+    /// resource records define the type ID for a set of resources. Each
+    /// resource record contains a table of resource entries of the defined
+    /// type. The resource entry defines the resource ID or name ID for the
+    /// resource. It also defines the location and size of the resource.
+    /// </summary>
+    /// <remarks>http://bytepointer.com/resources/win16_ne_exe_format_win3.0.htm</remarks>
+    public class ResourceTable
+    {
+        /// <summary>
+        /// Alignment shift count for resource data.
+        /// </summary>
+        public ushort AlignmentShiftCount;
+
+        /// <summary>
+        /// A table of resource type information blocks.
+        /// </summary>
+        public ResourceTypeInformationBlock[] TypeInformationBlocks;
+
+        /// <summary>
+        /// Resource type and name strings are stored at the end of the
+        /// resource table. Note that these strings are NOT null terminated and
+        /// are case sensitive.
+        /// </summary>
+        public ResourceNameString[] TypeAndNameStrings;
+
+        public static ResourceTable Deserialize(Stream stream)
+        {
+            var rt = new ResourceTable();
+
+            rt.AlignmentShiftCount = stream.ReadUInt16();
+            var typeInformationBlocks = new List<ResourceTypeInformationBlock>();
+            while (true)
+            {
+                var block = ResourceTypeInformationBlock.Deserialize(stream);
+                if (block.TypeID == 0)
+                    break;
+                
+                typeInformationBlocks.Add(block);
+            }
+
+            rt.TypeInformationBlocks = typeInformationBlocks.ToArray();
+
+            var typeAndNameStrings = new List<ResourceNameString>();
+            while (true)
+            {
+                var str = ResourceNameString.Deserialize(stream);
+                if (str.Length == 0)
+                    break;
+                
+                typeAndNameStrings.Add(str);
+            }
+
+            rt.TypeAndNameStrings = typeAndNameStrings.ToArray();
+
+            return rt;
+        }
+
+        public static ResourceTable Deserialize(byte[] content, ref int offset)
+        {
+            var rt = new ResourceTable();
+
+            rt.AlignmentShiftCount = content.ReadUInt16(ref offset);
+            var typeInformationBlocks = new List<ResourceTypeInformationBlock>();
+            while (true)
+            {
+                var block = ResourceTypeInformationBlock.Deserialize(content, ref offset);
+                if (block.TypeID == 0)
+                    break;
+
+                typeInformationBlocks.Add(block);
+            }
+
+            rt.TypeInformationBlocks = typeInformationBlocks.ToArray();
+
+            var typeAndNameStrings = new List<ResourceNameString>();
+            while (true)
+            {
+                var str = ResourceNameString.Deserialize(content, ref offset);
+                if (str.Length == 0)
+                    break;
+                    
+                typeAndNameStrings.Add(str);
+            }
+
+            rt.TypeAndNameStrings = typeAndNameStrings.ToArray();
+
+            return rt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/BaseRelocationBlock.cs

@@ -0,0 +1,48 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// The base relocation table is divided into blocks.
+    /// Each block represents the base relocations for a 4K page.
+    /// Each block must start on a 32-bit boundary.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#base-relocation-block</remarks>
+    public class BaseRelocationBlock
+    {
+        /// <summary>
+        /// The image base plus the page RVA is added to each offset to create the VA where the base relocation must be applied.
+        /// </summary>
+        public uint PageRVA;
+
+        /// <summary>
+        /// The total number of bytes in the base relocation block, including the Page RVA and Block Size fields and the Type/Offset fields that follow.
+        /// </summary>
+        public uint BlockSize;
+
+        public static BaseRelocationBlock Deserialize(Stream stream)
+        {
+            var brb = new BaseRelocationBlock();
+
+            brb.PageRVA = stream.ReadUInt32();
+            brb.BlockSize = stream.ReadUInt32();
+
+            // TODO: Read in the type/offset field entries
+
+            return brb;
+        }
+
+        public static BaseRelocationBlock Deserialize(byte[] content, ref int offset)
+        {
+            var brb = new BaseRelocationBlock();
+
+            brb.PageRVA = content.ReadUInt32(ref offset);
+            brb.BlockSize = content.ReadUInt32(ref offset);
+
+            // TODO: Read in the type/offset field entries
+
+            return brb;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ExportAddressTableEntry.cs

@@ -0,0 +1,69 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each entry in the export address table is a field that uses one of two formats in the following table.
+    /// If the address specified is not within the export section (as defined by the address and length that are indicated in the optional header), the field is an export RVA, which is an actual address in code or data.
+    /// Otherwise, the field is a forwarder RVA, which names a symbol in another DLL.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-address-table</remarks>
+    public class ExportAddressTableEntry
+    {
+        /// <summary>
+        /// The address of the exported symbol when loaded into memory, relative to the image base.
+        /// For example, the address of an exported function.
+        /// </summary>
+        public uint ExportRVA;
+
+        /// <summary>
+        /// The pointer to a null-terminated ASCII string in the export section.
+        /// This string must be within the range that is given by the export table data directory entry.
+        /// This string gives the DLL name and the name of the export (for example, "MYDLL.expfunc") or the DLL name and the ordinal number of the export (for example, "MYDLL.#27").
+        /// </summary>
+        public uint ForwarderRVA; // TODO: Read this into a separate field
+
+        /// <summary>
+        /// A null-terminated ASCII string in the export section.
+        /// This string must be within the range that is given by the export table data directory entry.
+        /// This string gives the DLL name and the name of the export (for example, "MYDLL.expfunc") or the DLL name and the ordinal number of the export (for example, "MYDLL.#27").
+        /// </summary>
+        public string Forwarder;
+
+        public static ExportAddressTableEntry Deserialize(Stream stream, SectionHeader[] sections)
+        {
+            var eate = new ExportAddressTableEntry();
+
+            eate.ExportRVA = stream.ReadUInt32();
+            eate.ForwarderRVA = eate.ExportRVA;
+
+            int forwarderAddress = (int)PortableExecutable.ConvertVirtualAddress(eate.ForwarderRVA, sections);
+            if (forwarderAddress > -1 && forwarderAddress < stream.Length)
+            {
+                long originalPosition = stream.Position;
+                stream.Seek(forwarderAddress, SeekOrigin.Begin);
+                eate.Forwarder = stream.ReadString(Encoding.ASCII);
+                stream.Seek(originalPosition, SeekOrigin.Begin);
+            }
+
+            return eate;
+        }
+
+        public static ExportAddressTableEntry Deserialize(byte[] content, ref int offset, SectionHeader[] sections)
+        {
+            var eate = new ExportAddressTableEntry();
+
+            eate.ExportRVA = content.ReadUInt32(ref offset);
+            eate.ForwarderRVA = eate.ExportRVA;
+
+            int forwarderAddress = (int)PortableExecutable.ConvertVirtualAddress(eate.ForwarderRVA, sections);
+            if (forwarderAddress > -1 && forwarderAddress < content.Length)
+                eate.Forwarder = content.ReadString(ref forwarderAddress, Encoding.ASCII);
+
+            return eate;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/FunctionTableEntry.cs

@@ -0,0 +1,78 @@
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each entry in the export address table is a field that uses one of two formats in the following table.
+    /// If the address specified is not within the export section (as defined by the address and length that are indicated in the optional header), the field is an export RVA, which is an actual address in code or data.
+    /// Otherwise, the field is a forwarder RVA, which names a symbol in another DLL.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-pdata-section</remarks>
+    public class FunctionTableEntry
+    {
+        #region 32-bit MIPS
+
+        /// <summary>
+        /// The VA of the corresponding function.
+        /// </summary>
+        public uint MIPSBeginAddress;
+
+        /// <summary>
+        /// The VA of the end of the function.
+        /// </summary>
+        public uint MIPSEndAddress;
+
+        /// <summary>
+        /// The pointer to the exception handler to be executed.
+        /// </summary>
+        public uint MIPSExceptionHandler;
+
+        /// <summary>
+        /// The pointer to additional information to be passed to the handler.
+        /// </summary>
+        public uint MIPSHandlerData;
+
+        /// <summary>
+        /// The VA of the end of the function's prolog.
+        /// </summary>
+        public uint MIPSPrologEndAddress;
+
+        #endregion
+
+        #region ARM, PowerPC, SH3 and SH4 Windows CE
+
+        /// <summary>
+        /// The VA of the corresponding function.
+        /// </summary>
+        public uint ARMBeginAddress;
+
+        /// <summary>
+        /// The VA of the end of the function.
+        /// 
+        /// 8 bits      Prolog Length       The number of instructions in the function's prolog.
+        /// 22 bits     Function Length     The number of instructions in the function.
+        /// 1 bit       32-bit Flag         If set, the function consists of 32-bit instructions. If clear, the function consists of 16-bit instructions.
+        /// 1 bit       Exception Flag      If set, an exception handler exists for the function. Otherwise, no exception handler exists.
+        /// </summary>
+        public uint ARMLengthsAndFlags;
+
+        #endregion
+
+        #region x64 and Itanium
+
+        /// <summary>
+        /// The RVA of the corresponding function.
+        /// </summary>
+        public uint X64BeginAddress;
+
+        /// <summary>
+        /// The RVA of the end of the function.
+        /// </summary>
+        public uint X64EndAddress;
+
+        /// <summary>
+        /// The RVA of the unwind information.
+        /// </summary>
+        public uint X64UnwindInformation;
+
+        #endregion
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/HintNameTableEntry.cs

@@ -0,0 +1,89 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each entry in the hint/name table has the following format
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#hintname-table</remarks>
+    public class HintNameTableEntry
+    {
+        /// <summary>
+        /// An index into the export name pointer table.
+        /// A match is attempted first with this value.
+        /// If it fails, a binary search is performed on the DLL's export name pointer table.
+        /// </summary>
+        public ushort Hint;
+
+        /// <summary>
+        /// An ASCII string that contains the name to import.
+        /// This is the string that must be matched to the public name in the DLL.
+        /// This string is case sensitive and terminated by a null byte.
+        /// </summary>
+        public string Name;
+
+        /// <summary>
+        /// A trailing zero-pad byte that appears after the trailing null byte, if necessary, to align the next entry on an even boundary.
+        /// </summary>
+        public byte Pad;
+
+        public static HintNameTableEntry Deserialize(Stream stream)
+        {
+            var hnte = new HintNameTableEntry();
+
+            hnte.Hint = stream.ReadUInt16();
+            hnte.Name = string.Empty;
+            while (true)
+            {
+                char c = stream.ReadChar();
+                if (c == (char)0x00)
+                    break;
+                
+                hnte.Name += c;
+            }
+
+            // If the name length is not even, read and pad
+            if (hnte.Name.Length % 2 != 0)
+            {
+                stream.ReadByte();
+                hnte.Pad = 1;
+            }
+            else
+            {
+                hnte.Pad = 0;
+            }
+
+            return hnte;
+        }
+
+        public static HintNameTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var hnte = new HintNameTableEntry();
+
+            hnte.Hint = content.ReadUInt16(ref offset);
+            hnte.Name = string.Empty;
+            while (true)
+            {
+                char c = (char)content[offset]; offset += 1;
+                if (c == (char)0x00)
+                    break;
+                
+                hnte.Name += c;
+            }
+
+            // If the name length is not even, read and pad
+            if (hnte.Name.Length % 2 != 0)
+            {
+                offset += 1;
+                hnte.Pad = 1;
+            }
+            else
+            {
+                hnte.Pad = 0;
+            }
+
+            return hnte;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ImportAddressTableEntry.cs

@@ -0,0 +1,81 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each import address entry has the following format
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-address-table</remarks>
+    public class ImportAddressTableEntry
+    {
+        /// <summary>
+        /// The RVA of the import lookup table.
+        /// This table contains a name or ordinal for each import.
+        /// (The name "Characteristics" is used in Winnt.h, but no longer describes this field.)
+        /// </summary>
+        public uint ImportLookupTableRVA;
+
+        /// <summary>
+        /// The stamp that is set to zero until the image is bound.
+        /// After the image is bound, this field is set to the time/data stamp of the DLL.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The index of the first forwarder reference.
+        /// </summary>
+        public uint ForwarderChain;
+
+        /// <summary>
+        /// The address of an ASCII string that contains the name of the DLL.
+        /// This address is relative to the image base.
+        /// </summary>
+        public uint NameRVA;
+
+        /// <summary>
+        /// The RVA of the import address table.
+        /// The contents of this table are identical to the contents of the import lookup table until the image is bound.
+        /// </summary>
+        public uint ImportAddressTableRVA;
+
+        /// <summary>
+        /// Determine if the entry is null or not
+        /// This indicates the last entry in a table
+        /// </summary>
+        public bool IsNull()
+        {
+            return ImportLookupTableRVA == 0
+                && TimeDateStamp == 0
+                && ForwarderChain == 0
+                && NameRVA == 0
+                && ImportAddressTableRVA == 0;
+        }
+
+        public static ImportAddressTableEntry Deserialize(Stream stream)
+        {
+            var iate = new ImportAddressTableEntry();
+
+            iate.ImportLookupTableRVA = stream.ReadUInt32();
+            iate.TimeDateStamp = stream.ReadUInt32();
+            iate.ForwarderChain = stream.ReadUInt32();
+            iate.NameRVA = stream.ReadUInt32();
+            iate.ImportAddressTableRVA = stream.ReadUInt32();
+
+            return iate;
+        }
+
+        public static ImportAddressTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var iate = new ImportAddressTableEntry();
+
+            iate.ImportLookupTableRVA = content.ReadUInt32(ref offset);
+            iate.TimeDateStamp = content.ReadUInt32(ref offset);
+            iate.ForwarderChain = content.ReadUInt32(ref offset);
+            iate.NameRVA = content.ReadUInt32(ref offset);
+            iate.ImportAddressTableRVA = content.ReadUInt32(ref offset);
+
+            return iate;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ImportDirectoryTableEntry.cs

@@ -0,0 +1,81 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each import directory entry has the following format
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-directory-table</remarks>
+    public class ImportDirectoryTableEntry
+    {
+        /// <summary>
+        /// The RVA of the import lookup table.
+        /// This table contains a name or ordinal for each import.
+        /// (The name "Characteristics" is used in Winnt.h, but no longer describes this field.)
+        /// </summary>
+        public uint ImportLookupTableRVA;
+
+        /// <summary>
+        /// The stamp that is set to zero until the image is bound.
+        /// After the image is bound, this field is set to the time/data stamp of the DLL.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The index of the first forwarder reference.
+        /// </summary>
+        public uint ForwarderChain;
+
+        /// <summary>
+        /// The address of an ASCII string that contains the name of the DLL.
+        /// This address is relative to the image base.
+        /// </summary>
+        public uint NameRVA;
+
+        /// <summary>
+        /// The RVA of the import address table.
+        /// The contents of this table are identical to the contents of the import lookup table until the image is bound.
+        /// </summary>
+        public uint ImportAddressTableRVA;
+
+        /// <summary>
+        /// Determine if the entry is null or not
+        /// This indicates the last entry in a table
+        /// </summary>
+        public bool IsNull()
+        {
+            return ImportLookupTableRVA == 0
+                && TimeDateStamp == 0
+                && ForwarderChain == 0
+                && NameRVA == 0
+                && ImportAddressTableRVA == 0;
+        }
+
+        public static ImportDirectoryTableEntry Deserialize(Stream stream)
+        {
+            var idte = new ImportDirectoryTableEntry();
+
+            idte.ImportLookupTableRVA = stream.ReadUInt32();
+            idte.TimeDateStamp = stream.ReadUInt32();
+            idte.ForwarderChain = stream.ReadUInt32();
+            idte.NameRVA = stream.ReadUInt32();
+            idte.ImportAddressTableRVA = stream.ReadUInt32();
+
+            return idte;
+        }
+
+        public static ImportDirectoryTableEntry Deserialize(byte[] content, ref int offset)
+        {
+            var idte = new ImportDirectoryTableEntry();
+
+            idte.ImportLookupTableRVA = content.ReadUInt32(ref offset);
+            idte.TimeDateStamp = content.ReadUInt32(ref offset);
+            idte.ForwarderChain = content.ReadUInt32(ref offset);
+            idte.NameRVA = content.ReadUInt32(ref offset);
+            idte.ImportAddressTableRVA = content.ReadUInt32(ref offset);
+
+            return idte;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ResourceDataEntry.cs

@@ -0,0 +1,111 @@
+using System;
+using System.IO;
+using System.Linq;
+using System.Text;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+using BurnOutSharp.Tools;
+ 
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// Each Resource Data entry describes an actual unit of raw data in the Resource Data area.
+    /// </summary>
+    public class ResourceDataEntry
+    {
+        /// <summary>
+        /// The address of a unit of resource data in the Resource Data area.
+        /// </summary>
+        public uint OffsetToData;
+
+        /// <summary>
+        /// A unit of resource data in the Resource Data area.
+        /// </summary>
+        public byte[] Data;
+
+        /// <summary>
+        /// A unit of resource data in the Resource Data area.
+        /// </summary>
+        public string DataAsUTF8String
+        {
+            get
+            {
+                int codePage = (int)CodePage;
+                if (Data == null || codePage < 0)
+                    return string.Empty;
+
+                // Try to convert to UTF-8 first
+                try
+                {
+                    Encoding.RegisterProvider(CodePagesEncodingProvider.Instance);
+                    var originalEncoding = Encoding.GetEncoding(codePage);
+                    byte[] convertedData = Encoding.Convert(originalEncoding, Encoding.UTF8, Data);
+                    return Encoding.UTF8.GetString(convertedData);
+                }
+                catch { }
+
+                // Then try to read direct as ASCII
+                try
+                {
+                    return Encoding.ASCII.GetString(Data);
+                }
+                catch { }
+
+                // If both encodings fail, then just return an empty string
+                return string.Empty;
+            }
+        }
+
+        /// <summary>
+        /// The size, in bytes, of the resource data that is pointed to by the Data RVA field.
+        /// </summary>
+        public uint Size;
+
+        /// <summary>
+        /// The code page that is used to decode code point values within the resource data.
+        /// Typically, the code page would be the Unicode code page.
+        /// </summary>
+        public uint CodePage;
+        
+        /// <summary>
+        /// Reserved, must be 0.
+        /// </summary>
+        public uint Reserved;
+
+        public static ResourceDataEntry Deserialize(Stream stream, SectionHeader[] sections)
+        {
+            var rde = new ResourceDataEntry();
+
+            rde.OffsetToData = stream.ReadUInt32();
+            rde.Size = stream.ReadUInt32();
+            rde.CodePage = stream.ReadUInt32();
+            rde.Reserved = stream.ReadUInt32();
+
+            int realOffsetToData = (int)PortableExecutable.ConvertVirtualAddress(rde.OffsetToData, sections);
+            if (realOffsetToData > -1 && realOffsetToData < stream.Length && (int)rde.Size > 0 && realOffsetToData + (int)rde.Size < stream.Length)
+            {
+                long lastPosition = stream.Position;
+                stream.Seek(realOffsetToData, SeekOrigin.Begin);
+                rde.Data = stream.ReadBytes((int)rde.Size);
+                stream.Seek(lastPosition, SeekOrigin.Begin);
+            }
+
+            return rde;
+        }
+
+        public static ResourceDataEntry Deserialize(byte[] content, ref int offset, SectionHeader[] sections)
+        {
+            var rde = new ResourceDataEntry();
+
+            rde.OffsetToData = content.ReadUInt32(ref offset);
+            rde.Size = content.ReadUInt32(ref offset);
+            rde.CodePage = content.ReadUInt32(ref offset);
+            rde.Reserved = content.ReadUInt32(ref offset);
+
+            int realOffsetToData = (int)PortableExecutable.ConvertVirtualAddress(rde.OffsetToData, sections);
+            if (realOffsetToData > -1 && realOffsetToData < content.Length && (int)rde.Size > 0 && realOffsetToData + (int)rde.Size < content.Length)
+                rde.Data = new ArraySegment<byte>(content, realOffsetToData, (int)rde.Size).ToArray();
+
+            return rde;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ResourceDirectoryString.cs

@@ -0,0 +1,50 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// The resource directory string area consists of Unicode strings, which are word-aligned.
+    /// These strings are stored together after the last Resource Directory entry and before the first Resource Data entry.
+    /// This minimizes the impact of these variable-length strings on the alignment of the fixed-size directory entries.
+    /// </summary>
+    public class ResourceDirectoryString
+    {
+        /// <summary>
+        /// The size of the string, not including length field itself.
+        /// </summary>
+        public ushort Length;
+
+        /// <summary>
+        /// The variable-length Unicode string data, word-aligned.
+        /// </summary>
+        public string UnicodeString;
+
+        public static ResourceDirectoryString Deserialize(Stream stream)
+        {
+            var rds = new ResourceDirectoryString();
+
+            rds.Length = stream.ReadUInt16();
+            if (rds.Length + stream.Position > stream.Length)
+                return null;
+
+            rds.UnicodeString = new string(stream.ReadChars(rds.Length, Encoding.Unicode));
+
+            return rds;
+        }
+
+        public static ResourceDirectoryString Deserialize(byte[] content, ref int offset)
+        {
+            var rds = new ResourceDirectoryString();
+
+            rds.Length = content.ReadUInt16(ref offset);
+            if (rds.Length + offset > content.Length)
+                return null;
+
+            rds.UnicodeString = Encoding.Unicode.GetString(content, offset, rds.Length); offset += rds.Length;
+
+            return rds;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Entries/ResourceDirectoryTableEntry.cs

@@ -0,0 +1,140 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Entries
+{
+    /// <summary>
+    /// The directory entries make up the rows of a table.
+    /// Each resource directory entry has the following format.
+    /// Whether the entry is a Name or ID entry is indicated by the
+    /// resource directory table, which indicates how many Name and
+    /// ID entries follow it (remember that all the Name entries
+    /// precede all the ID entries for the table). All entries for
+    /// the table are sorted in ascending order: the Name entries
+    /// by case-sensitive string and the ID entries by numeric value.
+    /// Offsets are relative to the address in the IMAGE_DIRECTORY_ENTRY_RESOURCE DataDirectory.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#resource-directory-entries</remarks>
+    public class ResourceDirectoryTableEntry
+    {
+        /// <summary>
+        /// The offset of a string that gives the Type, Name, or Language ID entry, depending on level of table.
+        /// </summary>
+        public uint NameOffset => (uint)(IntegerId ^ (1 << 31));
+
+        /// <summary>
+        /// The string that gives the Type, Name, or Language ID entry, depending on level of table pointed to by NameOffset
+        /// </summary>
+        public ResourceDirectoryString Name;
+
+        /// <summary>
+        /// A 32-bit integer that identifies the Type, Name, or Language ID entry.
+        /// </summary>
+        public uint IntegerId;
+
+        /// <summary>
+        /// High bit 0. Address of a Resource Data entry (a leaf).
+        /// </summary>
+        public uint DataEntryOffset;
+
+        /// <summary>
+        /// High bit 1. The lower 31 bits are the address of another resource directory table (the next level down).
+        /// </summary>
+        public uint SubdirectoryOffset => (uint)(DataEntryOffset ^ (1 << 31));
+
+        /// <summary>
+        /// Resource Data entry (a leaf).
+        /// </summary>
+        public ResourceDataEntry DataEntry;
+
+        /// <summary>
+        /// Another resource directory table (the next level down).
+        /// </summary>
+        public ResourceDirectoryTable Subdirectory;
+
+        /// <summary>
+        /// Determine if an entry has a name or integer identifier
+        /// </summary>
+        public bool IsIntegerIDEntry() => (IntegerId & (1 << 31)) == 0;
+
+        /// <summary>
+        /// Determine if an entry represents a leaf or another directory table
+        /// </summary>
+        public bool IsResourceDataEntry() => (DataEntryOffset & (1 << 31)) == 0;
+
+        public static ResourceDirectoryTableEntry Deserialize(Stream stream, long sectionStart, SectionHeader[] sections)
+        {
+            var rdte = new ResourceDirectoryTableEntry();
+
+            rdte.IntegerId = stream.ReadUInt32();
+            if (!rdte.IsIntegerIDEntry())
+            {
+                int nameAddress = (int)(rdte.NameOffset + sectionStart);
+                if (nameAddress >= 0 && nameAddress < stream.Length)
+                {
+                    long lastPosition = stream.Position;
+                    stream.Seek(nameAddress, SeekOrigin.Begin);
+                    rdte.Name = ResourceDirectoryString.Deserialize(stream);
+                    stream.Seek(lastPosition, SeekOrigin.Begin);
+                }
+            }
+
+            rdte.DataEntryOffset = stream.ReadUInt32();
+            if (rdte.IsResourceDataEntry())
+            {
+                int dataEntryAddress = (int)(rdte.DataEntryOffset + sectionStart);
+                if (dataEntryAddress > 0 && dataEntryAddress < stream.Length)
+                {
+                    long lastPosition = stream.Position;
+                    stream.Seek(dataEntryAddress, SeekOrigin.Begin);
+                    rdte.DataEntry = ResourceDataEntry.Deserialize(stream, sections);
+                    stream.Seek(lastPosition, SeekOrigin.Begin);
+                }
+            }
+            else
+            {
+                int subdirectoryAddress = (int)(rdte.SubdirectoryOffset + sectionStart);
+                if (subdirectoryAddress > 0 && subdirectoryAddress < stream.Length)
+                {
+                    long lastPosition = stream.Position;
+                    stream.Seek(subdirectoryAddress, SeekOrigin.Begin);
+                    rdte.Subdirectory = ResourceDirectoryTable.Deserialize(stream, sectionStart, sections);
+                    stream.Seek(lastPosition, SeekOrigin.Begin);
+                }
+            }
+
+            return rdte;
+        }
+
+        public static ResourceDirectoryTableEntry Deserialize(byte[] content, ref int offset, long sectionStart, SectionHeader[] sections)
+        {
+            var rdte = new ResourceDirectoryTableEntry();
+
+            rdte.IntegerId = content.ReadUInt32(ref offset);
+            if (!rdte.IsIntegerIDEntry())
+            {
+                int nameAddress = (int)(rdte.NameOffset + sectionStart);
+                if (nameAddress >= 0 && nameAddress < content.Length)
+                    rdte.Name = ResourceDirectoryString.Deserialize(content, ref nameAddress);
+            }
+
+            rdte.DataEntryOffset = content.ReadUInt32(ref offset);
+            if (rdte.IsResourceDataEntry())
+            {
+                int dataEntryAddress = (int)(rdte.DataEntryOffset + sectionStart);
+                if (dataEntryAddress > 0 && dataEntryAddress < content.Length)
+                    rdte.DataEntry = ResourceDataEntry.Deserialize(content, ref dataEntryAddress, sections);
+            }
+            else
+            {
+                int subdirectoryAddress = (int)(rdte.SubdirectoryOffset + sectionStart);
+                if (subdirectoryAddress > 0 && subdirectoryAddress < content.Length)
+                    rdte.Subdirectory = ResourceDirectoryTable.Deserialize(content, ref subdirectoryAddress, sectionStart, sections);
+            }
+
+            return rdte;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Headers/CommonObjectFileFormatHeader.cs

@@ -0,0 +1,88 @@
+using System;
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Headers
+{
+    public class CommonObjectFileFormatHeader
+    {
+        /// <summary>
+        /// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file.
+        // This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
+        /// </summary>
+        public uint Signature;
+        
+        /// <summary>
+        /// The number that identifies the type of target machine.
+        /// </summary>
+        public MachineType Machine;
+        
+        /// <summary>
+        /// The number of sections.
+        /// This indicates the size of the section table, which immediately follows the headers.
+        /// </summary>
+        public ushort NumberOfSections;
+        
+        /// <summary>
+        /// The low 32 bits of the number of seconds since 00:00 January 1, 1970 (a C run-time time_t value), which indicates when the file was created.
+        /// </summary>
+        public uint TimeDateStamp;
+        
+        /// <summary>
+        /// The file offset of the COFF symbol table, or zero if no COFF symbol table is present.
+        /// This value should be zero for an image because COFF debugging information is deprecated.
+        /// </summary>
+        [Obsolete]
+        public uint PointerToSymbolTable;
+        
+        /// <summary>
+        /// The number of entries in the symbol table. This data can be used to locate the string table, which immediately follows the symbol table.
+        /// This value should be zero for an image because COFF debugging information is deprecated.
+        /// </summary>
+        [Obsolete]
+        public uint NumberOfSymbols;
+        
+        /// <summary>
+        /// The size of the optional header, which is required for executable files but not for object files.
+        // This value should be zero for an object file.
+        /// </summary>
+        public ushort SizeOfOptionalHeader;
+        
+        /// <summary>
+        /// The flags that indicate the attributes of the file.
+        /// </summary>
+        public ImageObjectCharacteristics Characteristics;
+
+        public static CommonObjectFileFormatHeader Deserialize(Stream stream)
+        {
+            var ifh = new CommonObjectFileFormatHeader();
+
+            ifh.Signature = stream.ReadUInt32();
+            ifh.Machine = (MachineType)stream.ReadUInt16();
+            ifh.NumberOfSections = stream.ReadUInt16();
+            ifh.TimeDateStamp = stream.ReadUInt32();
+            ifh.PointerToSymbolTable = stream.ReadUInt32();
+            ifh.NumberOfSymbols = stream.ReadUInt32();
+            ifh.SizeOfOptionalHeader = stream.ReadUInt16();
+            ifh.Characteristics = (ImageObjectCharacteristics)stream.ReadUInt16();
+
+            return ifh;
+        }
+
+        public static CommonObjectFileFormatHeader Deserialize(byte[] content, ref int offset)
+        {
+            var ifh = new CommonObjectFileFormatHeader();
+
+            ifh.Signature = content.ReadUInt32(ref offset);
+            ifh.Machine = (MachineType)content.ReadUInt16(ref offset);
+            ifh.NumberOfSections = content.ReadUInt16(ref offset);
+            ifh.TimeDateStamp = content.ReadUInt32(ref offset);
+            ifh.PointerToSymbolTable = content.ReadUInt32(ref offset);
+            ifh.NumberOfSymbols = content.ReadUInt32(ref offset);
+            ifh.SizeOfOptionalHeader = content.ReadUInt16(ref offset);
+            ifh.Characteristics = (ImageObjectCharacteristics)content.ReadUInt16(ref offset);
+
+            return ifh;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Headers/DataDirectoryHeader.cs

@@ -0,0 +1,39 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Headers
+{
+    public class DataDirectoryHeader
+    {
+        /// <summary>
+        /// The first field, VirtualAddress, is actually the RVA of the table.
+        /// The RVA is the address of the table relative to the base address of the image when the table is loaded.
+        /// </summary>
+        public uint VirtualAddress;
+
+        /// <summary>
+        /// The second field gives the size in bytes.
+        /// </summary>
+        public uint Size;
+
+        public static DataDirectoryHeader Deserialize(Stream stream)
+        {
+            var ddh = new DataDirectoryHeader();
+
+            ddh.VirtualAddress = stream.ReadUInt32();
+            ddh.Size = stream.ReadUInt32();
+
+            return ddh;
+        }
+
+        public static DataDirectoryHeader Deserialize(byte[] content, ref int offset)
+        {
+            var ddh = new DataDirectoryHeader();
+
+            ddh.VirtualAddress = content.ReadUInt32(ref offset);
+            ddh.Size = content.ReadUInt32(ref offset);
+
+            return ddh;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Headers/OptionalHeader.cs

@@ -0,0 +1,369 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Headers
+{
+    /// <summary>
+    /// Every image file has an optional header that provides information to the loader.
+    /// This header is optional in the sense that some files (specifically, object files) do not have it.
+    /// For image files, this header is required. An object file can have an optional header, but generally
+    /// this header has no function in an object file except to increase its size.
+    /// 
+    /// Note that the size of the optional header is not fixed.
+    /// The SizeOfOptionalHeader field in the COFF header must be used to validate that a probe into the file
+    /// for a particular data directory does not go beyond SizeOfOptionalHeader.
+    /// 
+    /// The NumberOfRvaAndSizes field of the optional header should also be used to ensure that no probe for
+    /// a particular data directory entry goes beyond the optional header.
+    /// In addition, it is important to validate the optional header magic number for format compatibility.
+    /// </summary>
+    public class OptionalHeader
+    {
+        #region Standard Fields
+
+        /// <summary>
+        /// The unsigned integer that identifies the state of the image file.
+        /// The most common number is 0x10B, which identifies it as a normal executable file.
+        /// 0x107 identifies it as a ROM image, and 0x20B identifies it as a PE32+ executable.
+        /// </summary>
+        public OptionalHeaderType Magic;
+        
+        /// <summary>
+        /// The linker major version number.
+        /// </summary>
+        public byte MajorLinkerVersion;
+        
+        /// <summary>
+        /// The linker minor version number.
+        /// </summary>
+        public byte MinorLinkerVersion;
+        
+        /// <summary>
+        /// The size of the code (text) section, or the sum of all code sections if there are multiple sections.
+        /// </summary>
+        public uint SizeOfCode;
+        
+        /// <summary>
+        /// The size of the initialized data section, or the sum of all such sections if there are multiple data sections.
+        /// </summary>
+        public uint SizeOfInitializedData;
+        
+        /// <summary>
+        /// The size of the uninitialized data section (BSS), or the sum of all such sections if there are multiple BSS sections.
+        /// </summary>
+        public uint SizeOfUninitializedData;
+        
+        /// <summary>
+        /// The address of the entry point relative to the image base when the executable file is loaded into memory.
+        /// For program images, this is the starting address.
+        /// For device drivers, this is the address of the initialization function.
+        /// An entry point is optional for DLLs.
+        /// When no entry point is present, this field must be zero.
+        /// </summary>
+        public uint AddressOfEntryPoint;
+        
+        /// <summary>
+        /// The address that is relative to the image base of the beginning-of-code section when it is loaded into memory.
+        /// </summary>
+        public uint BaseOfCode;
+        
+        /// <summary>
+        /// The address that is relative to the image base of the beginning-of-data section when it is loaded into memory.
+        /// </summary>
+        public uint BaseOfData;
+
+        #endregion
+
+        #region Windows-Specific Fields
+
+        /// <summary>
+        /// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K.
+        /// The default for DLLs is 0x10000000.
+        /// The default for Windows CE EXEs is 0x00010000.
+        /// The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
+        /// </summary>
+        public uint ImageBasePE32;
+        
+        /// <summary>
+        /// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K.
+        /// The default for DLLs is 0x10000000.
+        /// The default for Windows CE EXEs is 0x00010000.
+        /// The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
+        /// </summary>
+        public ulong ImageBasePE32Plus;
+        
+        /// <summary>
+        /// The alignment (in bytes) of sections when they are loaded into memory.
+        /// It must be greater than or equal to FileAlignment.
+        /// The default is the page size for the architecture.
+        /// </summary>
+        public uint SectionAlignment;
+        
+        /// <summary>
+        /// The alignment factor (in bytes) that is used to align the raw data of sections in the image file.
+        /// The value should be a power of 2 between 512 and 64 K, inclusive.
+        /// The default is 512.
+        /// If the SectionAlignment is less than the architecture's page size, then FileAlignment must match SectionAlignment.
+        /// </summary>
+        public uint FileAlignment;
+        
+        /// <summary>
+        /// The major version number of the required operating system.
+        /// </summary>
+        public ushort MajorOperatingSystemVersion;
+        
+        /// <summary>
+        /// The minor version number of the required operating system.
+        /// </summary>
+        public ushort MinorOperatingSystemVersion;
+        
+        /// <summary>
+        /// The major version number of the image.
+        /// </summary>
+        public ushort MajorImageVersion;
+        
+        /// <summary>
+        /// The minor version number of the image.
+        /// </summary>
+        public ushort MinorImageVersion;
+        
+        /// <summary>
+        /// The major version number of the subsystem.
+        /// </summary>
+        public ushort MajorSubsystemVersion;
+        
+        /// <summary>
+        /// The minor version number of the subsystem.
+        /// </summary>
+        public ushort MinorSubsystemVersion;
+        
+        /// <summary>
+        /// Reserved, must be zero.
+        /// </summary>
+        public uint Reserved1;
+        
+        /// <summary>
+        /// The size (in bytes) of the image, including all headers, as the image is loaded in memory.
+        /// It must be a multiple of SectionAlignment.
+        /// </summary>
+        public uint SizeOfImage;
+        
+        /// <summary>
+        /// The combined size of an MS-DOS stub, PE header, and section headers rounded up to a multiple of FileAlignment.
+        /// </summary>
+        public uint SizeOfHeaders;
+        
+        /// <summary>
+        /// The image file checksum.
+        /// The algorithm for computing the checksum is incorporated into IMAGHELP.DLL.
+        /// The following are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process.
+        /// </summary>
+        public uint CheckSum;
+        
+        /// <summary>
+        /// The subsystem that is required to run this image.
+        /// </summary>
+        public WindowsSubsystem Subsystem;
+        
+        /// <summary>
+        /// DLL Characteristics
+        /// </summary>
+        public DllCharacteristics DllCharacteristics;
+        
+        /// <summary>
+        /// The size of the stack to reserve.
+        /// Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached.
+        /// </summary>
+        public uint SizeOfStackReservePE32;
+
+        /// <summary>
+        /// The size of the stack to reserve.
+        /// Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached.
+        /// </summary>
+        public ulong SizeOfStackReservePE32Plus;
+        
+        /// <summary>
+        /// The size of the stack to commit.
+        /// </summary>
+        public uint SizeOfStackCommitPE32;
+
+        /// <summary>
+        /// The size of the stack to commit.
+        /// </summary>
+        public ulong SizeOfStackCommitPE32Plus;
+        
+        /// <summary>
+        /// The size of the local heap space to reserve.
+        /// Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached.
+        /// </summary>
+        public uint SizeOfHeapReservePE32;
+
+        /// <summary>
+        /// The size of the local heap space to reserve.
+        /// Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached.
+        /// </summary>
+        public ulong SizeOfHeapReservePE32Plus;
+        
+        /// <summary>
+        /// The size of the local heap space to commit.
+        /// </summary>
+        public uint SizeOfHeapCommitPE32;
+
+        /// <summary>
+        /// The size of the local heap space to commit.
+        /// </summary>
+        public ulong SizeOfHeapCommitPE32Plus;
+        
+        /// <summary>
+        /// Reserved, must be zero.
+        /// </summary>
+        public uint LoaderFlags;
+        
+        /// <summary>
+        /// The number of data-directory entries in the remainder of the optional header.
+        /// Each describes a location and size.
+        /// </summary>
+        public uint NumberOfRvaAndSizes;
+
+        /// <summary>
+        /// Data-directory entries following the optional header
+        /// </summary>
+        public DataDirectoryHeader[] DataDirectories;
+
+        #endregion
+
+        public static OptionalHeader Deserialize(Stream stream)
+        {
+            var ioh = new OptionalHeader();
+
+            ioh.Magic = (OptionalHeaderType)stream.ReadUInt16();
+            ioh.MajorLinkerVersion = stream.ReadByteValue();
+            ioh.MinorLinkerVersion = stream.ReadByteValue();
+            ioh.SizeOfCode = stream.ReadUInt32();
+            ioh.SizeOfInitializedData = stream.ReadUInt32();
+            ioh.SizeOfUninitializedData = stream.ReadUInt32();
+            ioh.AddressOfEntryPoint = stream.ReadUInt32();
+            ioh.BaseOfCode = stream.ReadUInt32();
+
+            // Only standard PE32 has this value
+            if (ioh.Magic == OptionalHeaderType.PE32)
+                ioh.BaseOfData = stream.ReadUInt32();
+
+            // PE32+ has an 8-byte value here
+            if (ioh.Magic == OptionalHeaderType.PE32Plus)
+                ioh.ImageBasePE32Plus = stream.ReadUInt64();
+            else
+                ioh.ImageBasePE32 = stream.ReadUInt32();
+
+            ioh.SectionAlignment = stream.ReadUInt32();
+            ioh.FileAlignment = stream.ReadUInt32();
+            ioh.MajorOperatingSystemVersion = stream.ReadUInt16();
+            ioh.MinorOperatingSystemVersion = stream.ReadUInt16();
+            ioh.MajorImageVersion = stream.ReadUInt16();
+            ioh.MinorImageVersion = stream.ReadUInt16();
+            ioh.MajorSubsystemVersion = stream.ReadUInt16();
+            ioh.MinorSubsystemVersion = stream.ReadUInt16();
+            ioh.Reserved1 = stream.ReadUInt32();
+            ioh.SizeOfImage = stream.ReadUInt32();
+            ioh.SizeOfHeaders = stream.ReadUInt32();
+            ioh.CheckSum = stream.ReadUInt32();
+            ioh.Subsystem = (WindowsSubsystem)stream.ReadUInt16();
+            ioh.DllCharacteristics = (DllCharacteristics)stream.ReadUInt16();
+
+            // PE32+ uses 8-byte values
+            if (ioh.Magic == OptionalHeaderType.PE32Plus)
+            {
+                ioh.SizeOfStackReservePE32Plus = stream.ReadUInt64();
+                ioh.SizeOfStackCommitPE32Plus = stream.ReadUInt64();
+                ioh.SizeOfHeapReservePE32Plus = stream.ReadUInt64();
+                ioh.SizeOfHeapCommitPE32Plus = stream.ReadUInt64();
+            }
+            else
+            {
+                ioh.SizeOfStackReservePE32 = stream.ReadUInt32();
+                ioh.SizeOfStackCommitPE32 = stream.ReadUInt32();
+                ioh.SizeOfHeapReservePE32 = stream.ReadUInt32();
+                ioh.SizeOfHeapCommitPE32 = stream.ReadUInt32();
+            }
+
+            ioh.LoaderFlags = stream.ReadUInt32();
+            ioh.NumberOfRvaAndSizes = stream.ReadUInt32();
+            ioh.DataDirectories = new DataDirectoryHeader[Constants.IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+            for (int i = 0; i < Constants.IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
+            {
+                ioh.DataDirectories[i] = DataDirectoryHeader.Deserialize(stream);
+            }
+
+            return ioh;
+        }
+
+        public static OptionalHeader Deserialize(byte[] content, ref int offset)
+        {
+            var ioh = new OptionalHeader();
+
+            ioh.Magic = (OptionalHeaderType)content.ReadUInt16(ref offset);
+            ioh.MajorLinkerVersion = content[offset]; offset++;
+            ioh.MinorLinkerVersion = content[offset]; offset++;
+            ioh.SizeOfCode = content.ReadUInt32(ref offset);
+            ioh.SizeOfInitializedData = content.ReadUInt32(ref offset);
+            ioh.SizeOfUninitializedData = content.ReadUInt32(ref offset);
+            ioh.AddressOfEntryPoint = content.ReadUInt32(ref offset);
+            ioh.BaseOfCode = content.ReadUInt32(ref offset);
+
+            // Only standard PE32 has this value
+            if (ioh.Magic == OptionalHeaderType.PE32)
+                ioh.BaseOfData = content.ReadUInt32(ref offset);
+
+            // PE32+ has an 8-bit value here
+            if (ioh.Magic == OptionalHeaderType.PE32Plus)
+            {
+                ioh.ImageBasePE32Plus = content.ReadUInt64(ref offset);
+            }
+            else
+            {
+                ioh.ImageBasePE32 = content.ReadUInt32(ref offset);
+            }
+            
+            ioh.SectionAlignment = content.ReadUInt32(ref offset);
+            ioh.FileAlignment = content.ReadUInt32(ref offset);
+            ioh.MajorOperatingSystemVersion = content.ReadUInt16(ref offset);
+            ioh.MinorOperatingSystemVersion = content.ReadUInt16(ref offset);
+            ioh.MajorImageVersion = content.ReadUInt16(ref offset);
+            ioh.MinorImageVersion = content.ReadUInt16(ref offset);
+            ioh.MajorSubsystemVersion = content.ReadUInt16(ref offset);
+            ioh.MinorSubsystemVersion = content.ReadUInt16(ref offset);
+            ioh.Reserved1 = content.ReadUInt32(ref offset);
+            ioh.SizeOfImage = content.ReadUInt32(ref offset);
+            ioh.SizeOfHeaders = content.ReadUInt32(ref offset);
+            ioh.CheckSum = content.ReadUInt32(ref offset);
+            ioh.Subsystem = (WindowsSubsystem)content.ReadUInt16(ref offset);
+            ioh.DllCharacteristics = (DllCharacteristics)content.ReadUInt16(ref offset);
+
+            // PE32+ uses 8-byte values
+            if (ioh.Magic == OptionalHeaderType.PE32Plus)
+            {
+                ioh.SizeOfStackReservePE32Plus = content.ReadUInt64(ref offset);
+                ioh.SizeOfStackCommitPE32Plus = content.ReadUInt64(ref offset);
+                ioh.SizeOfHeapReservePE32Plus = content.ReadUInt64(ref offset);
+                ioh.SizeOfHeapCommitPE32Plus = content.ReadUInt64(ref offset);
+            }
+            else
+            {
+                ioh.SizeOfStackReservePE32 = content.ReadUInt32(ref offset);
+                ioh.SizeOfStackCommitPE32 = content.ReadUInt32(ref offset);
+                ioh.SizeOfHeapReservePE32 = content.ReadUInt32(ref offset);
+                ioh.SizeOfHeapCommitPE32 = content.ReadUInt32(ref offset);
+            }
+
+            ioh.LoaderFlags = content.ReadUInt32(ref offset);
+            ioh.NumberOfRvaAndSizes = content.ReadUInt32(ref offset);
+            ioh.DataDirectories = new DataDirectoryHeader[Constants.IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+            for (int i = 0; i < Constants.IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
+            {
+                ioh.DataDirectories[i] = DataDirectoryHeader.Deserialize(content, ref offset);
+            }
+
+            return ioh;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Headers/SectionHeader.cs

@@ -0,0 +1,159 @@
+using System;
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Headers
+{
+    /// <summary>
+    /// Each row of the section table is, in effect, a section header.
+    /// This table immediately follows the optional header, if any.
+    /// This positioning is required because the file header does not contain a direct pointer to the section table.
+    /// Instead, the location of the section table is determined by calculating the location of the first byte after the headers.
+    /// Make sure to use the size of the optional header as specified in the file header.
+    /// </summary>
+    public class SectionHeader
+    {
+        /// <summary>
+        /// An 8-byte, null-padded UTF-8 encoded string.
+        /// If the string is exactly 8 characters long, there is no terminating null.
+        /// For longer names, this field contains a slash (/) that is followed by an ASCII representation of a decimal number
+        /// that is an offset into the string table.
+        /// Executable images do not use a string table and do not support section names longer than 8 characters.
+        /// Long names in object files are truncated if they are emitted to an executable file.
+        /// </summary>
+        public byte[] Name;
+
+        /// <summary>
+        /// Section name as a string, trimming any trailing null bytes
+        /// </summary>
+        public string NameString
+        {
+            get
+            {
+                if (this.Name == null || this.Name.Length == 0)
+                    return null;
+
+                // First try decoding as UTF-8
+                try
+                {
+                    return Encoding.UTF8.GetString(this.Name).TrimEnd('\0');
+                }
+                catch { }
+
+                // Then try decoding as ASCII
+                try
+                {
+                    return Encoding.ASCII.GetString(this.Name).TrimEnd('\0');
+                }
+                catch { }
+
+                // If it fails, return null
+                return null;
+            }
+        }
+        
+        /// <summary>
+        /// The total size of the section when loaded into memory.
+        /// If this value is greater than SizeOfRawData, the section is zero-padded.
+        /// This field is valid only for executable images and should be set to zero for object files.
+        /// </summary>
+        public uint VirtualSize;
+        
+        /// <summary>
+        /// For executable images, the address of the first byte of the section relative to the image base when the section
+        /// is loaded into memory.
+        /// For object files, this field is the address of the first byte before relocation is applied; for simplicity,
+        /// compilers should set this to zero.
+        /// Otherwise, it is an arbitrary value that is subtracted from offsets during relocation.
+        /// </summary>
+        public uint VirtualAddress;
+       
+        /// <summary>
+        /// The size of the section (for object files) or the size of the initialized data on disk (for image files).
+        /// For executable images, this must be a multiple of FileAlignment from the optional header.
+        /// If this is less than VirtualSize, the remainder of the section is zero-filled.
+        /// Because the SizeOfRawData field is rounded but the VirtualSize field is not, it is possible for SizeOfRawData
+        /// to be greater than VirtualSize as well.
+        /// When a section contains only uninitialized data, this field should be zero.
+        /// </summary>
+        public uint SizeOfRawData;
+        
+        /// <summary>
+        /// The file pointer to the first page of the section within the COFF file.
+        /// For executable images, this must be a multiple of FileAlignment from the optional header.
+        /// For object files, the value should be aligned on a 4-byte boundary for best performance.
+        /// When a section contains only uninitialized data, this field should be zero.
+        /// </summary>
+        public uint PointerToRawData;
+        
+        /// <summary>
+        /// The file pointer to the beginning of relocation entries for the section.
+        /// This is set to zero for executable images or if there are no relocations.
+        /// </summary>
+        public uint PointerToRelocations;
+        
+        /// <summary>
+        /// The file pointer to the beginning of line-number entries for the section.
+        /// This is set to zero if there are no COFF line numbers.
+        /// This value should be zero for an image because COFF debugging information is deprecated.
+        /// </summary>
+        [Obsolete]
+        public uint PointerToLinenumbers;
+        
+        /// <summary>
+        /// The number of relocation entries for the section.
+        /// This is set to zero for executable images.
+        /// </summary>
+        public ushort NumberOfRelocations;
+        
+        /// <summary>
+        /// The number of line-number entries for the section.
+        /// This value should be zero for an image because COFF debugging information is deprecated.
+        /// </summary>
+        [Obsolete]
+        public ushort NumberOfLinenumbers;
+        
+        /// <summary>
+        /// The flags that describe the characteristics of the section.
+        /// </summary>
+        public SectionCharacteristics Characteristics;
+
+        public static SectionHeader Deserialize(Stream stream)
+        {
+            var ish = new SectionHeader();
+
+            ish.Name = stream.ReadBytes(Constants.IMAGE_SIZEOF_SHORT_NAME);
+            ish.VirtualSize = stream.ReadUInt32();
+            ish.VirtualAddress = stream.ReadUInt32();
+            ish.SizeOfRawData = stream.ReadUInt32();
+            ish.PointerToRawData = stream.ReadUInt32();
+            ish.PointerToRelocations = stream.ReadUInt32();
+            ish.PointerToLinenumbers = stream.ReadUInt32();
+            ish.NumberOfRelocations = stream.ReadUInt16();
+            ish.NumberOfLinenumbers = stream.ReadUInt16();
+            ish.Characteristics = (SectionCharacteristics)stream.ReadUInt32();
+
+            return ish;
+        }
+
+        public static SectionHeader Deserialize(byte[] content, ref int offset)
+        {
+            var ish = new SectionHeader();
+
+            ish.Name = new byte[Constants.IMAGE_SIZEOF_SHORT_NAME];
+            Array.Copy(content, offset, ish.Name, 0, Constants.IMAGE_SIZEOF_SHORT_NAME); offset += Constants.IMAGE_SIZEOF_SHORT_NAME;
+            ish.VirtualSize = content.ReadUInt32(ref offset);
+            ish.VirtualAddress = content.ReadUInt32(ref offset);
+            ish.SizeOfRawData = content.ReadUInt32(ref offset);
+            ish.PointerToRawData = content.ReadUInt32(ref offset);
+            ish.PointerToRelocations = content.ReadUInt32(ref offset);
+            ish.PointerToLinenumbers = content.ReadUInt32(ref offset);
+            ish.NumberOfRelocations = content.ReadUInt16(ref offset);
+            ish.NumberOfLinenumbers = content.ReadUInt16(ref offset);
+            ish.Characteristics = (SectionCharacteristics)content.ReadUInt32(ref offset);
+
+            return ish;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/DebugSection.cs

@@ -0,0 +1,46 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// The .debug section is used in object files to contain compiler-generated debug information and in image files to contain
+    /// all of the debug information that is generated.
+    /// This section describes the packaging of debug information in object and image files.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-debug-section</remarks>
+    public class DebugSection
+    {
+        /// <summary>
+        /// Image files contain an optional debug directory that indicates what form of debug information is present and where it is.
+        /// This directory consists of an array of debug directory entries whose location and size are indicated in the image optional header.
+        /// </summary>
+        public DebugDirectory DebugDirectory;
+
+        public static DebugSection Deserialize(Stream stream)
+        {
+            long originalPosition = stream.Position;
+            var ds = new DebugSection();
+
+            ds.DebugDirectory = DebugDirectory.Deserialize(stream);
+            
+            // TODO: Read in raw debug data
+
+            stream.Seek(originalPosition, SeekOrigin.Begin);
+            return ds;
+        }
+
+        public static DebugSection Deserialize(byte[] content, ref int offset)
+        {
+            int originalPosition = offset;
+            var ds = new DebugSection();
+
+            ds.DebugDirectory = DebugDirectory.Deserialize(content, ref offset);
+
+            // TODO: Read in raw debug data
+
+            offset = originalPosition;
+            return ds;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/ExceptionHandlingSection.cs

@@ -0,0 +1,19 @@
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// The .pdata section contains an array of function table entries that are used for exception handling.
+    /// It is pointed to by the exception table entry in the image data directory.
+    /// The entries must be sorted according to the function addresses (the first field in each structure) before being emitted into the final image.
+    /// The target platform determines which of the three function table entry format variations described below is used.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only</remarks>
+    public class ExceptionHandlingSection
+    {
+        /// <summary>
+        /// Array of function table entries that are used for exception handling
+        /// </summary>
+        public FunctionTable FunctionTable;
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/ExportDataSection.cs

@@ -0,0 +1,95 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// The export data section, named .edata, contains information about symbols that other images can access through dynamic linking.
+    /// Exported symbols are generally found in DLLs, but DLLs can also import symbols.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only</remarks>
+    public class ExportDataSection
+    {
+        /// <summary>
+        /// A table with just one row (unlike the debug directory).
+        /// This table indicates the locations and sizes of the other export tables.
+        /// </summary>
+        public ExportDirectoryTable ExportDirectoryTable;
+
+        /// <summary>
+        /// An array of RVAs of exported symbols.
+        /// These are the actual addresses of the exported functions and data within the executable code and data sections.
+        /// Other image files can import a symbol by using an index to this table (an ordinal) or, optionally, by using the public name that corresponds to the ordinal if a public name is defined.
+        /// </summary>
+        public ExportAddressTableEntry[] ExportAddressTable;
+
+        /// <summary>
+        /// An array of pointers to the public export names, sorted in ascending order.
+        /// </summary>
+        public uint[] ExportNamePointerTable;
+
+        /// <summary>
+        /// An array of the ordinals that correspond to members of the name pointer table.
+        /// The correspondence is by position; therefore, the name pointer table and the ordinal table must have the same number of members.
+        /// Each ordinal is an index into the export address table.
+        /// </summary>
+        public ExportOrdinalTable OrdinalTable;
+
+        public static ExportDataSection Deserialize(Stream stream, SectionHeader[] sections)
+        {
+            long originalPosition = stream.Position;
+            var eds = new ExportDataSection();
+
+            eds.ExportDirectoryTable = ExportDirectoryTable.Deserialize(stream);
+
+            stream.Seek((int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.ExportAddressTableRVA, sections), SeekOrigin.Begin);
+            eds.ExportAddressTable = new ExportAddressTableEntry[(int)eds.ExportDirectoryTable.AddressTableEntries];
+            for (int i = 0; i < eds.ExportAddressTable.Length; i++)
+            {
+                eds.ExportAddressTable[i] = ExportAddressTableEntry.Deserialize(stream, sections);
+            }
+
+            stream.Seek((int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.NamePointerRVA, sections), SeekOrigin.Begin);
+            eds.ExportNamePointerTable = new uint[(int)eds.ExportDirectoryTable.NumberOfNamePointers];
+            for (int i = 0; i < eds.ExportNamePointerTable.Length; i++)
+            {
+                eds.ExportNamePointerTable[i] = stream.ReadUInt32();
+            }
+
+            stream.Seek((int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.OrdinalTableRVA, sections), SeekOrigin.Begin);
+            // eds.OrdinalTable = ExportOrdinalTable.Deserialize(stream, count: 0); // TODO: Figure out where this count comes from
+
+            return eds;
+        }
+
+        public static ExportDataSection Deserialize(byte[] content, ref int offset, SectionHeader[] sections)
+        {
+            int originalPosition = offset;
+            var eds = new ExportDataSection();
+
+            eds.ExportDirectoryTable = ExportDirectoryTable.Deserialize(content, ref offset);
+
+            offset = (int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.ExportAddressTableRVA, sections);
+            eds.ExportAddressTable = new ExportAddressTableEntry[(int)eds.ExportDirectoryTable.AddressTableEntries];
+            for (int i = 0; i < eds.ExportAddressTable.Length; i++)
+            {
+                eds.ExportAddressTable[i] = ExportAddressTableEntry.Deserialize(content, ref offset, sections);
+            }
+
+            offset = (int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.NamePointerRVA, sections);
+            eds.ExportNamePointerTable = new uint[(int)eds.ExportDirectoryTable.NumberOfNamePointers];
+            for (int i = 0; i < eds.ExportNamePointerTable.Length; i++)
+            {
+                eds.ExportNamePointerTable[i] = content.ReadUInt32(ref offset);
+            }
+
+            offset = (int)PortableExecutable.ConvertVirtualAddress(eds.ExportDirectoryTable.OrdinalTableRVA, sections);
+            // eds.OrdinalTable = ExportOrdinalTable.Deserialize(content, ref offset, count: 0); // TODO: Figure out where this count comes from
+
+            return eds;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/ImportDataSection.cs

@@ -0,0 +1,80 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// All image files that import symbols, including virtually all executable (EXE) files, have an .idata section.
+    /// A typical file layout for the import information follows:
+    ///     Directory Table
+    ///     Null Directory Entry
+    ///     DLL1 Import Lookup Table
+    ///     Null
+    ///     DLL2 Import Lookup Table
+    ///     Null
+    ///     DLL3 Import Lookup Table
+    ///     Null
+    ///     Hint-Name Table
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-idata-section</remarks>
+    public class ImportDataSection
+    {
+        /// <summary>
+        /// Import directory table
+        /// </summary>
+        public ImportDirectoryTable ImportDirectoryTable;
+
+        /// <summary>
+        /// Import lookup tables
+        /// </summary>
+        public ImportLookupTable[] ImportLookupTables;
+
+        /// <summary>
+        /// Hint/Name table
+        /// </summary>
+        public HintNameTable HintNameTable;
+
+        public static ImportDataSection Deserialize(Stream stream, bool pe32plus, int hintCount)
+        {
+            var ids = new ImportDataSection();
+
+            ids.ImportDirectoryTable = ImportDirectoryTable.Deserialize(stream);
+
+            List<ImportLookupTable> tempLookupTables = new List<ImportLookupTable>();
+            while (true)
+            {
+                var tempLookupTable = ImportLookupTable.Deserialize(stream, pe32plus);
+                if (tempLookupTable.EntriesPE32 == null && tempLookupTable.EntriesPE32Plus == null)
+                    break;
+                
+                tempLookupTables.Add(tempLookupTable);
+            }
+
+            ids.HintNameTable = HintNameTable.Deserialize(stream, hintCount);
+
+            return ids;
+        }
+
+        public static ImportDataSection Deserialize(byte[] content, ref int offset,  bool pe32plus, int hintCount)
+        {
+            var ids = new ImportDataSection();
+
+            ids.ImportDirectoryTable = ImportDirectoryTable.Deserialize(content, ref offset);
+
+            List<ImportLookupTable> tempLookupTables = new List<ImportLookupTable>();
+            while (true)
+            {
+                var tempLookupTable = ImportLookupTable.Deserialize(content, ref offset, pe32plus);
+                if (tempLookupTable.EntriesPE32 == null && tempLookupTable.EntriesPE32Plus == null)
+                    break;
+
+                tempLookupTables.Add(tempLookupTable);
+            }
+
+            ids.HintNameTable = HintNameTable.Deserialize(content, ref offset, hintCount);
+
+            return ids;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/RelocationSection.cs

@@ -0,0 +1,51 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// The base relocation table contains entries for all base relocations in the image.
+    /// The Base Relocation Table field in the optional header data directories gives the number of bytes in the base relocation table.
+    /// The base relocation table is divided into blocks.
+    /// Each block represents the base relocations for a 4K page.
+    /// Each block must start on a 32-bit boundary.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-reloc-section-image-only</remarks>
+    public class RelocationSection
+    {
+        /// <summary>
+        /// The base relocation table is divided into blocks.
+        /// </summary>
+        public BaseRelocationBlock[] BaseRelocationTable;
+
+        public static RelocationSection Deserialize(Stream stream, int blockCount)
+        {
+            long originalPosition = stream.Position;
+
+            var rs = new RelocationSection();
+            rs.BaseRelocationTable = new BaseRelocationBlock[blockCount];
+            for (int i = 0; i < blockCount; i++)
+            {
+                rs.BaseRelocationTable[i] = BaseRelocationBlock.Deserialize(stream);
+            }
+
+            stream.Seek(originalPosition, SeekOrigin.Begin);
+            return rs;
+        }
+
+        public static RelocationSection Deserialize(byte[] content, ref int offset, int blockCount)
+        {
+            int originalPosition = offset;
+
+            var rs = new RelocationSection();
+            rs.BaseRelocationTable = new BaseRelocationBlock[blockCount];
+            for (int i = 0; i < blockCount; i++)
+            {
+                rs.BaseRelocationTable[i] = BaseRelocationBlock.Deserialize(content, ref offset);
+            }
+
+            offset = originalPosition;
+            return rs;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Sections/ResourceSection.cs

@@ -0,0 +1,44 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Tables;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Sections
+{
+    /// <summary>
+    /// A series of resource directory tables relates all of the levels in the following way:
+    // Each directory table is followed by a series of directory entries that give the name or
+    // identifier (ID) for that level (Type, Name, or Language level) and an address of either
+    // a data description or another directory table. If the address points to a data description,
+    // then the data is a leaf in the tree. If the address points to another directory table,
+    // then that table lists directory entries at the next level down
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-rsrc-section</remarks>
+    public class ResourceSection
+    {
+        /// <summary>
+        /// A table with just one row (unlike the debug directory).
+        /// This table indicates the locations and sizes of the other export tables.
+        /// </summary>
+        public ResourceDirectoryTable ResourceDirectoryTable;
+
+        public static ResourceSection Deserialize(Stream stream, SectionHeader[] sections)
+        {
+            var rs = new ResourceSection();
+
+            long sectionStart = stream.Position;
+            rs.ResourceDirectoryTable = ResourceDirectoryTable.Deserialize(stream, sectionStart, sections);
+
+            return rs;
+        }
+
+        public static ResourceSection Deserialize(byte[] content, ref int offset, SectionHeader[] sections)
+        {
+            var rs = new ResourceSection();
+
+            long sectionStart = offset;
+            rs.ResourceDirectoryTable = ResourceDirectoryTable.Deserialize(content, ref offset, sectionStart, sections);
+
+            return rs;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/DebugDirectory.cs

@@ -0,0 +1,85 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// Image files contain an optional debug directory that indicates what form of debug information is present and where it is.
+    /// This directory consists of an array of debug directory entries whose location and size are indicated in the image optional header.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#debug-directory-image-only</remarks>
+    public class DebugDirectory
+    {
+        /// <summary>
+        /// Reserved, must be 0.
+        /// </summary>
+        public uint Characteristics;
+
+        /// <summary>
+        /// The time and date that the debug data was created.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The major version number of the debug data format.
+        /// </summary>
+        public ushort MajorVersion;
+
+        /// <summary>
+        /// The minor version number of the debug data format.
+        /// </summary>
+        public ushort MinorVersion;
+
+        /// <summary>
+        /// The format of debugging information. This field enables support of multiple debuggers.
+        /// </summary>
+        public DebugType DebugType;
+
+        /// <summary>
+        /// The size of the debug data (not including the debug directory itself).
+        /// </summary>
+        public uint SizeOfData;
+
+        /// <summary>
+        /// The address of the debug data when loaded, relative to the image base.
+        /// </summary>
+        public uint AddressOfRawData;
+
+        /// <summary>
+        /// The file pointer to the debug data.
+        /// </summary>
+        public uint PointerToRawData;
+
+        public static DebugDirectory Deserialize(Stream stream)
+        {
+            var dd = new DebugDirectory();
+
+            dd.Characteristics = stream.ReadUInt32();
+            dd.TimeDateStamp = stream.ReadUInt32();
+            dd.MajorVersion = stream.ReadUInt16();
+            dd.MinorVersion = stream.ReadUInt16();
+            dd.DebugType = (DebugType)stream.ReadUInt32();
+            dd.SizeOfData = stream.ReadUInt32();
+            dd.AddressOfRawData = stream.ReadUInt32();
+            dd.PointerToRawData = stream.ReadUInt32();
+
+            return dd;
+        }
+
+        public static DebugDirectory Deserialize(byte[] content, ref int offset)
+        {
+            var dd = new DebugDirectory();
+
+            dd.Characteristics = content.ReadUInt32(ref offset);
+            dd.TimeDateStamp = content.ReadUInt32(ref offset);
+            dd.MajorVersion = content.ReadUInt16(ref offset);
+            dd.MinorVersion = content.ReadUInt16(ref offset);
+            dd.DebugType = (DebugType)content.ReadUInt32(ref offset);
+            dd.SizeOfData = content.ReadUInt32(ref offset);
+            dd.AddressOfRawData = content.ReadUInt32(ref offset);
+            dd.PointerToRawData = content.ReadUInt32(ref offset);
+
+            return dd;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ExportDirectoryTable.cs

@@ -0,0 +1,111 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// The export symbol information begins with the export directory table, which describes the remainder of the export symbol information.
+    /// The export directory table contains address information that is used to resolve imports to the entry points within this image.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-directory-table</remarks>
+    public class ExportDirectoryTable
+    {
+        /// <summary>
+        /// Reserved, must be 0.
+        /// </summary>
+        public uint ExportFlags;
+
+        /// <summary>
+        /// The time and date that the export data was created.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The major version number. The major and minor version numbers can be set by the user.
+        /// </summary>
+        public ushort MajorVersion;
+
+        /// <summary>
+        /// The minor version number.
+        /// </summary>
+        public ushort MinorVersion;
+
+        /// <summary>
+        /// The address of the ASCII string that contains the name of the DLL.
+        /// This address is relative to the image base.
+        /// </summary>
+        public uint NameRVA; // TODO: Read this into a separate field
+
+        /// <summary>
+        /// The starting ordinal number for exports in this image.
+        /// This field specifies the starting ordinal number for the export address table.
+        /// It is usually set to 1.
+        /// </summary>
+        public uint OrdinalBase;
+
+        /// <summary>
+        /// The number of entries in the export address table.
+        /// </summary>
+        public uint AddressTableEntries;
+
+        /// <summary>
+        /// The number of entries in the name pointer table.
+        /// This is also the number of entries in the ordinal table.
+        /// </summary>
+        public uint NumberOfNamePointers;
+
+        /// <summary>
+        /// The address of the export address table, relative to the image base.
+        /// </summary>
+        public uint ExportAddressTableRVA;
+
+        /// <summary>
+        /// The address of the export name pointer table, relative to the image base.
+        /// The table size is given by the Number of Name Pointers field.
+        /// </summary>
+        public uint NamePointerRVA;
+
+        /// <summary>
+        /// The address of the ordinal table, relative to the image base.
+        /// </summary>
+        public uint OrdinalTableRVA;
+
+        public static ExportDirectoryTable Deserialize(Stream stream)
+        {
+            var edt = new ExportDirectoryTable();
+
+            edt.ExportFlags = stream.ReadUInt32();
+            edt.TimeDateStamp = stream.ReadUInt32();
+            edt.MajorVersion = stream.ReadUInt16();
+            edt.MinorVersion = stream.ReadUInt16();
+            edt.NameRVA = stream.ReadUInt32();
+            edt.OrdinalBase = stream.ReadUInt32();
+            edt.AddressTableEntries = stream.ReadUInt32();
+            edt.NumberOfNamePointers = stream.ReadUInt32();
+            edt.ExportAddressTableRVA = stream.ReadUInt32();
+            edt.NamePointerRVA = stream.ReadUInt32();
+            edt.OrdinalTableRVA = stream.ReadUInt32();
+
+            return edt;
+        }
+
+        public static ExportDirectoryTable Deserialize(byte[] content, ref int offset)
+        {
+            var edt = new ExportDirectoryTable();
+
+            edt.ExportFlags = content.ReadUInt32(ref offset);
+            edt.TimeDateStamp = content.ReadUInt32(ref offset);
+            edt.MajorVersion = content.ReadUInt16(ref offset);
+            edt.MinorVersion = content.ReadUInt16(ref offset);
+            edt.NameRVA = content.ReadUInt32(ref offset);
+            edt.OrdinalBase = content.ReadUInt32(ref offset);
+            edt.AddressTableEntries = content.ReadUInt32(ref offset);
+            edt.NumberOfNamePointers = content.ReadUInt32(ref offset);
+            edt.ExportAddressTableRVA = content.ReadUInt32(ref offset);
+            edt.NamePointerRVA = content.ReadUInt32(ref offset);
+            edt.OrdinalTableRVA = content.ReadUInt32(ref offset);
+
+            return edt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ExportOrdinalTable.cs

@@ -0,0 +1,44 @@
+using System;
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// The export ordinal table is an array of 16-bit unbiased indexes into the export address table.
+    /// Ordinals are biased by the Ordinal Base field of the export directory table.
+    /// In other words, the ordinal base must be subtracted from the ordinals to obtain true indexes into the export address table.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-ordinal-table</remarks>
+    public class ExportOrdinalTable
+    {
+        /// <remarks>Number of entries is defined externally</remarks>
+        public ushort[] Entries;
+
+        public static ExportOrdinalTable Deserialize(Stream stream, int count)
+        {
+            var edt = new ExportOrdinalTable();
+
+            edt.Entries = new ushort[count];
+            for (int i = 0; i < count; i++)
+            {
+                edt.Entries[i] = stream.ReadUInt16();
+            }
+
+            return edt;
+        }
+
+        public static ExportOrdinalTable Deserialize(byte[] content, ref int offset, int count)
+        {
+            var edt = new ExportOrdinalTable();
+
+            edt.Entries = new ushort[count];
+            for (int i = 0; i < count; i++)
+            {
+                edt.Entries[i] = content.ReadUInt16(ref offset);
+            }
+
+            return edt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/FunctionTable.cs

@@ -0,0 +1,17 @@
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// The .pdata section contains an array of function table entries that are used for exception handling.
+    /// It is pointed to by the exception table entry in the image data directory.
+    /// The entries must be sorted according to the function addresses (the first field in each structure) before being emitted into the final image.
+    /// The target platform determines which of the three function table entry format variations described below is used.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-pdata-section</remarks>
+    public class FunctionTable
+    {
+        /// <remarks>Number of entries is defined externally</remarks>
+        public FunctionTableEntry[] Entries;
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/HintNameTable.cs

@@ -0,0 +1,42 @@
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// One hint/name table suffices for the entire import section.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#hintname-table</remarks>
+    public class HintNameTable
+    {
+        /// <remarks>Number of entries is defined externally</remarks>
+        public HintNameTableEntry[] Entries;
+
+        public static HintNameTable Deserialize(Stream stream, int count)
+        {
+            var hnt = new HintNameTable();
+
+            hnt.Entries = new HintNameTableEntry[count];
+            for (int i = 0; i < count; i++)
+            {
+                hnt.Entries[i] = HintNameTableEntry.Deserialize(stream);
+            }
+
+            return hnt;
+        }
+
+        public static HintNameTable Deserialize(byte[] content, ref int offset, int count)
+        {
+            var hnt = new HintNameTable();
+
+            hnt.Entries = new HintNameTableEntry[count];
+            for (int i = 0; i < count; i++)
+            {
+                hnt.Entries[i] = HintNameTableEntry.Deserialize(content, ref offset);
+                offset += 2 + hnt.Entries[i].Name.Length + hnt.Entries[i].Pad;
+            }
+
+            return hnt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ImportAddressTable.cs

@@ -0,0 +1,53 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// The structure and content of the import address table are identical to those of the import lookup table, until the file is bound.
+    /// During binding, the entries in the import address table are overwritten with the 32-bit (for PE32) or 64-bit (for PE32+) addresses of the symbols that are being imported.
+    /// These addresses are the actual memory addresses of the symbols, although technically they are still called "virtual addresses."
+    /// The loader typically processes the binding.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-address-table</remarks>
+    public class ImportAddressTable
+    {
+        /// <remarks>Number of entries is known after parsing</remarks>
+        public ImportAddressTableEntry[] Entries;
+
+        public static ImportAddressTable Deserialize(Stream stream)
+        {
+            var iat = new ImportAddressTable();
+
+            List<ImportAddressTableEntry> tempEntries = new List<ImportAddressTableEntry>();
+            while (true)
+            {
+                var entry = ImportAddressTableEntry.Deserialize(stream);
+                tempEntries.Add(entry);
+                if (entry.IsNull())
+                    break;
+            }
+
+            iat.Entries = tempEntries.ToArray();
+            return iat;
+        }
+
+        public static ImportAddressTable Deserialize(byte[] content, ref int offset)
+        {
+            var iat = new ImportAddressTable();
+
+            List<ImportAddressTableEntry> tempEntries = new List<ImportAddressTableEntry>();
+            while (true)
+            {
+                var entry = ImportAddressTableEntry.Deserialize(content, ref offset);
+                tempEntries.Add(entry);
+                if (entry.IsNull())
+                    break;
+            }
+
+            iat.Entries = tempEntries.ToArray();
+            return iat;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ImportDirectoryTable.cs

@@ -0,0 +1,53 @@
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// The import information begins with the import directory table, which describes the remainder of the import information.
+    /// The import directory table contains address information that is used to resolve fixup references to the entry points within a DLL image.
+    /// The import directory table consists of an array of import directory entries, one entry for each DLL to which the image refers.
+    /// The last directory entry is empty (filled with null values), which indicates the end of the directory table.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-directory-table</remarks>
+    public class ImportDirectoryTable
+    {
+        /// <remarks>Number of entries is known after parsing</remarks>
+        public ImportDirectoryTableEntry[] Entries;
+
+        public static ImportDirectoryTable Deserialize(Stream stream)
+        {
+            var idt = new ImportDirectoryTable();
+
+            List<ImportDirectoryTableEntry> tempEntries = new List<ImportDirectoryTableEntry>();
+            while (true)
+            {
+                var entry = ImportDirectoryTableEntry.Deserialize(stream);
+                tempEntries.Add(entry);
+                if (entry.IsNull())
+                    break;
+            }
+
+            idt.Entries = tempEntries.ToArray();
+            return idt;
+        }
+
+        public static ImportDirectoryTable Deserialize(byte[] content, ref int offset)
+        {
+            var idt = new ImportDirectoryTable();
+
+            List<ImportDirectoryTableEntry> tempEntries = new List<ImportDirectoryTableEntry>();
+            while (true)
+            {
+                var entry = ImportDirectoryTableEntry.Deserialize(content, ref offset);
+                tempEntries.Add(entry);
+                if (entry.IsNull())
+                    break;
+            }
+
+            idt.Entries = tempEntries.ToArray();
+            return idt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ImportLookupTable.cs

@@ -0,0 +1,98 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// An import lookup table is an array of 32-bit numbers for PE32 or an array of 64-bit numbers for PE32+.
+    /// Each entry uses the bit-field format that is described in the following table.
+    /// In this format, bit 31 is the most significant bit for PE32 and bit 63 is the most significant bit for PE32+.
+    /// The collection of these entries describes all imports from a given DLL.
+    /// The last entry is set to zero (NULL) to indicate the end of the table.
+    /// </summary>
+    /// <remarks>https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#import-lookup-table</remarks>
+    public class ImportLookupTable
+    {
+        /// <remarks>Number of entries is known after parsing</remarks>
+        public uint[] EntriesPE32;
+
+        /// <remarks>Number of entries is known after parsing</remarks>
+        public ulong[] EntriesPE32Plus;
+
+        public static ImportLookupTable Deserialize(Stream stream, bool pe32plus)
+        {
+            var ilt = new ImportLookupTable();
+
+            // PE32+ has 8-byte values
+            if (pe32plus)
+            {
+                List<ulong> tempEntries = new List<ulong>();
+                while (true)
+                {
+                    ulong bitfield = stream.ReadUInt64();
+                    tempEntries.Add(bitfield);
+                    if (bitfield == 0)
+                        break;
+                }
+
+                if (tempEntries.Count > 0)
+                    ilt.EntriesPE32Plus = tempEntries.ToArray();
+            }
+            else
+            {
+                List<uint> tempEntries = new List<uint>();
+                while (true)
+                {
+                    uint bitfield = stream.ReadUInt32();
+                    tempEntries.Add(bitfield);
+                    if (bitfield == 0)
+                        break;
+                }
+
+                if (tempEntries.Count > 0)
+                    ilt.EntriesPE32 = tempEntries.ToArray();
+            }
+
+            return ilt;
+        }
+
+        public static ImportLookupTable Deserialize(byte[] content, ref int offset, bool pe32plus)
+        {
+            var ilt = new ImportLookupTable();
+
+            // PE32+ has 8-byte values
+            if (pe32plus)
+            {
+                List<ulong> tempEntries = new List<ulong>();
+                while (true)
+                {
+                    ulong bitfield = content.ReadUInt64(ref offset);
+                    tempEntries.Add(bitfield);
+                    if (bitfield == 0)
+                        break;
+                }
+
+                if (tempEntries.Count > 0)
+                    ilt.EntriesPE32Plus = tempEntries.ToArray();
+            }
+            else
+            {
+                List<uint> tempEntries = new List<uint>();
+                while (true)
+                {
+                    uint bitfield = content.ReadUInt32(ref offset);
+                    tempEntries.Add(bitfield);
+                    if (bitfield == 0)
+                        break;
+                }
+
+                if (tempEntries.Count > 0)
+                    ilt.EntriesPE32 = tempEntries.ToArray();
+            }
+
+            return ilt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/PE/Tables/ResourceDirectoryTable.cs

@@ -0,0 +1,118 @@
+using System;
+using System.IO;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Entries;
+using BurnOutSharp.ExecutableType.Microsoft.PE.Headers;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.PE.Tables
+{
+    /// <summary>
+    /// Each resource directory table has the following format.
+    /// This data structure should be considered the heading of a table
+    /// because the table actually consists of directory entries and this structure
+    /// </summary>
+    public class ResourceDirectoryTable
+    {
+        /// <summary>
+        /// Resource flags.
+        /// This field is reserved for future use.
+        /// It is currently set to zero.
+        /// </summary>
+        public uint Characteristics;
+
+        /// <summary>
+        /// The time that the resource data was created by the resource compiler.
+        /// </summary>
+        public uint TimeDateStamp;
+
+        /// <summary>
+        /// The major version number, set by the user.
+        /// </summary>
+        public ushort MajorVersion;
+        
+        /// <summary>
+        /// The minor version number, set by the user.
+        /// </summary>
+        public ushort MinorVersion;
+        
+        /// <summary>
+        /// The number of directory entries immediately following
+        /// the table that use strings to identify Type, Name, or
+        /// Language entries (depending on the level of the table).
+        /// </summary>
+        public ushort NumberOfNamedEntries;
+        
+        /// <summary>
+        /// The number of directory entries immediately following
+        /// the Name entries that use numeric IDs for Type, Name,
+        /// or Language entries.
+        /// </summary>
+        public ushort NumberOfIdEntries;
+
+        /// <summary>
+        /// The directory entries immediately following
+        /// the table that use strings to identify Type, Name, or
+        /// Language entries (depending on the level of the table).
+        /// </summary>
+        public ResourceDirectoryTableEntry[] NamedEntries;
+
+        /// <summary>
+        /// The directory entries immediately following
+        /// the Name entries that use numeric IDs for Type, Name,
+        /// or Language entries.
+        /// </summary>
+        public ResourceDirectoryTableEntry[] IdEntries;
+
+        public static ResourceDirectoryTable Deserialize(Stream stream, long sectionStart, SectionHeader[] sections)
+        {
+            var rdt = new ResourceDirectoryTable();
+
+            rdt.Characteristics = stream.ReadUInt32();
+            rdt.TimeDateStamp = stream.ReadUInt32();
+            rdt.MajorVersion = stream.ReadUInt16();
+            rdt.MinorVersion = stream.ReadUInt16();
+            rdt.NumberOfNamedEntries = stream.ReadUInt16();
+            rdt.NumberOfIdEntries = stream.ReadUInt16();
+
+            rdt.NamedEntries = new ResourceDirectoryTableEntry[rdt.NumberOfNamedEntries];
+            for (int i = 0; i < rdt.NumberOfNamedEntries; i++)
+            {
+                rdt.NamedEntries[i] = ResourceDirectoryTableEntry.Deserialize(stream, sectionStart, sections);
+            }
+
+            rdt.IdEntries = new ResourceDirectoryTableEntry[rdt.NumberOfIdEntries];
+            for (int i = 0; i < rdt.NumberOfIdEntries; i++)
+            {
+                rdt.IdEntries[i] = ResourceDirectoryTableEntry.Deserialize(stream, sectionStart, sections);
+            }
+
+            return rdt;
+        }
+
+        public static ResourceDirectoryTable Deserialize(byte[] content, ref int offset, long sectionStart, SectionHeader[] sections)
+        {
+            var rdt = new ResourceDirectoryTable();
+
+            rdt.Characteristics = content.ReadUInt32(ref offset);
+            rdt.TimeDateStamp = content.ReadUInt32(ref offset);
+            rdt.MajorVersion = content.ReadUInt16(ref offset);
+            rdt.MinorVersion = content.ReadUInt16(ref offset);
+            rdt.NumberOfNamedEntries = content.ReadUInt16(ref offset);
+            rdt.NumberOfIdEntries = content.ReadUInt16(ref offset);
+
+            rdt.NamedEntries = new ResourceDirectoryTableEntry[rdt.NumberOfNamedEntries];
+            for (int i = 0; i < rdt.NumberOfNamedEntries; i++)
+            {
+                rdt.NamedEntries[i] = ResourceDirectoryTableEntry.Deserialize(content, ref offset, sectionStart, sections);
+            }
+
+            rdt.IdEntries = new ResourceDirectoryTableEntry[rdt.NumberOfIdEntries];
+            for (int i = 0; i < rdt.NumberOfIdEntries; i++)
+            {
+                rdt.IdEntries[i] = ResourceDirectoryTableEntry.Deserialize(content, ref offset, sectionStart, sections);
+            }
+
+            return rdt;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/FixedFileInfo.cs

@@ -0,0 +1,147 @@
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class FixedFileInfo
+    {
+        /// <summary>
+        /// Contains the value 0xFEEF04BD.
+        /// This is used with the szKey member of the VS_VERSIONINFO structure when searching a file for the VS_FIXEDFILEINFO structure.
+        /// </summary>
+        public uint Signature;
+
+        /// <summary>
+        /// The binary version number of this structure.
+        /// The high-order word of this member contains the major version number, and the low-order word contains the minor version number.
+        /// </summary>
+        public uint StrucVersion;
+
+        /// <summary>
+        /// The most significant 32 bits of the file's binary version number.
+        /// This member is used with dwFileVersionLS to form a 64-bit value used for numeric comparisons.
+        /// </summary>
+        public uint FileVersionMS;
+
+        /// <summary>
+        /// The least significant 32 bits of the file's binary version number.
+        /// This member is used with dwFileVersionMS to form a 64-bit value used for numeric comparisons.
+        /// </summary>
+        public uint FileVersionLS;
+
+        /// <summary>
+        /// The most significant 32 bits of the binary version number of the product with which this file was distributed.
+        /// This member is used with dwProductVersionLS to form a 64-bit value used for numeric comparisons.
+        /// </summary>
+        public uint ProductVersionMS;
+
+        /// <summary>
+        /// The least significant 32 bits of the binary version number of the product with which this file was distributed.
+        /// This member is used with dwProductVersionMS to form a 64-bit value used for numeric comparisons.
+        /// </summary>
+        public uint ProductVersionLS;
+
+        /// <summary>
+        /// Contains a bitmask that specifies the valid bits in dwFileFlags.
+        /// A bit is valid only if it was defined when the file was created.
+        /// </summary>
+        public uint FileFlagsMask;
+
+        /// <summary>
+        /// Contains a bitmask that specifies the Boolean attributes of the file. This member can include one or more of the following values.
+        /// </summary>
+        public FileInfoFileFlags FileFlags;
+
+        /// <summary>
+        /// The operating system for which this file was designed. This member can be one of the following values.
+        /// 
+        /// An application can combine these values to indicate that the file was designed for one operating system running on another.
+        /// The following dwFileOS values are examples of this, but are not a complete list.
+        /// </summary>
+        public FileInfoOS FileOS;
+
+        /// <summary>
+        /// The general type of file. This member can be one of the following values. All other values are reserved.
+        /// </summary>
+        public FileInfoFileType FileType;
+
+        /// <summary>
+        /// The function of the file. The possible values depend on the value of dwFileType.
+        /// For all values of dwFileType not described in the following list, dwFileSubtype is zero.
+        /// 
+        /// If dwFileType is VFT_DRV, dwFileSubtype can be one of the following values.
+        /// 
+        /// If dwFileType is VFT_FONT, dwFileSubtype can be one of the following values.
+        /// 
+        /// If dwFileType is VFT_VXD, dwFileSubtype contains the virtual device identifier included in the virtual device control block.
+        /// All dwFileSubtype values not listed here are reserved.
+        /// </summary>
+        public FileInfoFileSubtype FileSubtype;
+
+        /// <summary>
+        /// The most significant 32 bits of the file's 64-bit binary creation date and time stamp.
+        /// </summary>
+        public uint FileDateMS;
+
+        /// <summary>
+        /// The least significant 32 bits of the file's 64-bit binary creation date and time stamp.
+        /// </summary>
+        public uint FileDateLS;
+
+        public static FixedFileInfo Deserialize(Stream stream)
+        {
+            FixedFileInfo ffi = new FixedFileInfo();
+
+            ushort temp;
+            while ((temp = stream.ReadUInt16()) == 0x0000);
+            stream.Seek(-2, SeekOrigin.Current);
+
+            ffi.Signature = stream.ReadUInt32();
+            ffi.StrucVersion = stream.ReadUInt32();
+            ffi.FileVersionMS = stream.ReadUInt32();
+            ffi.FileVersionLS = stream.ReadUInt32();
+            ffi.ProductVersionMS = stream.ReadUInt32();
+            ffi.ProductVersionLS = stream.ReadUInt32();
+            ffi.FileFlagsMask = stream.ReadUInt32();
+            ffi.FileFlags = (FileInfoFileFlags)stream.ReadUInt32();
+            ffi.FileOS = (FileInfoOS)stream.ReadUInt32();
+            ffi.FileType = (FileInfoFileType)stream.ReadUInt32();
+            ffi.FileSubtype = (FileInfoFileSubtype)stream.ReadUInt32();
+            ffi.FileDateMS = stream.ReadUInt32();
+            ffi.FileDateLS = stream.ReadUInt32();
+
+            return ffi;
+        }
+
+        public static FixedFileInfo Deserialize(byte[] content, ref int offset)
+        {
+            FixedFileInfo ffi = new FixedFileInfo();
+
+            ushort temp;
+            bool padded = false;
+            while ((temp = content.ReadUInt16(ref offset)) == 0x0000)
+            {
+                padded = true;
+            }
+
+            if (padded)
+                offset -= 2;
+
+            ffi.Signature = content.ReadUInt32(ref offset);
+            ffi.StrucVersion = content.ReadUInt32(ref offset);
+            ffi.FileVersionMS = content.ReadUInt32(ref offset);
+            ffi.FileVersionLS = content.ReadUInt32(ref offset);
+            ffi.ProductVersionMS = content.ReadUInt32(ref offset);
+            ffi.ProductVersionLS = content.ReadUInt32(ref offset);
+            ffi.FileFlagsMask = content.ReadUInt32(ref offset);
+            ffi.FileFlags = (FileInfoFileFlags)content.ReadUInt32(ref offset);
+            ffi.FileOS = (FileInfoOS)content.ReadUInt32(ref offset);
+            ffi.FileType = (FileInfoFileType)content.ReadUInt32(ref offset);
+            ffi.FileSubtype = (FileInfoFileSubtype)content.ReadUInt32(ref offset);
+            ffi.FileDateMS = content.ReadUInt32(ref offset);
+            ffi.FileDateLS = content.ReadUInt32(ref offset);
+
+            return ffi;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/LanguageCodePage.cs

@@ -0,0 +1,46 @@
+using System;
+using System.IO;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    /// <summary>
+    /// If you use the Var structure to list the languages your application or DLL supports instead of using multiple version resources,
+    /// use the Value member to contain an array of DWORD values indicating the language and code page combinations supported by this file.
+    /// The low-order word of each DWORD must contain a Microsoft language identifier, and the high-order word must contain the IBM code page number.
+    /// Either high-order or low-order word can be zero, indicating that the file is language or code page independent.
+    /// If the Var structure is omitted, the file will be interpreted as both language and code page independent.
+    /// </summary>
+    public class LanguageCodePage
+    {
+        /// <summary>
+        /// The low-order word of each DWORD must contain a Microsoft language identifier
+        /// </summary>
+        public ushort MicrosoftLanguageIdentifier;
+
+        /// <summary>
+        /// The high-order word must contain the IBM code page number
+        /// </summary>
+        public ushort IBMCodePageNumber;
+
+        public static LanguageCodePage Deserialize(Stream stream)
+        {
+            LanguageCodePage lcp = new LanguageCodePage();
+
+            lcp.MicrosoftLanguageIdentifier = stream.ReadUInt16();
+            lcp.IBMCodePageNumber = stream.ReadUInt16();
+
+            return lcp;
+        }
+
+        public static LanguageCodePage Deserialize(byte[] content, ref int offset)
+        {
+            LanguageCodePage lcp = new LanguageCodePage();
+
+            lcp.MicrosoftLanguageIdentifier = content.ReadUInt16(ref offset);
+            lcp.IBMCodePageNumber = content.ReadUInt16(ref offset);
+
+            return lcp;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/Resource.cs

@@ -0,0 +1,58 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class Resource
+    {
+        /// <summary>
+        /// The length, in bytes, of the resource structure.
+        /// This length does not include any padding that aligns any subsequent version resource data on a 32-bit boundary.
+        /// </summary>
+        public ushort Length;
+
+        /// <summary>
+        /// The length, in bytes, of the Value member.
+        /// This value is zero if there is no Value member associated with the current version structure.
+        /// </summary>
+        public ushort ValueLength;
+
+        /// <summary>
+        /// The type of data in the version resource.
+        /// This member is 1 if the version resource contains text data and 0 if the version resource contains binary data.
+        /// </summary>
+        public ushort Type;
+
+        /// <summary>
+        /// A Unicode string representing the key
+        /// </summary>
+        public string Key;
+
+        public static Resource Deserialize(Stream stream)
+        {
+            Resource r = new Resource();
+
+            while ((r.Length = stream.ReadUInt16()) == 0x0000);
+
+            r.ValueLength = stream.ReadUInt16();
+            r.Type = stream.ReadUInt16();
+            r.Key = stream.ReadString(Encoding.Unicode);
+
+            return r;
+        }
+
+        public static Resource Deserialize(byte[] content, ref int offset)
+        {
+            Resource r = new Resource();
+
+            while ((r.Length = content.ReadUInt16(ref offset)) == 0x0000);
+
+            r.ValueLength = content.ReadUInt16(ref offset);
+            r.Type = content.ReadUInt16(ref offset);
+            r.Key = content.ReadString(ref offset, Encoding.Unicode);
+
+            return r;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/StringFileInfo.cs

@@ -0,0 +1,45 @@
+using System.IO;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class StringFileInfo : Resource
+    {
+        /// <summary>
+        /// An array of one or more StringTable structures.
+        /// Each StringTable structure's szKey member indicates the appropriate language and code page for displaying the text in that StringTable structure.
+        /// </summary>
+        public StringTable Children;
+
+        public StringFileInfo(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key?.TrimStart('\u0001') ?? default;
+        }
+
+        public static new StringFileInfo Deserialize(Stream stream)
+        {
+            Resource resource = Resource.Deserialize(stream);
+            if (resource.Key != "StringFileInfo" && resource.Key != "\u0001StringFileInfo")
+                return null;
+
+            StringFileInfo sfi = new StringFileInfo(resource);
+            sfi.Children = StringTable.Deserialize(stream);
+
+            return sfi;
+        }
+
+        public static new StringFileInfo Deserialize(byte[] content, ref int offset)
+        {
+            Resource resource = Resource.Deserialize(content, ref offset);
+            if (resource.Key != "StringFileInfo" && resource.Key != "\u0001StringFileInfo")
+                return null;
+
+            StringFileInfo sfi = new StringFileInfo(resource);
+            sfi.Children = StringTable.Deserialize(content, ref offset);
+
+            return sfi;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/StringStruct.cs

@@ -0,0 +1,42 @@
+using System.IO;
+using System.Text;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class StringStruct : Resource
+    {
+        /// <summary>
+        /// Typically contains a list of languages that the application or DLL supports.
+        /// </summary>
+        public string Value;
+
+        public StringStruct(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key ?? default;
+        }
+
+        public static new StringStruct Deserialize(Stream stream)
+        {
+            Resource resource = Resource.Deserialize(stream);
+            StringStruct s = new StringStruct(resource);
+            stream.Seek(stream.Position % 4 == 0 ? 0 : 4 - (stream.Position % 4), SeekOrigin.Current);
+            s.Value = new string(stream.ReadChars(s.ValueLength));
+
+            return s;
+        }
+
+        public static new StringStruct Deserialize(byte[] content, ref int offset)
+        {
+            Resource resource = Resource.Deserialize(content, ref offset);
+            StringStruct s = new StringStruct(resource);
+            offset += offset % 4 == 0 ? 0 : 4 - (offset % 4);
+            s.Value = Encoding.Unicode.GetString(content, offset, s.ValueLength * 2); offset += s.ValueLength * 2;
+            
+            return s;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/StringTable.cs

@@ -0,0 +1,61 @@
+using System.Collections.Generic;
+using System.IO;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class StringTable : Resource
+    {
+        /// <summary>
+        /// An array of one or more String structures.
+        /// </summary>
+        public StringStruct[] Children;
+
+        public StringTable(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key ?? default;
+        }
+
+        public static new StringTable Deserialize(Stream stream)
+        {
+            long originalPosition = stream.Position;
+            Resource resource = Resource.Deserialize(stream);
+            if (resource.Key.Length != 8)
+                return null;
+
+            StringTable st = new StringTable(resource);
+
+            var tempValue = new List<StringStruct>();
+            while (stream.Position - originalPosition < st.Length)
+            {
+                tempValue.Add(StringStruct.Deserialize(stream));
+            }
+
+            st.Children = tempValue.ToArray();
+
+            return st;
+        }
+
+        public static new StringTable Deserialize(byte[] content, ref int offset)
+        {
+            int originalPosition = offset;
+            Resource resource = Resource.Deserialize(content, ref offset);
+            if (resource.Key.Length != 8)
+                return null;
+
+            StringTable st = new StringTable(resource);
+        
+            var tempValue = new List<StringStruct>();
+            while (offset - originalPosition < st.Length)
+            {
+                tempValue.Add(StringStruct.Deserialize(content, ref offset));
+            }
+
+            st.Children = tempValue.ToArray();
+
+            return st;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/Var.cs

@@ -0,0 +1,67 @@
+using System.Collections.Generic;
+using System.IO;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class Var : Resource
+    {
+        /// <summary>
+        /// An array of one or more values that are language and code page identifier pairs.
+        /// 
+        /// If you use the Var structure to list the languages your application or DLL supports instead of using multiple version resources,
+        /// use the Value member to contain an array of DWORD values indicating the language and code page combinations supported by this file.
+        /// The low-order word of each DWORD must contain a Microsoft language identifier, and the high-order word must contain the IBM code page number.
+        /// Either high-order or low-order word can be zero, indicating that the file is language or code page independent.
+        /// If the Var structure is omitted, the file will be interpreted as both language and code page independent.
+        /// </summary>
+        public LanguageCodePage[] Value;
+
+        public Var(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key ?? default;
+        }
+
+        public static new Var Deserialize(Stream stream)
+        {
+            long originalPosition = stream.Position;
+            Resource resource = Resource.Deserialize(stream);
+            if (resource.Key != "Translation")
+                return null;
+
+            Var v = new Var(resource);
+
+            var tempValue = new List<LanguageCodePage>();
+            while (stream.Position - originalPosition < v.Length)
+            {
+                tempValue.Add(LanguageCodePage.Deserialize(stream));
+            }
+
+            v.Value = tempValue.ToArray();
+
+            return v;
+        }
+
+        public static new Var Deserialize(byte[] content, ref int offset)
+        {
+            int originalPosition = offset;
+            Resource resource = Resource.Deserialize(content, ref offset);
+            if (resource.Key != "Translation")
+                return null;
+
+            Var v = new Var(resource);
+
+            var tempValue = new List<LanguageCodePage>();
+            while (offset - originalPosition < v.Length)
+            {
+                tempValue.Add(LanguageCodePage.Deserialize(content, ref offset));
+            }
+
+            v.Value = tempValue.ToArray();
+
+            return v;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/VarFileInfo.cs

@@ -0,0 +1,44 @@
+using System.IO;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class VarFileInfo : Resource
+    {
+        /// <summary>
+        /// Typically contains a list of languages that the application or DLL supports.
+        /// </summary>
+        public Var Children;
+
+        public VarFileInfo(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key ?? default;
+        }
+
+        public static new VarFileInfo Deserialize(Stream stream)
+        {
+            Resource resource = Resource.Deserialize(stream);
+            if (resource.Key != "VarFileInfo")
+                return null;
+
+            VarFileInfo vfi = new VarFileInfo(resource);
+            vfi.Children = Var.Deserialize(stream);
+
+            return vfi;
+        }
+
+        public static new VarFileInfo Deserialize(byte[] content, ref int offset)
+        {
+            Resource resource = Resource.Deserialize(content, ref offset);
+            if (resource.Key != "VarFileInfo")
+                return null;
+
+            VarFileInfo vfi = new VarFileInfo(resource);
+            vfi.Children = Var.Deserialize(content, ref offset);
+
+            return vfi;
+        }
+    }
+}

BurnOutSharp/ExecutableType/Microsoft/Resources/VersionInfo.cs

@@ -0,0 +1,129 @@
+using System.IO;
+
+namespace BurnOutSharp.ExecutableType.Microsoft.Resources
+{
+    public class VersionInfo : Resource
+    {
+        /// <summary>
+        /// Arbitrary data associated with this VS_VERSIONINFO structure.
+        /// The wValueLength member specifies the length of this member;
+        /// if wValueLength is zero, this member does not exist.
+        /// </summary>
+        public FixedFileInfo Value;
+
+        /// <summary>
+        /// An array of zero or one StringFileInfo structures, and zero or one VarFileInfo structures
+        /// that are children of the current VS_VERSIONINFO structure.
+        /// </summary>
+        public StringFileInfo ChildrenStringFileInfo;
+
+        /// <summary>
+        /// An array of zero or one StringFileInfo structures, and zero or one VarFileInfo structures
+        /// that are children of the current VS_VERSIONINFO structure.
+        /// </summary>
+        public VarFileInfo ChildrenVarFileInfo;
+
+        public VersionInfo(Resource resource)
+        {
+            this.Length = resource?.Length ?? default;
+            this.ValueLength = resource?.ValueLength ?? default;
+            this.Type = resource?.Type ?? default;
+            this.Key = resource?.Key ?? default;
+        }
+
+        public static new VersionInfo Deserialize(Stream stream)
+        {
+            long originalPosition = stream.Position;
+            Resource resource = Resource.Deserialize(stream);
+            if (resource.Key != "VS_VERSION_INFO")
+                return null;
+
+            VersionInfo vi = new VersionInfo(resource);
+
+            if (vi.ValueLength > 0)
+                vi.Value = FixedFileInfo.Deserialize(stream);
+
+            if (stream.Position - originalPosition > vi.Length)
+                return vi;
+
+            long preChildOffset = stream.Position;
+            Resource firstChild = Resource.Deserialize(stream);
+            if (firstChild.Key == "StringFileInfo" || firstChild.Key == "\u0001StringFileInfo")
+            {
+                stream.Seek(preChildOffset, SeekOrigin.Begin);
+                vi.ChildrenStringFileInfo = StringFileInfo.Deserialize(stream);
+            }
+            else if (firstChild.Key == "VarFileInfo" || firstChild.Key == "\u0001VarFileInfo")
+            {
+                stream.Seek(preChildOffset, SeekOrigin.Begin);
+                vi.ChildrenVarFileInfo = VarFileInfo.Deserialize(stream);
+            }
+
+            if (stream.Position - originalPosition > vi.Length)
+                return vi;
+
+            preChildOffset = stream.Position;
+            Resource secondChild = Resource.Deserialize(stream);
+            if (secondChild.Key == "StringFileInfo" || secondChild.Key == "\u0001StringFileInfo")
+            {
+                stream.Seek(preChildOffset, SeekOrigin.Begin);
+                vi.ChildrenStringFileInfo = StringFileInfo.Deserialize(stream);
+            }
+            else if (secondChild.Key == "VarFileInfo" || secondChild.Key == "\u0001VarFileInfo")
+            {
+                stream.Seek(preChildOffset, SeekOrigin.Begin);
+                vi.ChildrenVarFileInfo = VarFileInfo.Deserialize(stream);
+            }
+
+            return vi;
+        }
+
+        public static new VersionInfo Deserialize(byte[] content, ref int offset)
+        {
+            int originalOffset = offset;
+            Resource resource = Resource.Deserialize(content, ref offset);
+            if (resource.Key != "VS_VERSION_INFO")
+                return null;
+            
+            VersionInfo vi = new VersionInfo(resource);
+            
+            if (vi.ValueLength > 0)
+                vi.Value = FixedFileInfo.Deserialize(content, ref offset);
+
+            if (offset - originalOffset > vi.Length)
+                return vi;
+
+            int preChildOffset = offset;
+            Resource firstChild = Resource.Deserialize(content, ref offset);
+            if (firstChild.Key == "StringFileInfo" || firstChild.Key == "\u0001StringFileInfo")
+            {
+                offset = preChildOffset;
+                vi.ChildrenStringFileInfo = StringFileInfo.Deserialize(content, ref offset);
+            }
+            else if (firstChild.Key == "VarFileInfo" || firstChild.Key == "\u0001VarFileInfo")
+            {
+                offset = preChildOffset;
+                vi.ChildrenVarFileInfo = VarFileInfo.Deserialize(content, ref offset);
+            }
+
+            if (offset - originalOffset > vi.Length)
+                return vi;
+
+
+            preChildOffset = offset;
+            Resource secondChild = Resource.Deserialize(content, ref offset);
+            if (secondChild.Key == "StringFileInfo" || secondChild.Key == "\u0001StringFileInfo")
+            {
+                offset = preChildOffset;
+                vi.ChildrenStringFileInfo = StringFileInfo.Deserialize(content, ref offset);
+            }
+            else if (secondChild.Key == "VarFileInfo" || secondChild.Key == "\u0001VarFileInfo")
+            {
+                offset = preChildOffset;
+                vi.ChildrenVarFileInfo = VarFileInfo.Deserialize(content, ref offset);
+            }
+
+            return vi;
+        }
+    }
+}

BurnOutSharp/External/README.MD

@@ -0,0 +1,8 @@
+# External Library Notes
+
+This directory contains multiple external libraries. Here is the status of each:
+
+| Directory | Library | Status |
+| --------- | ------- | ------ |
+| psxt001z | [psxt001z](https://github.com/Dremora/psxt001z) | 90% ported to C#, device reading disabled |
+| stormlibsharp | [stormlibsharp](https://github.com/robpaveza/stormlibsharp) | External submodule |

BurnOutSharp/External/psxt001z/CRC16.cs

@@ -1,9 +1,9 @@
-namespace BurnOutSharp.External.psxt001z
+namespace psxt001z
 {
     public class CRC16
     {
         // Table of CRC constants - implements x^16+x^12+x^5+1
-        private static ushort[] crc16_tab = new ushort[]
+        private static ushort[] CRC16Table = new ushort[]
         {
             0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5, 0x60c6, 0x70e7,
             0x8108, 0x9129, 0xa14a, 0xb16b, 0xc18c, 0xd1ad, 0xe1ce, 0xf1ef,
@@ -44,7 +44,7 @@
             ushort cksum = 0;
             for (int i = 0; i < len; i++)
             {
-                cksum = (ushort)(crc16_tab[((cksum >> 8) ^ buf[bufPtr++]) & 0xFF] ^ (cksum << 8));
+                cksum = (ushort)(CRC16Table[((cksum >> 8) ^ buf[bufPtr++]) & 0xFF] ^ (cksum << 8));
             }
 
             return (ushort)(~cksum);

BurnOutSharp/External/psxt001z/CRC32.cs

@@ -0,0 +1,57 @@
+namespace psxt001z
+{
+    internal class CRC32
+    {
+        #region Constants
+
+        private const uint CRC_POLY = 0xEDB88320;
+
+        private const uint CRC_MASK = 0xD202EF8D;
+
+        #endregion
+
+        #region Properties
+
+        protected uint[] Table { get; private set; } = new uint[256];
+
+        public uint m_crc32 { get; set; }
+
+        #endregion
+
+        #region Constructor
+
+        public CRC32()
+        {
+            for (uint i = 0; i < 256; i++)
+            {
+                uint r, j;
+                for (r = i, j = 8; j != 0; j--)
+                {
+                    r = ((r & 1) != 0) ? (r >> 1) ^ CRC_POLY : r >> 1;
+                }
+
+                Table[i] = r;
+            }
+
+            m_crc32 = 0;
+        }
+
+        #endregion
+
+        #region Functions
+
+        public void ProcessCRC(byte[] pData, int pDataPtr, int nLen)
+        {
+            uint crc = m_crc32;
+            while (nLen-- != 0)
+            {
+                crc = Table[(byte)(crc ^ pData[pDataPtr++])] ^ crc >> 8;
+                crc ^= CRC_MASK;
+            }
+
+            m_crc32 = crc;
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/External/psxt001z/Common.cs

@@ -0,0 +1,19 @@
+namespace psxt001z
+{
+    public static class Common
+    {
+        public const int ZERO = 0;
+
+        public const string VERSION = "v0.21 beta 1";
+
+        /// <summary>
+        /// BCD to u_char
+        /// </summary>
+        public static byte btoi(byte b) => (byte)(((b) / 16 * 10 + (b) % 16));
+
+        /// <summary>
+        /// u_char to BCD
+        /// </summary>
+        public static byte itob(byte i) => (byte)(((i) / 10 * 16 + (i) % 10));
+    }
+}

BurnOutSharp/External/psxt001z/FileTools.cs

@@ -0,0 +1,178 @@
+using System;
+using System.IO;
+using System.Text;
+
+namespace psxt001z
+{
+    internal class FileTools
+    {
+        #region Properties
+
+        private Stream InputStream { get; set; }
+
+        private byte[] ExeName { get; set; } = new byte[20];
+
+        private byte[] DateValue { get; set; } = new byte[11];
+
+        #endregion
+
+        #region Constructor
+
+        public FileTools(Stream file)
+        {
+            InputStream = file;
+        }
+
+        #endregion
+
+        #region Functions
+
+        /// <summary>
+        /// Get file size
+        /// </summary>
+        public long size() => InputStream.Length;
+
+        /// <summary>
+        /// Get executable name
+        /// </summary>
+        public string exe()
+        {
+            InputStream.Seek(51744, SeekOrigin.Begin);
+
+            string filename = string.Empty;
+            while (filename != "SYSTEM.CNF")
+            {
+                byte[] buf = new byte[10];
+                InputStream.Read(buf, 0, 10);
+                filename = Encoding.ASCII.GetString(buf);
+                InputStream.Seek(-9, SeekOrigin.Current);
+            }
+
+            byte[] buffer = new byte[20];
+
+            InputStream.Seek(-32, SeekOrigin.Current);
+            InputStream.Read(buffer, 0, 4);
+            uint lba = BitConverter.ToUInt32(buffer, 0);
+
+            InputStream.Seek((2352 * lba) + 29, SeekOrigin.Begin);
+            InputStream.Read(buffer, 0, 6);
+
+            string iniLine = Encoding.ASCII.GetString(buffer);
+            while (iniLine != "cdrom:")
+            {
+                InputStream.Seek(-5, SeekOrigin.Current);
+                InputStream.Read(buffer, 0, 6);
+                iniLine = Encoding.ASCII.GetString(buffer);
+            }
+
+            InputStream.Read(buffer, 0, 1);
+            if (buffer[0] != '\\')
+                InputStream.Seek(-1, SeekOrigin.Current);
+
+            int i = -1;
+            do
+            {
+                InputStream.Read(buffer, ++i, 1);
+            } while (buffer[i] != ';');
+
+            for (long a = 0; a < i; a++)
+            {
+                ExeName[a] = (byte)char.ToUpper((char)buffer[a]);
+            }
+
+            return Encoding.ASCII.GetString(ExeName);
+        }
+
+        /// <summary>
+        /// Get human-readable date
+        /// </summary>
+        public string date()
+        {
+            byte[] buffer = new byte[12], datenofrmt = new byte[3];
+
+            InputStream.Seek(51744, SeekOrigin.Begin);
+
+            do
+            {
+                InputStream.Read(buffer, 0, 11);
+                buffer[11] = 0;
+                InputStream.Seek(-10, SeekOrigin.Current);
+            } while (Encoding.ASCII.GetString(ExeName) != Encoding.ASCII.GetString(buffer));
+
+            InputStream.Seek(-16, SeekOrigin.Current);
+            InputStream.Read(datenofrmt, 0, 3);
+
+            if (datenofrmt[0] < 50)
+            {
+                byte[] year = Encoding.ASCII.GetBytes($"{2000 + datenofrmt[0]}");
+                Array.Copy(year, 0, buffer, 0, 4);
+            }
+            else
+            {
+                byte[] year = Encoding.ASCII.GetBytes($"{1900 + datenofrmt[0]}");
+                Array.Copy(year, 0, buffer, 0, 4);
+            }
+
+            DateValue[4] = (byte)'-';
+            if (datenofrmt[1] < 10)
+            {
+                byte[] month = Encoding.ASCII.GetBytes($"0{datenofrmt[1]}");
+                Array.Copy(month, 0, buffer, 5, 2);
+            }
+            else
+            {
+                byte[] month = Encoding.ASCII.GetBytes($"{datenofrmt[1]}");
+                Array.Copy(month, 0, buffer, 5, 2);
+            }
+
+            DateValue[7] = (byte)'-';
+            if (datenofrmt[2] < 10)
+            {
+                byte[] day = Encoding.ASCII.GetBytes($"0{datenofrmt[2]}");
+                Array.Copy(day, 0, buffer, 8, 2);
+            }
+            else
+            {
+                byte[] day = Encoding.ASCII.GetBytes($"{datenofrmt[2]}");
+                Array.Copy(day, 0, buffer, 8, 2);
+            }
+
+            return Encoding.ASCII.GetString(DateValue);
+        }
+
+        /// <summary>
+        /// Resize the image
+        /// </summary>
+        public int resize(long newsize)
+        {
+            long oldsize = size();
+            if (oldsize < newsize)
+            {
+                InputStream.SetLength(newsize);
+                return 1;
+            }
+            else if (oldsize > newsize)
+            {
+                InputStream.SetLength(newsize);
+                return 2;
+            }
+            else
+            {
+                return 0;
+            }
+        }
+
+        /// <summary>
+        /// Get the reported sector count from the image
+        /// </summary>
+        public int imagesize()
+        {
+            InputStream.Seek(0x9368, SeekOrigin.Begin);
+            byte[] sizebuf = new byte[4];
+            InputStream.Read(sizebuf, 0, 4);
+            return BitConverter.ToInt32(sizebuf, 0);
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/External/psxt001z/Functions.cs

@@ -0,0 +1,108 @@
+using System;
+using System.IO;
+using System.Text;
+using static psxt001z.Common;
+
+namespace psxt001z
+{
+    internal static class Functions
+    {
+        public static int CalculateEDC(in byte[] src, int srcPtr, int size, int[] edc_lut)
+        {
+            int edc = 0;
+            while (size-- != 0)
+            {
+                edc = (edc >> 8) ^ edc_lut[(edc ^ src[srcPtr++]) & 0xFF];
+            }
+
+            return edc;
+        }
+
+        public static bool ZeroCompare(byte[] buffer, int bufferPtr, int bsize)
+        {
+            for (int i = 0; i < bsize; i++)
+            {
+                if (buffer[bufferPtr + i] != 0x00)
+                    return false;
+            }
+
+            return true;
+        }
+
+        public static void MSF(long lba, byte[] buffer, int bufferOffset)
+        {
+            lba += 150;
+
+            double mindbl = lba / 60 / 75;
+            byte min = (byte)Math.Floor(mindbl);
+            double secdbl = (lba - (min * 60 * 75)) / 75;
+            byte sec = (byte)Math.Floor(secdbl);
+            byte frame = (byte)(lba - (min * 60 * 75) - (sec * 75));
+
+            buffer[bufferOffset] = itob(min);
+            buffer[bufferOffset + 1] = itob(sec);
+            buffer[bufferOffset + 2] = itob(frame);
+
+            return;
+        }
+
+        public static bool GetEDCStatus(Stream file)
+        {
+            long currentposition = file.Position;
+
+            file.Seek(30572, SeekOrigin.Begin);
+
+            byte[] buffer = new byte[4];
+            file.Read(buffer, 0, 4);
+
+            file.Seek(currentposition, SeekOrigin.Begin);
+
+            return BitConverter.ToInt32(buffer, 0) == 0;
+        }
+
+        public static byte[] ExecutableName(Stream file)
+        {
+            byte[] buffer = new byte[20];
+            byte[] exename = new byte[20];
+
+            //Searching for SYSTEM.CNF
+            file.Seek(51744, SeekOrigin.Begin);
+            while (Encoding.ASCII.GetString(buffer) != "SYSTEM.CNF")
+            {
+                file.Read(buffer, 0, 10);
+                buffer[10] = 0;
+                file.Seek(-9, SeekOrigin.Current);
+            }
+
+            file.Seek(-32, SeekOrigin.Current);
+            byte[] lba = new byte[4];
+            file.Read(lba, 0, 4);
+            file.Seek((2352 * BitConverter.ToInt32(lba, 0)) + 29, SeekOrigin.Begin);
+            file.Read(buffer, 0, 6);
+            buffer[6] = 0;
+            while (Encoding.ASCII.GetString(buffer) != "cdrom:")
+            {
+                file.Seek(-5, SeekOrigin.Current);
+                file.Read(buffer, 0, 6);
+            }
+
+            file.Read(buffer, 0, 1);
+            if (buffer[0] != '\\')
+                file.Seek(-1, SeekOrigin.Current);
+
+            int i = -1;
+            do
+            {
+                file.Read(buffer, ++i, 1);
+            } while (buffer[i] != ';');
+
+            for (int a = 0; a < i; a++)
+            {
+                exename[a] = (byte)char.ToUpper((char)buffer[a]);
+            }
+
+            exename[i] = 0;
+            return exename;
+        }
+    }
+}

BurnOutSharp/External/psxt001z/Info.cs

@@ -0,0 +1,293 @@
+using System;
+using System.IO;
+using System.Linq;
+using static psxt001z.Functions;
+
+namespace psxt001z
+{
+    public class Info
+    {
+        #region Constants
+
+        private static readonly byte[] edc_form_2 = { 0x3F, 0x13, 0xB0, 0xBE };
+
+        private static readonly byte[] syncheader = { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+        private static readonly byte[] subheader = { 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00 };
+
+        #endregion
+
+        #region Functions
+
+        public static int GetInfo(string filename, bool fix)
+        {
+            // Variables
+            bool errors = false;
+            byte[] buffer = new byte[2352], buffer2 = new byte[2352];
+            int mode = 15; // synñheader[15];
+
+            #region Opening image
+
+            Stream image;
+            try
+            {
+                FileAccess open_mode = fix ? FileAccess.ReadWrite : FileAccess.Read;
+                image = File.Open(filename, FileMode.Open, open_mode);
+            }
+            catch (Exception ex)
+            {
+                Console.Error.WriteLine(ex);
+                return 1;
+            }
+
+            long size = image.Length;
+            Console.WriteLine($"File: {filename}");
+
+            #endregion
+
+            #region Type
+
+            image.Read(buffer, 0, 12);
+
+            int sectorsize;
+            if (buffer.Take(12).SequenceEqual(syncheader.Take(12)))
+            {
+                sectorsize = 2352;
+            }
+            else
+            {
+                sectorsize = 2048;
+            }
+            if (size % sectorsize != 0)
+            {
+                Console.WriteLine($"{filename}: not ModeX/{sectorsize} image!");
+                return 1;
+            }
+
+            long sectors = size / sectorsize;
+
+            #endregion
+
+            #region Mode
+
+            if (sectorsize == 2352)
+            {
+                image.Seek(0xF, SeekOrigin.Begin);
+                mode = image.ReadByte();
+                if (mode != 1 && mode != 2)
+                {
+                    Console.WriteLine($"{filename}: unknown mode!");
+                    return 1;
+                }
+            }
+            else
+            {
+                mode = -1;
+            }
+
+            #endregion
+
+            #region Size
+
+            image.Seek(sectorsize * 16 + ((mode == 2) ? 24 : ((mode == 1) ? 16 : 0)) + 0x50, SeekOrigin.Begin);
+
+            // ISO size
+            byte[] buf = new byte[4];
+            image.Read(buf, 0, 4);
+            int realsectors = BitConverter.ToInt32(buf, 0);
+
+            image.Seek(0, SeekOrigin.Begin);
+            int realsize = realsectors * sectorsize;
+            if (sectors == realsectors)
+            {
+                Console.WriteLine($"Size (bytes):   {size} (OK)");
+                Console.WriteLine($"Size (sectors): {sectors} (OK)");
+            }
+            else
+            {
+                Console.WriteLine($"Size (bytes):   {size}");
+                Console.WriteLine($"From image:     {realsize}");
+                Console.WriteLine($"Size (sectors): {sectors}");
+                Console.WriteLine($"From image:     {realsectors}");
+            }
+
+            #endregion
+
+            #region Mode
+
+            if (mode > 0)
+                Console.WriteLine($"Mode: {mode}");
+
+            if (mode == 2)
+            {
+                #region EDC in Form 2
+
+                bool imageedc = GetEDCStatus(image);
+                Console.WriteLine($"EDC in Form 2 sectors: {(imageedc ? "YES" : "NO")}");
+
+                #endregion
+
+                #region Sysarea
+
+                string systemArea = "System area: ";
+                image.Seek(0, SeekOrigin.Begin);
+
+                CRC32 crc = new CRC32();
+                for (int i = 0; i < 16; i++)
+                {
+                    image.Read(buffer, 0, 2352);
+                    crc.ProcessCRC(buffer, 0, 2352);
+                }
+
+                uint imagecrc = crc.m_crc32;
+                systemArea += GetEdcType(imagecrc);
+
+                Console.WriteLine(systemArea);
+
+                #endregion
+
+                #region Postgap
+
+                image.Seek((sectors - 150) * sectorsize + 16, SeekOrigin.Begin);
+                image.Read(buffer, 0, 2336);
+
+                string postgap = "Postgap type: Form ";
+                if ((buffer[2] >> 5 & 0x1) != 0)
+                {
+                    postgap += "2";
+                    if (buffer.Take(8).SequenceEqual(subheader))
+                        postgap += ", zero subheader";
+                    else
+                        postgap += ", non-zero subheader";
+
+                    if (ZeroCompare(buffer, 8, 2324))
+                        postgap += ", zero data";
+                    else
+                        postgap += ", non-zero data";
+
+                    if (ZeroCompare(buffer, 2332, 4))
+                        postgap += ", no EDC";
+                    else
+                        postgap += ", EDC";
+                }
+                else
+                {
+                    postgap += "1";
+                    if (ZeroCompare(buffer, 0, 8))
+                        postgap += ", zero subheader";
+                    else
+                        postgap += ", non-zero subheader";
+
+                    if (ZeroCompare(buffer, 8, 2328))
+                        postgap += ", zero data";
+                    else
+                        postgap += ", non-zero data";
+                }
+
+                Console.WriteLine(postgap);
+                Array.Copy(buffer, buffer2, 2336);
+
+                #endregion
+            }
+
+            if (mode < 0)
+                return 0;
+
+            for (long sector = sectors - 150; sector < sectors; sector++)
+            {
+                bool bad = false;
+                image.Seek(sector * sectorsize, SeekOrigin.Begin);
+                image.Read(buffer, 0, sectorsize);
+
+                // Sync
+                string sectorInfo = string.Empty;
+
+                MSF(sector, syncheader, 12);
+                if (!syncheader.SequenceEqual(buffer.Take(16)))
+                {
+                    sectorInfo += $"Sector {sector}: Sync/Header";
+                    bad = true;
+                    if (fix)
+                    {
+                        image.Seek(sector * sectorsize, SeekOrigin.Begin);
+                        image.Write(syncheader, 0, 16);
+                        sectorInfo += (" (fixed)");
+                    }
+                }
+
+                // Mode 2
+                if (mode == 2 && buffer.Skip(16).Take(2336).SequenceEqual(buffer2))
+                {
+                    if (bad)
+                    {
+                        sectorInfo += ", Subheader/Data/EDC/ECC";
+                    }
+                    else
+                    {
+                        sectorInfo = $"Sector {sector}: Subheader/Data/EDC/ECC";
+                        bad = true;
+                    }
+
+                    if (fix)
+                    {
+                        image.Seek(sector * sectorsize + 16, SeekOrigin.Begin);
+                        image.Write(buffer2, 0, 2336);
+                        sectorInfo += " (fixed)";
+                    }
+                }
+
+                Console.WriteLine(sectorInfo);
+
+                if (bad && (sector + 1 != sectors))
+                    errors = true;
+            }
+
+            if (errors)
+            {
+                Console.WriteLine("NOTICE: One or more errors were found not in the last sector.");
+                Console.WriteLine("Please mention this when submitting dump info.");
+            }
+            else
+            {
+                Console.WriteLine("Done.");
+            }
+
+            #endregion
+
+            return 0;
+        }
+
+        #endregion
+
+        #region Utilities
+
+        internal static string GetEdcType(uint imageCrc)
+        {
+            switch (imageCrc)
+            {
+                case 0x11e3052d:
+                    return "Eu EDC";
+                case 0x808c19f6:
+                    return "Eu NoEDC";
+                case 0x70ffa73e:
+                    return "Eu Alt NoEDC";
+                case 0x7f9a25b1:
+                    return "Eu Alt 2 EDC";
+                case 0x783aca30:
+                    return "Jap EDC";
+                case 0xe955d6eb:
+                    return "Jap NoEDC";
+                case 0x9b519a2e:
+                    return "US EDC";
+                case 0x0a3e86f5:
+                    return "US NoEDC";
+                case 0x6773d4db:
+                    return "US Alt NoEDC";
+                default:
+                    return $"Unknown, crc {imageCrc:8x}";
+            }
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/External/psxt001z/LibCrypt.cs

@@ -1,146 +1,825 @@
 using System;
 using System.IO;
+using System.Linq;
+using System.Text;
+using static psxt001z.Common;
 
-namespace BurnOutSharp.External.psxt001z
+namespace psxt001z
 {
-	/// <summary>
-	/// LibCrypt detection code
-	/// Originally written by Dremora: https://github.com/Dremora/psxt001z
-	/// Ported and changed by darksabre76
-	/// </summary>
-	public class LibCrypt
+    internal class ScsiPassThroughDirect
     {
+        public ushort Length { get; set; }
+
+        public byte ScsiStatus { get; set; }
+
+        public byte PathId { get; set; }
+
+        public byte TargetId { get; set; }
+
+        public byte Lun { get; set; }
+
+        public byte CDBLength { get; set; }
+
+        public byte SenseInfoLength { get; set; }
+
+        public byte DataIn { get; set; }
+
+        public uint DataTransferLength { get; set; }
+
+        public uint TimeOutValue { get; set; }
+
+        public byte[] DataBuffer { get; set; }
+
+        public uint SenseInfoOffset { get; set; }
+
+        public byte[] CDB { get; set; } = new byte[16];
+    }
+
+    public class LibCrypt
+    {
+        #region OLD
+
         public static bool CheckSubfile(string subFilePath)
         {
-			// Check the file exists first
-			if (!File.Exists(subFilePath))
-			{
-				Console.WriteLine($"{subFilePath} could not be found");
-				return false;
-			}
+            // Check the file exists first
+            if (!File.Exists(subFilePath))
+                return false;
 
-			// Check the extension is a subfile
-			string ext = Path.GetExtension(subFilePath).TrimStart('.').ToLowerInvariant();
-			if (ext != "sub")
-			{
-				Console.WriteLine($"{ext}: unknown file extension");
-				return false;
-			}
+            // Check the extension is a subfile
+            string ext = Path.GetExtension(subFilePath).TrimStart('.').ToLowerInvariant();
+            if (ext != "sub")
+                return false;
 
-			// Open and check the subfile for LibCrypt
-			try
-			{
-				using (FileStream subfile = File.OpenRead(subFilePath))
-				{
-					return CheckSubfile(subfile);
-				}
-			}
-			catch
-			{
-				Console.WriteLine($"Error processing {subFilePath}");
-				return false;
-			}
-		}
+            // Open and check the subfile for LibCrypt
+            try
+            {
+                using (FileStream subfile = File.OpenRead(subFilePath))
+                {
+                    return CheckSubfile(subfile);
+                }
+            }
+            catch
+            {
+                return false;
+            }
+        }
 
-		public static bool CheckSubfile(Stream subfile)
-		{
-			// Check the length is valid for subfiles
-			long size = subfile.Length;
-			if (size % 96 != 0)
-			{
-				Console.WriteLine($"Wrong size");
-				return false;
-			}
+        public static bool CheckSubfile(Stream subfile)
+        {
+            // Check the length is valid for subfiles
+            long size = subfile.Length;
+            if (size % 96 != 0)
+                return false;
 
-			// Persistent values
-			byte[] buffer = new byte[16];
-			byte[] sub = new byte[16];
-			int tpos = 0;
-			int modifiedSectors = 0;
+            // Persistent values
+            byte[] buffer = new byte[16];
+            byte[] sub = new byte[16];
+            int tpos = 0;
+            int modifiedSectors = 0;
 
-			// Check each sector for modifications
-			for (uint sector = 150; sector < ((size / 96) + 150); sector++)
-			{
-				subfile.Seek(12, SeekOrigin.Current);
-				if (subfile.Read(buffer, 0, 12) == 0)
-					return true;
+            // Check each sector for modifications
+            for (uint sector = 150; sector < ((size / 96) + 150); sector++)
+            {
+                subfile.Seek(12, SeekOrigin.Current);
+                if (subfile.Read(buffer, 0, 12) == 0)
+                    return modifiedSectors != 0;
 
-				subfile.Seek(72, SeekOrigin.Current);
+                subfile.Seek(72, SeekOrigin.Current);
 
-				// New track
-				if ((btoi(buffer[1]) == (btoi(sub[1]) + 1)) && (buffer[2] == 0 || buffer[2] == 1))
-				{
-					Array.Copy(buffer, sub, 6);
-					tpos = ((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
-				}
+                // New track
+                if ((btoi(buffer[1]) == (btoi(sub[1]) + 1)) && (buffer[2] == 0 || buffer[2] == 1))
+                {
+                    Array.Copy(buffer, sub, 6);
+                    tpos = ((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
+                }
 
-				// New index
-				else if (btoi(buffer[2]) == (btoi(sub[2]) + 1) && buffer[1] == sub[1])
-				{
-					Array.Copy(buffer, 2, sub, 2, 4);
-					tpos = ((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
-				}
+                // New index
+                else if (btoi(buffer[2]) == (btoi(sub[2]) + 1) && buffer[1] == sub[1])
+                {
+                    Array.Copy(buffer, 2, sub, 2, 4);
+                    tpos = ((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
+                }
 
-				// MSF1 [3-5]
-				else
-				{
-					if (sub[2] == 0)
-						tpos--;
-					else
-						tpos++;
+                // MSF1 [3-5]
+                else
+                {
+                    if (sub[2] == 0)
+                        tpos--;
+                    else
+                        tpos++;
 
-					sub[3] = itob((byte)(tpos / 60 / 75));
-					sub[4] = itob((byte)((tpos / 75) % 60));
-					sub[5] = itob((byte)(tpos % 75));
-				}
+                    sub[3] = itob((byte)(tpos / 60 / 75));
+                    sub[4] = itob((byte)((tpos / 75) % 60));
+                    sub[5] = itob((byte)(tpos % 75));
+                }
 
-				// MSF2 [7-9]
-				sub[7] = itob((byte)(sector / 60 / 75));
-				sub[8] = itob((byte)((sector / 75) % 60));
-				sub[9] = itob((byte)(sector % 75));
+                // MSF2 [7-9]
+                sub[7] = itob((byte)(sector / 60 / 75));
+                sub[8] = itob((byte)((sector / 75) % 60));
+                sub[9] = itob((byte)(sector % 75));
 
-				// CRC-16 [10-11]
-				ushort crc = CRC16.Calculate(sub, 0, 10);
-				byte[] crcBytes = BitConverter.GetBytes(crc);
-				sub[10] = crcBytes[0];
-				sub[11] = crcBytes[1];
+                // CRC-16 [10-11]
+                ushort crc = CRC16.Calculate(sub, 0, 10);
+                byte[] crcBytes = BitConverter.GetBytes(crc);
+                sub[10] = crcBytes[0];
+                sub[11] = crcBytes[1];
 
-				// TODO: This *was* a memcmp, but that's harder to do. Fix this for C# later
-				if (buffer[10] != sub[10] && buffer[11] != sub[11] && (buffer[3] != sub[3] || buffer[4] != sub[4] || buffer[5] != sub[5] || buffer[7] != sub[7] || buffer[8] != sub[8] || buffer[9] != sub[9]))
-				{
-					if (buffer[3] != sub[3] || buffer[4] != sub[4] || buffer[5] != sub[5] || buffer[7] != sub[7] || buffer[8] != sub[8] || buffer[9] != sub[9] || buffer[10] != sub[10] || buffer[11] != sub[11])
-					{
-						Console.Write($"MSF: {sub[7]:x}:{sub[8]:x}:{sub[9]:x} Q-Data: {buffer[0]:x}{buffer[1]:x}{buffer[2]:x} {buffer[3]:x}:{buffer[4]:x}:{buffer[5]:x} {buffer[6]:x} {buffer[7]:x}:{buffer[8]:x}:{buffer[9]:x} {buffer[10]:x}{buffer[11]:x}  xor {crc ^ ((buffer[10] << 8) + buffer[11]):x} % {CRC16.Calculate(buffer, 0, 10) ^ ((buffer[10] << 8) + buffer[11]):x}");
-						//Console.Write($"\nMSF: {sub[7]:x}:{sub[8]:x}:{sub[9]:x} Q-Data: {sub[0]:x}{sub[1]:x}{sub[2]:x} {sub[3]:x}:{sub[4]:x}:{sub[5]:x} {sub[6]:x} {sub[7]:x}:{sub[8]:x}:{sub[9]:x} {sub[10]:x}{sub[11]:x}");
-						if (buffer[3] != sub[3] && buffer[7] != sub[7] && buffer[4] == sub[4] && buffer[8] == sub[8] && buffer[5] == sub[5] && buffer[9] == sub[9])
-							Console.Write($" P1 xor {buffer[3] ^ sub[3]:x} {buffer[7] ^ sub[7]:x}");
-						else if (buffer[3] == sub[3] && buffer[7] == sub[7] && buffer[4] != sub[4] && buffer[8] != sub[8] && buffer[5] == sub[5] && buffer[9] == sub[9])
-							Console.Write($" P2 xor {buffer[4] ^ sub[4]:x} {buffer[8] ^ sub[8]:x}");
-						else if (buffer[3] == sub[3] && buffer[7] == sub[7] && buffer[4] == sub[4] && buffer[8] == sub[8] && buffer[5] != sub[5] && buffer[9] != sub[9])
-							Console.Write($" P3 xor {buffer[5] ^ sub[5]:x} {buffer[9] ^ sub[9]:x}");
-						else
-							Console.Write(" ?");
+                // If any byte (except position 6) is different, it's a modified sector
+                for (int i = 0; i < 12; i++)
+                {
+                    if (i == 6)
+                        continue;
 
-						Console.Write("\n");
-						modifiedSectors++;
-					}
-				}
-			}
+                    if (buffer[i] != sub[i])
+                    {
+                        modifiedSectors++;
+                        break;
+                    }
+                }
+            }
 
-			Console.WriteLine($"Number of modified sectors: {modifiedSectors}");
-			return true;
-		}
+            return modifiedSectors != 0;
+        }
 
-		private static byte btoi(byte b)
-		{
-			/* BCD to u_char */
-			return (byte)((b) / 16 * 10 + (b) % 16);
-		}
+        #endregion
 
-		private static byte itob(byte i)
-		{
-			/* u_char to BCD */
-			return (byte)((i) / 10 * 16 + (i) % 10);
-		}
-	}
+        #region Constants
+
+        private const uint IOCTL_SCSI_PASS_THROUGH_DIRECT = 0x4D014;
+        private const byte SCSI_IOCTL_DATA_IN = 0x1;
+        private const byte RAW_READ_CMD = 0xBE;
+        private const int BUFFER_LEN = 96;
+        private const int SENSE_SIZE = 0; //14
+        private const string F_NAME = "sectors.log";
+        private const int CYCLES = 5;
+        private const int LIBCRYPT_NUM_SECTORS = 64;
+        private const int READ_TIMES = 5;
+
+        private static readonly uint[] lc_addresses = new uint[LIBCRYPT_NUM_SECTORS]
+{
+            13955, 13960, 14081, 14086, 14335, 14340, 14429, 14434,
+            14499, 14504, 14749, 14754, 14906, 14911, 14980, 14985,
+            15092, 15097, 15162, 15167, 15228, 15233, 15478, 15483,
+            15769, 15774, 15881, 15886, 15951, 15956, 16017, 16022,
+            41895, 41900, 42016, 42021, 42282, 42287, 42430, 42435,
+            42521, 42526, 42663, 42668, 42862, 42867, 43027, 43032,
+            43139, 43144, 43204, 43209, 43258, 43263, 43484, 43489,
+            43813, 43818, 43904, 43909, 44009, 44014, 44162, 44167
+};
+
+        private static readonly byte[] lc1_sectors_contents = new byte[768]
+        {
+            0x41, 0x01, 0x01, 0x07, 0x06, 0x05, 0x00, 0x23, 0x08, 0x05, 0x38, 0x39,
+            0x41, 0x01, 0x01, 0x03, 0x06, 0x11, 0x00, 0x03, 0x08, 0x90, 0x5d, 0xa0,
+            0x41, 0x01, 0x01, 0x07, 0x07, 0x56, 0x00, 0x23, 0x09, 0x56, 0xdf, 0xde,
+            0x41, 0x01, 0x01, 0x03, 0x07, 0x60, 0x00, 0x03, 0x09, 0xe1, 0xf2, 0x50,
+            0x41, 0x01, 0x01, 0x03, 0x13, 0x10, 0x00, 0x03, 0x53, 0x10, 0x50, 0xec,
+            0x41, 0x01, 0x01, 0x43, 0x11, 0x15, 0x00, 0x01, 0x13, 0x15, 0x23, 0x1e,
+            0x41, 0x01, 0x01, 0x03, 0x12, 0x09, 0x00, 0x03, 0x14, 0x2d, 0x04, 0x73,
+            0x41, 0x01, 0x01, 0x03, 0x1a, 0x34, 0x00, 0x03, 0x04, 0x34, 0xe2, 0xcf,
+            0x41, 0x01, 0x01, 0x03, 0x13, 0x20, 0x00, 0x03, 0x15, 0x04, 0x82, 0x35,
+            0x41, 0x01, 0x01, 0x01, 0x13, 0x29, 0x00, 0x43, 0x15, 0x29, 0x72, 0xe2,
+            0x41, 0x01, 0x01, 0x03, 0x1e, 0x49, 0x00, 0x03, 0x08, 0x49, 0x32, 0xc5,
+            0x41, 0x01, 0x01, 0x01, 0x16, 0x54, 0x00, 0x43, 0x18, 0x54, 0xd4, 0x79,
+            0x41, 0x01, 0x01, 0x03, 0x18, 0x57, 0x00, 0x03, 0x20, 0xd6, 0xbc, 0x27,
+            0x41, 0x01, 0x01, 0x03, 0x38, 0x61, 0x00, 0x03, 0x24, 0x61, 0x91, 0xa9,
+            0x41, 0x01, 0x01, 0x0b, 0x19, 0x55, 0x00, 0x13, 0x21, 0x55, 0x14, 0x07,
+            0x41, 0x01, 0x01, 0x03, 0x19, 0x62, 0x00, 0x03, 0x21, 0x20, 0x5d, 0x48,
+            0x41, 0x01, 0x01, 0x03, 0x23, 0x17, 0x00, 0x03, 0x63, 0x17, 0x6d, 0xc6,
+            0x41, 0x01, 0x01, 0x43, 0x21, 0x22, 0x00, 0x01, 0x23, 0x22, 0x24, 0x89,
+            0x41, 0x01, 0x01, 0x03, 0x02, 0x12, 0x00, 0x03, 0x20, 0x12, 0x49, 0x43,
+            0x41, 0x01, 0x01, 0x03, 0x22, 0x07, 0x00, 0x03, 0x24, 0x1f, 0x3a, 0xb1,
+            0x41, 0x01, 0x01, 0x03, 0x23, 0x13, 0x00, 0x03, 0x25, 0x0b, 0x93, 0xc9,
+            0x41, 0x01, 0x01, 0x0b, 0x23, 0x08, 0x00, 0x13, 0x25, 0x08, 0xce, 0x5d,
+            0x41, 0x01, 0x01, 0x03, 0x06, 0x28, 0x00, 0x03, 0x2c, 0x28, 0xd7, 0xd6,
+            0x41, 0x01, 0x01, 0x0b, 0x26, 0x33, 0x00, 0x13, 0x28, 0x33, 0x9c, 0x29,
+            0x41, 0x01, 0x01, 0x03, 0x30, 0x59, 0x00, 0x03, 0x32, 0x1b, 0x2c, 0xc6,
+            0x41, 0x01, 0x01, 0x03, 0x20, 0x24, 0x00, 0x03, 0x3a, 0x24, 0xe6, 0xac,
+            0x41, 0x01, 0x01, 0x13, 0x31, 0x56, 0x00, 0x0b, 0x33, 0x56, 0x97, 0xed,
+            0x41, 0x01, 0x01, 0x03, 0x31, 0x65, 0x00, 0x03, 0x33, 0x41, 0xba, 0x63,
+            0x41, 0x01, 0x01, 0x01, 0x32, 0x51, 0x00, 0x43, 0x34, 0x51, 0xd7, 0xa9,
+            0x41, 0x01, 0x01, 0x03, 0x33, 0x56, 0x00, 0x03, 0xb4, 0x56, 0xc0, 0x9a,
+            0x41, 0x01, 0x01, 0x03, 0x32, 0x42, 0x00, 0x03, 0xb5, 0x42, 0x69, 0xe2,
+            0x41, 0x01, 0x01, 0x03, 0x33, 0x07, 0x00, 0x03, 0x35, 0x45, 0x1a, 0x10,
+            0x41, 0x01, 0x01, 0x09, 0x18, 0x65, 0x00, 0x09, 0x20, 0x41, 0x40, 0x72,
+            0x41, 0x01, 0x01, 0x19, 0x18, 0x50, 0x00, 0x01, 0x20, 0x50, 0x25, 0xeb,
+            0x41, 0x01, 0x01, 0x08, 0x20, 0x16, 0x00, 0x89, 0x22, 0x16, 0x95, 0xa8,
+            0x41, 0x01, 0x01, 0x09, 0x20, 0x01, 0x00, 0x09, 0x22, 0x25, 0xb8, 0x26,
+            0x41, 0x01, 0x01, 0x09, 0x23, 0x53, 0x00, 0x09, 0x25, 0x77, 0x21, 0x03,
+            0x41, 0x01, 0x01, 0x0b, 0x23, 0x62, 0x00, 0x49, 0x25, 0x62, 0x68, 0x4c,
+            0x41, 0x01, 0x01, 0x0d, 0x25, 0x55, 0x00, 0x29, 0x27, 0x55, 0xae, 0x41,
+            0x41, 0x01, 0x01, 0x09, 0x25, 0x61, 0x00, 0x09, 0x27, 0xe0, 0xe7, 0x0e,
+            0x41, 0x01, 0x01, 0x08, 0x26, 0x71, 0x00, 0x89, 0x28, 0x71, 0x95, 0xcb,
+            0x41, 0x01, 0x01, 0x09, 0x27, 0x21, 0x00, 0x09, 0x29, 0x05, 0x80, 0x4b,
+            0x41, 0x01, 0x01, 0x0b, 0x28, 0x63, 0x00, 0x49, 0x30, 0x63, 0xed, 0x18,
+            0x41, 0x01, 0x01, 0x09, 0x29, 0x68, 0x00, 0x09, 0xb0, 0x68, 0xb0, 0x8c,
+            0x41, 0x01, 0x01, 0x29, 0x31, 0x37, 0x00, 0x0d, 0x33, 0x37, 0x6c, 0x68,
+            0x41, 0x01, 0x01, 0x09, 0x31, 0x4a, 0x00, 0x09, 0x33, 0x52, 0x7c, 0x8b,
+            0x41, 0x01, 0x01, 0x09, 0x73, 0x52, 0x00, 0x09, 0x37, 0x52, 0x4b, 0x06,
+            0x41, 0x01, 0x01, 0x19, 0x33, 0x57, 0x00, 0x01, 0x35, 0x57, 0x38, 0xf4,
+            0x41, 0x01, 0x01, 0x09, 0x35, 0x04, 0x00, 0x09, 0x37, 0x1c, 0x54, 0x6a,
+            0x41, 0x01, 0x01, 0x09, 0x31, 0x19, 0x00, 0x09, 0x17, 0x19, 0xa4, 0xbd,
+            0x41, 0x01, 0x01, 0x01, 0x36, 0x04, 0x00, 0x19, 0x38, 0x04, 0x9c, 0xdf,
+            0x41, 0x01, 0x01, 0x09, 0x36, 0x0b, 0x00, 0x09, 0x38, 0x49, 0x6c, 0x08,
+            0x41, 0x01, 0x01, 0x49, 0x36, 0x58, 0x00, 0x0b, 0x38, 0x58, 0x99, 0xbf,
+            0x41, 0x01, 0x01, 0x09, 0x36, 0x73, 0x00, 0x09, 0x38, 0x6b, 0xfe, 0x96,
+            0x41, 0x01, 0x01, 0x0b, 0x39, 0x59, 0x00, 0x49, 0x41, 0x59, 0x54, 0x0d,
+            0x41, 0x01, 0x01, 0x09, 0x39, 0x24, 0x00, 0x09, 0x41, 0x66, 0x9e, 0x67,
+            0x41, 0x01, 0x01, 0x09, 0x44, 0x1b, 0x00, 0x09, 0x46, 0x03, 0x78, 0x0d,
+            0x41, 0x01, 0x01, 0x09, 0x46, 0x18, 0x00, 0x09, 0x06, 0x18, 0x25, 0x99,
+            0x41, 0x01, 0x01, 0x09, 0x45, 0x2b, 0x00, 0x09, 0x47, 0x69, 0xd3, 0xc5,
+            0x41, 0x01, 0x01, 0x09, 0x05, 0x34, 0x00, 0x09, 0x45, 0x34, 0x35, 0x79,
+            0x41, 0x01, 0x01, 0x09, 0x44, 0x59, 0x00, 0x09, 0x08, 0x59, 0x6e, 0x0a,
+            0x41, 0x01, 0x01, 0x49, 0x46, 0x64, 0x00, 0x0b, 0x48, 0x64, 0xa4, 0x60,
+            0x41, 0x01, 0x01, 0x09, 0x08, 0x62, 0x00, 0x09, 0x52, 0x62, 0x03, 0x5a,
+            0x41, 0x01, 0x01, 0x19, 0x48, 0x67, 0x00, 0x01, 0x50, 0x67, 0x70, 0xa8
+        };
+
+        #endregion
+
+        // TODO: Enable the following only if reading from a drive directly
+
+        /*
+        internal static byte LibCryptDrive(string[] args)
+        {
+            byte offset = 0;
+            string path = $"\\\\.\\{args[0][0]}:";
+            byte i;
+            byte[] sub = new byte[12], buffer = new byte[BUFFER_LEN], buffer2352 = new byte[23520], buffer2 = new byte[BUFFER_LEN], buffer3 = new byte[BUFFER_LEN], buffer4 = new byte[BUFFER_LEN];
+            byte[] status;
+            ushort crc;
+            uint sector, sector_start, sector_end, a, lcsectors = 0, todo = 9300, done = 0;
+
+            if (args.Length != 1 || (args.Length == 1 && (args[0][1] != 0 && (args[0][1] != ':' || args[0][2] != 0))))
+            {
+                Console.WriteLine("LibCrypt drive detector");
+                Console.WriteLine("nUsage: psxt001z.exe --libcryptdrv <drive letter>");
+                return 0;
+            }
+
+            Stream hDevice;
+            try
+            {
+                hDevice = File.Open(path, FileMode.Open, FileAccess.ReadWrite, FileShare.ReadWrite);
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine("Can't open device!");
+                return 0;
+            }
+
+            Stream f;
+            try
+            {
+                f = File.Open(F_NAME, FileMode.Open, FileAccess.Write);
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Can't open file {F_NAME}!");
+                return 0;
+            }
+
+            byte[] status1 = new byte[4650];
+            byte[] status2 = new byte[4650];
+
+            // Offset detection
+            Console.WriteLine("Determining offset...\r");
+            ScsiPassThroughDirect SRB = new ScsiPassThroughDirect();
+            ReadSub(buffer, 0, f, offset, hDevice, SRB);
+
+            switch (buffer[8])
+            {
+                case 0x01:
+                    offset = (byte)(75 - btoi(buffer[9]));
+                    break;
+                case 0x02:
+                    offset = (byte)(-btoi(buffer[9]));
+                    break;
+                default:
+                    Console.WriteLine("Can't determine offset!");
+                    Console.WriteLine(BitConverter.ToString(buffer).Replace('-', ' '));
+                    return 0;
+            }
+
+            sub[0] = buffer[0];
+            sub[1] = 0x01;
+            sub[2] = 0x01;
+            sub[6] = 0x00;
+
+            Console.WriteLine($"Subchannels offset correction: {offset}");
+
+            // Section 1) 02:58:00 - 03:69:74 -- status1
+            // Section 2) 08:58:00 - 09:69:74 -- status2
+
+            // Step 1
+
+            for (i = 0; i < CYCLES * 3; i++)
+            {
+
+                if (todo == 0)
+                    goto end;
+
+                if (i % 3 == 0)
+                {
+                    sector_start = 13350;
+                    sector_end = 18000;
+                    status = status1;
+                }
+                else if (i % 3 == 1)
+                {
+                    sector_start = 40350;
+                    sector_end = 45000;
+                    status = status2;
+                }
+                else
+                {
+                    Console.WriteLine($"Left: {todo:4} / Flushing cache...             \r");
+                    ClearCache(buffer2352, f, offset, hDevice, SRB);
+                    continue;
+                }
+
+                for (sector = sector_start; sector < sector_end; sector++)
+                {
+                    if (status[sector - sector_start] != 0)
+                        continue;
+
+                    ReadSub(buffer, sector, f, offset, hDevice, SRB);
+                    Console.WriteLine("Left: %4u / Sector %u...         \r", todo, sector);
+                    // generating q-channel
+                    sub[3] = itob((byte)(sector / 60 / 75));
+                    sub[4] = itob((byte)((sector / 75) % 60));
+                    sub[5] = itob((byte)(sector % 75));
+                    sub[7] = itob((byte)((sector + 150) / 60 / 75));
+                    sub[8] = itob((byte)(((sector + 150) / 75) % 60));
+                    sub[9] = itob((byte)((sector + 150) % 75));
+                    crc = CRC16.Calculate(sub, 0, 10);
+                    sub[10] = (byte)(crc >> 8);
+                    sub[11] = (byte)(crc & 0xFF);
+                    if (sub.SequenceEqual(buffer.Take(12)))
+                    {
+                        status[sector - sector_start] = 1;
+                        todo--;
+                        done++;
+                    }
+                }
+            }
+
+            // Step 2
+
+            for (i = 0; i < 2; i++)
+            {
+                if (i == 0)
+                {
+                    sector_start = 13350;
+                    sector_end = 18000;
+                    status = status1;
+                }
+                else
+                {
+                    sector_start = 40350;
+                    sector_end = 45000;
+                    status = status2;
+                }
+
+                for (sector = sector_start; sector < sector_end; sector++)
+                {
+                    if (status[sector - sector_start] != 0)
+                        continue;
+                    ReadSub(buffer, sector, f, offset, hDevice, SRB);
+                    Console.WriteLine($"Left: {todo:4} / Sector {sector}...         \r");
+
+                    // generating q-channel
+                    sub[3] = itob((byte)(sector / 60 / 75));
+                    sub[4] = itob((byte)((sector / 75) % 60));
+                    sub[5] = itob((byte)(sector % 75));
+                    sub[7] = itob((byte)((sector + 150) / 60 / 75));
+                    sub[8] = itob((byte)(((sector + 150) / 75) % 60));
+                    sub[9] = itob((byte)((sector + 150) % 75));
+                    crc = CRC16.Calculate(sub, 0, 10);
+                    sub[10] = (byte)(crc >> 8);
+                    sub[11] = (byte)(crc ^ 0xFF);
+                    if (sub.SequenceEqual(buffer.Take(12)))
+                    {
+                        Console.WriteLine($"Left: {todo:4} / Sector {sector}: flushing cache...        \r");
+                        do
+                        {
+                            ReadSub(buffer, sector, f, offset, hDevice, SRB);
+                            ClearCache(buffer2352, f, offset, hDevice, SRB);
+                            ReadSub(buffer2, sector, f, offset, hDevice, SRB);
+                            ClearCache(buffer2352, f, offset, hDevice, SRB);
+                            ReadSub(buffer3, sector, f, offset, hDevice, SRB);
+                            ClearCache(buffer2352, f, offset, hDevice, SRB);
+                        } while (!buffer.SequenceEqual(buffer2) || !buffer.SequenceEqual(buffer3));
+                        //} while (!matrix(buffer, buffer2, buffer3, buffer4, BUFFER_LEN));
+
+                        if (buffer.SequenceEqual(sub))
+                        {
+                            byte[] buf = Encoding.ASCII.GetBytes($"MSF: {sub[7]:2x}:{sub[8]:2x}:{sub[9]:2x} Q-Data: {BitConverter.ToString(buffer.Take(12).ToArray()).Replace('-', ' ')}");
+                            f.Write(buf, 0, buf.Length);
+                            lcsectors++;
+                            //fwrite(SRB.SRB_BufPointer, 1, SRB.SRB_BufLen - 4, f);
+                            f.Flush();
+                        }
+                    }
+
+                    todo--;
+                    done++;
+                }
+            }
+
+        end:
+
+            Console.WriteLine($"Done!                                                           \nProtected sectors: {(lcsectors == 0 ? "None" : lcsectors.ToString())}");
+
+            f.Close();
+            return 1;
+        }
+
+        internal static int LibCryptDriveFast(string[] args)
+        {
+            Stream f;
+            Stream hDevice;
+            ScsiPassThroughDirect SRB;
+            s8 offset = 0, path[] = "\\\\.\\X:";
+            u8 buffer[BUFFER_LEN], buffer2352[23520], sub[12], lc1sectors = 0, lc2sectors = 0, othersectors = 0;
+            u16 crc;
+
+            if (argc != 1 || (argc == 1 && (args[0][1] != 0 && (args[0][1] != ':' || args[0][2] != 0))))
+            {
+                Console.WriteLine("LibCrypt drive detector (fast)\nUsage: psxt001z.exe --libcryptdrvfast <drive letter>\n");
+                return 0;
+            }
+
+            path[4] = args[0][0];
+
+            if ((hDevice = CreateFile(path, GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0)) == INVALID_HANDLE_VALUE)
+            {
+                Console.WriteLine("Can't open device!\n");
+                return 0;
+            }
+
+            if (fopen_s(&f, F_NAME, "wb") != 0)
+            {
+                Console.WriteLine("Can\'t open file %s!\n", F_NAME);
+                return 0;
+            }
+
+            // Offset detection
+            ReadSub(buffer, 0, f, offset, hDevice, SRB);
+            //if (buffer[5] != buffer[9]) {
+            //	Console.WriteLine("Error determining offset!\nSector 0: %02x%02x%02x %02x:%02x:%02x %02x %02x:%02x:%02x %02x%02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], buffer[8], buffer[9], buffer[10], buffer[11]);
+            //}
+            switch (buffer[8])
+            {
+                case 0x01:
+                    offset = 75 - btoi(buffer[9]);
+                    break;
+                case 0x02:
+                    offset = -btoi(buffer[9]);
+                    break;
+                default:
+                    Console.WriteLine("Can't determine offset!\nSector 0: %02x%02x%02x %02x:%02x:%02x %02x %02x:%02x:%02x %02x%02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], buffer[8], buffer[9], buffer[10], buffer[11]);
+                    return 0;
+            }
+            Console.WriteLine("Subchannels offset correction: %d\n", offset);
+            sub[0] = buffer[0];
+            sub[1] = 0x01;
+            sub[2] = 0x01;
+            sub[6] = 0x00;
+
+            for (int i = 0; i < LIBCRYPT_NUM_SECTORS; i++)
+            {
+                Console.WriteLine("\nReading sector %u... ", lc_addresses[i]);
+                ReadSub(buffer, lc_addresses[i], f, offset, hDevice, SRB);
+                // generating q-channel
+                sub[3] = itob(lc_addresses[i] / 60 / 75);
+                sub[4] = itob((lc_addresses[i] / 75) % 60);
+                sub[5] = itob(lc_addresses[i] % 75);
+                sub[7] = itob((lc_addresses[i] + 150) / 60 / 75);
+                sub[8] = itob(((lc_addresses[i] + 150) / 75) % 60);
+                sub[9] = itob((lc_addresses[i] + 150) % 75);
+                crc = crc16(sub, 10);
+                sub[10] = HIbyte(crc);
+                sub[11] = LObyte(crc);
+                for (int a = 1; a <= READ_TIMES; a++)
+                {
+                    if (!memcmp(sub, buffer, 12))
+                    {
+                        Console.WriteLine("original sector");
+                        break;
+                    }
+                    else if (!memcmp(lc1_sectors_contents + (12 * i), buffer, 12))
+                    {
+                        Console.WriteLine("LibCrypt, LC1 sector");
+                        fConsole.WriteLine(f, "MSF: %02x:%02x:%02x Q-Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", sub[7], sub[8], sub[9], buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], buffer[8], buffer[9], buffer[10], buffer[11]);
+                        lc1sectors++;
+                        break;
+                    }
+                    else
+                    {
+                        if (a < READ_TIMES)
+                        {
+                            ClearCache(buffer2352, 0, offset, hDevice, SRB);
+                            continue;
+                        }
+                        else
+                        {
+                            Console.WriteLine("unknown");
+                            fConsole.WriteLine(f, "MSF: %02x:%02x:%02x Q-Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", sub[7], sub[8], sub[9], buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], buffer[8], buffer[9], buffer[10], buffer[11]);
+                            othersectors++;
+                        }
+                    }
+                }
+
+
+
+            }
+            Console.WriteLine("\n\nOriginal sectors: %u", LIBCRYPT_NUM_SECTORS - lc1sectors - lc2sectors - othersectors);
+            Console.WriteLine("\nLC1 sectors:      %u", lc1sectors);
+            Console.WriteLine("\nLC2 sectors:      %u", lc2sectors);
+            Console.WriteLine("\nOther sectors:    %u", othersectors);
+
+            fConsole.WriteLine(f, "\nOriginal sectors: %u", LIBCRYPT_NUM_SECTORS - lc1sectors - lc2sectors - othersectors);
+            fConsole.WriteLine(f, "\nLC1 sectors:      %u", lc1sectors);
+            fConsole.WriteLine(f, "\nLC2 sectors:      %u", lc2sectors);
+            fConsole.WriteLine(f, "\nOther sectors:    %u", othersectors);
+            fclose(f);
+            return 1;
+        }
+
+        internal static void ReadSub(byte[] buffer, uint sector, Stream f, byte offset, Stream hDevice, ScsiPassThroughDirect SRB)
+        {
+            uint returned;
+            ZeroMemory(&SRB, sizeof(ScsiPassThroughDirect));
+            SRB.Length = sizeof(ScsiPassThroughDirect);
+            SRB.CDBLength = 12;
+            SRB.DataIn = SCSI_IOCTL_DATA_IN;
+            SRB.DataTransferLength = BUFFER_LEN;
+            SRB.TimeOutValue = 30;
+            SRB.DataBuffer = buffer;
+            SRB.CDB[0] = RAW_READ_CMD;
+            SRB.CDB[2] = HIbyte(HIWORD(sector + offset));
+            SRB.CDB[3] = LObyte(HIWORD(sector + offset));
+            SRB.CDB[4] = HIbyte(LOWORD(sector + offset));
+            SRB.CDB[5] = LObyte(LOWORD(sector + offset));
+            SRB.CDB[8] = 1;
+            SRB.CDB[10] = 1;
+
+            if (!DeviceIoControl(hDevice, IOCTL_SCSI_PASS_THROUGH_DIRECT, &SRB, sizeof(ScsiPassThroughDirect), &SRB, SENSE_SIZE, &returned, 0))
+            {
+                Console.WriteLine("\nError reading subchannel data!\n");
+                if (f != 0)
+                    fConsole.WriteLine(f, "Error reading subchannel data!");
+
+                return 0;
+            }
+
+            Deinterleave(buffer);
+            return;
+        }
+
+        internal static void ClearCache(byte[] buffer, Stream f, byte offset, Stream hDevice, ScsiPassThroughDirect SRB)
+        {
+            static uint returned;
+            for (uint sector = 0; sector < 1000; sector += 10)
+            {
+                ZeroMemory(&SRB, sizeof(ScsiPassThroughDirect));
+                SRB.Length = sizeof(ScsiPassThroughDirect);
+                SRB.CDBLength = 12;
+                SRB.DataIn = SCSI_IOCTL_DATA_IN;
+                SRB.DataTransferLength = 23520;
+                SRB.TimeOutValue = 30;
+                SRB.DataBuffer = buffer;
+                SRB.CDB[0] = RAW_READ_CMD;
+                SRB.CDB[2] = HIbyte(HIWORD(sector + offset));
+                SRB.CDB[3] = LObyte(HIWORD(sector + offset));
+                SRB.CDB[4] = HIbyte(LOWORD(sector + offset));
+                SRB.CDB[5] = LObyte(LOWORD(sector + offset));
+                SRB.CDB[8] = 10;
+                SRB.CDB[9] = 0xF8;
+
+                DeviceIoControl(hDevice, IOCTL_SCSI_PASS_THROUGH_DIRECT, &SRB, sizeof(ScsiPassThroughDirect), &SRB, SENSE_SIZE, &returned, 0);
+
+                if (!DeviceIoControl(hDevice, IOCTL_SCSI_PASS_THROUGH_DIRECT, &SRB, sizeof(ScsiPassThroughDirect), &SRB, SENSE_SIZE, &returned, 0))
+                {
+                    Console.WriteLine("\nError clearing cache!\n");
+                    if (f != 0)
+                        fConsole.WriteLine(f, "Error clearing cache!");
+                    exit(0);
+                }
+            }
+            return;
+        }
+        */
+
+        internal static bool Matrix(byte[] buffer, byte[] buffer2, byte[] buffer3, byte[] buffer4, uint length)
+        {
+            for (int i = 0; i < length; i++)
+            {
+                if (buffer[i] == buffer2[i])
+                {
+                    if (buffer[i] == buffer3[i])
+                        continue;
+                    if (buffer[i] == buffer4[i])
+                        continue;
+                }
+                else if (buffer[i] == buffer3[i] && buffer[i] == buffer4[i])
+                {
+                    continue;
+                }
+                else if (buffer2[i] == buffer3[i] && buffer2[i] == buffer4[i])
+                {
+                    continue;
+                }
+
+                return false;
+            }
+
+            return true;
+        }
+
+        internal static void Deinterleave(byte[] buffer)
+        {
+            byte[] buffertmp = new byte[12];
+            for (int i = 0; i < 12; i++)
+            {
+                buffertmp[i] |= (byte)((buffer[i * 8] & 0x40) << 1);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 1] & 0x40));
+                buffertmp[i] |= (byte)((buffer[i * 8 + 2] & 0x40) >> 1);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 3] & 0x40) >> 2);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 4] & 0x40) >> 3);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 5] & 0x40) >> 4);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 6] & 0x40) >> 5);
+                buffertmp[i] |= (byte)((buffer[i * 8 + 7] & 0x40) >> 6);
+            }
+
+            Array.Copy(buffertmp, buffer, 12);
+            return;
+        }
+
+        internal static bool LibCryptDetect(string subPath, string sbiPath)
+        {
+            if (string.IsNullOrWhiteSpace(subPath) || !File.Exists(subPath))
+                return false;
+
+            // Variables
+            byte[] buffer = new byte[16], sub = new byte[16];//, pregap = 0;
+            uint sector, psectors = 0, tpos = 0;
+
+            // Opening .sub
+            Stream subfile = File.OpenRead(subPath);
+
+            // checking extension
+            if (Path.GetExtension(subPath).TrimStart('.').ToLowerInvariant() != "sub")
+            {
+                Console.WriteLine($"{subPath}: unknown file extension");
+                return false;
+            }
+
+            // filesize
+            long size = subfile.Length;
+            if (size % 96 != 0)
+            {
+                Console.WriteLine($"{subfile}: wrong size");
+                return false;
+            }
+
+            // sbi
+            Stream sbi = null;
+            if (sbiPath != null)
+            {
+                sbi = File.OpenWrite(sbiPath);
+                sbi.Write(Encoding.ASCII.GetBytes("SBI\0"), 0, 4);
+            }
+
+            for (sector = 150; sector < ((size / 96) + 150); sector++)
+            {
+                subfile.Seek(12, SeekOrigin.Current);
+                if (subfile.Read(buffer, 0, 12) != 12)
+                    return true;
+
+                subfile.Seek(72, SeekOrigin.Current);
+
+                // New track
+                if ((btoi(buffer[1]) == (btoi(sub[1]) + 1)) && (buffer[2] == 0 || buffer[2] == 1))
+                {
+                    Array.Copy(buffer, sub, 6);
+                    tpos = (uint)((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
+                }
+
+                // New index
+                else if (btoi(buffer[2]) == (btoi(sub[2]) + 1) && buffer[1] == sub[1])
+                {
+                    Array.Copy(buffer, 2, sub, 2, 4);
+                    tpos = (uint)((btoi((byte)(buffer[3] * 60)) + btoi(buffer[4])) * 75) + btoi(buffer[5]);
+                }
+
+                // MSF1 [3-5]
+                else
+                {
+                    if (sub[2] == 0)
+                        tpos--;
+                    else
+                        tpos++;
+
+                    sub[3] = itob((byte)(tpos / 60 / 75));
+                    sub[4] = itob((byte)((tpos / 75) % 60));
+                    sub[5] = itob((byte)(tpos % 75));
+                }
+
+                //MSF2 [7-9]
+                sub[7] = itob((byte)(sector / 60 / 75));
+                sub[8] = itob((byte)((sector / 75) % 60));
+                sub[9] = itob((byte)(sector % 75));
+
+                // CRC-16 [10-11]
+                ushort crc = CRC16.Calculate(sub, 0, 10);
+                sub[10] = (byte)(crc >> 8);
+                sub[11] = (byte)(crc & 0xFF);
+
+                //if (buffer[10] != sub[10] && buffer[11] != sub[11] && (buffer[3] != sub[3] || buffer[7] != sub[7] || buffer[4] != sub[4] || buffer[8] != sub[8] || buffer[5] != sub[5] || buffer[9] != sub[9])) {
+                //if (buffer[10] != sub[10] || buffer[11] != sub[11] || buffer[3] != sub[3] || buffer[7] != sub[7] || buffer[4] != sub[4] || buffer[8] != sub[8] || buffer[5] != sub[5] || buffer[9] != sub[9]) {
+                if (!buffer.Take(6).SequenceEqual(sub.Take(6)) || !buffer.Skip(7).Take(5).SequenceEqual(sub.Skip(7).Take(5)))
+                {
+                    Console.WriteLine($"MSF: {sub[7]:2x}:{sub[8]:2x}:{sub[9]:2x} Q-Data: {buffer[0]:2x}{buffer[1]:2x}{buffer[2]:2x} {buffer[3]:2x}:{buffer[4]:2x}:{buffer[5]:2x} {buffer[6]:2x} {buffer[7]:2x}:{buffer[8]:2x}:{buffer[9]:2x} {buffer[10]:2x}{buffer[11]:2x}  xor {crc ^ ((buffer[10] << 8) + buffer[11]):4x} {CRC16.Calculate(buffer, 0, 10) ^ ((buffer[10] << 8) + buffer[11]):4x}");
+                    //Console.WriteLine("\nMSF: %02x:%02x:%02x Q-Data: %02x%02x%02x %02x:%02x:%02x %02x %02x:%02x:%02x %02x%02x", sub[7], sub[8], sub[9], sub[0], sub[1], sub[2], sub[3], sub[4], sub[5], sub[6], sub[7], sub[8], sub[9], sub[10], sub[11]);
+                    
+                    if (buffer[3] != sub[3] && buffer[7] != sub[7] && buffer[4] == sub[4] && buffer[8] == sub[8] && buffer[5] == sub[5] && buffer[9] == sub[9])
+                        Console.WriteLine($" P1 xor {buffer[3] ^ sub[3]:2x} {buffer[7] ^ sub[7]:2x}");
+                    else if (buffer[3] == sub[3] && buffer[7] == sub[7] && buffer[4] != sub[4] && buffer[8] != sub[8] && buffer[5] == sub[5] && buffer[9] == sub[9])
+                        Console.WriteLine($" P2 xor {buffer[4] ^ sub[4]:2x} {buffer[8] ^ sub[8]:2x}");
+                    else if (buffer[3] == sub[3] && buffer[7] == sub[7] && buffer[4] == sub[4] && buffer[8] == sub[8] && buffer[5] != sub[5] && buffer[9] != sub[9])
+                        Console.WriteLine($" P3 xor {buffer[5] ^ sub[5]:2x} {buffer[9] ^ sub[9]:2x}");
+                    else
+                        Console.WriteLine(" ?");
+
+                    Console.WriteLine("\n");
+                    psectors++;
+                    if (sbi != null)
+                    {
+                        sbi.Write(sub, 7, 3);
+                        sbi.Write(new byte[] { 0x01 }, 0, 1);
+                        sbi.Write(buffer, 0, 10);
+                    }
+                }
+            }
+            // }
+
+            Console.WriteLine($"Number of modified sectors: {psectors}");
+            return true;
+        }
+
+        internal static int XorLibCrypt()
+        {
+            sbyte b;
+            byte d;
+            byte i, a, x;
+            byte[] sub = new byte[12]
+            {
+                0x41, 0x01, 0x01, 0x00,
+                0x00, 0x00, 0x00, 0x00,
+                0x00, 0x00, 0x00, 0x00
+            };
+
+            ushort crc;
+            for (i = 0; i < LIBCRYPT_NUM_SECTORS; i++)
+            {
+                sub[3] = itob((byte)(lc_addresses[i] / 60 / 75));
+                sub[4] = itob((byte)((lc_addresses[i] / 75) % 60));
+                sub[5] = itob((byte)(lc_addresses[i] % 75));
+                sub[7] = itob((byte)((lc_addresses[i] + 150) / 60 / 75));
+                sub[8] = itob((byte)(((lc_addresses[i] + 150) / 75) % 60));
+                sub[9] = itob((byte)((lc_addresses[i] + 150) % 75));
+                crc = CRC16.Calculate(sub, 0, 10);
+                sub[10] = (byte)(crc >> 8);
+                sub[11] = (byte)(crc & 0xFF);
+
+                Console.WriteLine($"%u %02x:%02x:%02x", lc_addresses[i], sub[7], sub[8], sub[9]);
+                Console.WriteLine($" %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x %02x%02x", sub[0], sub[1], sub[2], sub[3], sub[4], sub[5], sub[6], sub[7], sub[8], sub[9], sub[10], sub[11]);
+                Console.WriteLine($" %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x %02x%02x", lc1_sectors_contents[i * 12], lc1_sectors_contents[(i * 12) + 1], lc1_sectors_contents[(i * 12) + 2], lc1_sectors_contents[(i * 12) + 3], lc1_sectors_contents[(i * 12) + 4], lc1_sectors_contents[(i * 12) + 5], lc1_sectors_contents[(i * 12) + 6], lc1_sectors_contents[(i * 12) + 7], lc1_sectors_contents[(i * 12) + 8], lc1_sectors_contents[(i * 12) + 9], lc1_sectors_contents[(i * 12) + 10], lc1_sectors_contents[(i * 12) + 11]);
+
+                d = 0;
+
+                for (a = 3; a < 12; a++)
+                {
+                    x = (byte)(lc1_sectors_contents[(i * 12) + a] ^ sub[a]);
+                    Console.WriteLine($" %x%x%x%x%x%x%x%x", (x >> 7) & 0x1, (x >> 6) & 0x1, (x >> 5) & 0x1, (x >> 4) & 0x1, (x >> 3) & 0x1, (x >> 2) & 0x1, (x >> 1) & 0x1, x & 0x1);
+                    if (x == 0)
+                        continue;
+                    for (b = 7; b >= 0; b--)
+                    {
+                        if (((x >> b) & 0x1) != 0)
+                        {
+                            d = (byte)(d << 1);
+                            d |= (byte)((sub[a] >> b) & 0x1);
+                        }
+                    }
+                }
+
+                Console.WriteLine($" {(d >> 3) & 0x1:x}{(d >> 2) & 0x1:x}{(d >> 1) & 0x1:x}{d & 0x1}");
+            }
+
+            return 1;
+        }
+    }
 }

BurnOutSharp/External/psxt001z/Scramble.cs

@@ -0,0 +1,110 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Text;
+using static psxt001z.Common;
+
+namespace psxt001z
+{
+    public class Scramble
+    {
+        private static readonly byte[] sync = new byte[12] { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00 };
+
+        public int __main(string[] args)
+        {
+            if (args.Length < 2 || args.Length > 3)
+            {
+                Console.WriteLine("Syntax: px_p8 [-t] filename");
+                return 1;
+            }
+
+            int sectors;
+            if (args.Length == 2 && args[0] == "-t")
+            {
+                args[0] = args[1];
+                sectors = 2352;
+            }
+            else
+            {
+                sectors = 4704;
+            }
+
+            Stream sector_file;
+            try
+            {
+                sector_file = File.OpenRead(args[1]);
+            }
+            catch (Exception ex)
+            {
+                Console.Error.WriteLine(ex);
+                return 1;
+            }
+
+            byte[] sector = new byte[sectors];
+            if (args.Length == 2)
+            {
+                uint hex;
+                for (int i = 0; sector_file.Position < sector_file.Length && i < 3252; i++)
+                {
+                    byte[] buf = new byte[2];
+                    hex = uint.Parse(Encoding.ASCII.GetString(buf), NumberStyles.HexNumber);
+                    sector[i] = (byte)hex;
+                }
+            }
+            else
+            {
+                sector_file.Read(sector, 0, sectors);
+            }
+
+            int offset = MemSearch(sector, sync, sectors, 12);
+            if (offset == -1)
+            {
+                Console.WriteLine("Error searching for sync!");
+                return 1;
+            }
+
+            Console.WriteLine($"MSF: {sector[offset + 12]:2x}:{sector[offset + 12 + 1]:2x}:{sector[offset + 12 + 2]:2x}");
+
+            int shiftRegister = 0x1;
+            for (int i = 0; i < 3; i++)
+            {
+                sector[offset + 12 + i] ^= (byte)(shiftRegister & 0xFF);
+                for (int j = 0; j < 8; j++)
+                {
+                    int hibit = ((shiftRegister & 1) ^ ((shiftRegister & 2) >> 1)) << 15;
+                    shiftRegister = (hibit | shiftRegister) >> 1;
+                }
+            }
+
+            int start_sector = (btoi(sector[offset + 12]) * 60 + btoi(sector[offset + 13])) * 75 + btoi(sector[offset + 14]) - 150;
+
+            Console.WriteLine($"MSF: {sector[offset + 12]:2x}:{sector[offset + 12 + 1]:2x}:{sector[offset + 12 + 2]:2x}");
+
+            offset -= start_sector * 2352;
+
+            Console.WriteLine($"Combined offset: {offset} bytes / {offset / 4} samples");
+            return 0;
+        }
+
+        /// <summary>
+        /// Search for a byte array in another
+        /// </summary>
+        private int MemSearch(in byte[] buf_where, in byte[] buf_search, int buf_where_len, int buf_search_len)
+        {
+            for (int i = 0; i <= buf_where_len - buf_search_len; i++)
+            {
+                for (int j = 0; j < buf_search_len; j++)
+                {
+                    if (buf_where[i + j] != buf_search[j])
+                        break;
+
+                    if (j + 1 == buf_search_len)
+                        return i;
+                }
+            }
+
+            return -1;
+        }
+    }
+}

BurnOutSharp/External/psxt001z/Track.cs

@@ -0,0 +1,310 @@
+using System;
+using System.IO;
+
+namespace psxt001z
+{
+    internal class Track
+    {
+        #region Properties
+
+        /// <summary>
+        /// Original input path for the track
+        /// </summary>
+        private string InputPath { get; set; }
+
+        /// <summary>
+        /// Stream representing the track data
+        /// </summary>
+        private Stream InputStream { get; set; }
+
+        /// <summary>
+        /// Output for saving the track data
+        /// </summary>
+        private string OutputPath { get; set; }
+
+        /// <summary>
+        /// Starting offset within the file
+        /// </summary>
+        private int Start { get; set; }
+
+        /// <summary>
+        /// Size of the input file
+        /// </summary>
+        private int Size { get; set; }
+
+        /// <summary>
+        /// CRC-32 of the track data to compare against
+        /// </summary>
+        private uint CRC32 { get; set; }
+
+        /// <summary>
+        /// Audio data header
+        /// </summary>
+        private byte[] RiffData { get; set; } = new byte[44];
+
+        /// <summary>
+        /// True if the track is audio data
+        /// </summary>
+        private bool IsRiff { get; set; }
+
+        /// <summary>
+        /// True if the file is under ~100MB 
+        /// </summary>
+        private bool SmallFile { get; set; } = false;
+
+        /// <summary>
+        /// True to write out the track data
+        /// </summary>
+        private bool SaveTrack { get; set; }
+
+        /// <summary>
+        /// True means '+' or 'p'
+        /// False means '-' or 'n'
+        /// Null means neither
+        /// </summary>
+        private bool? Mode { get; set; }
+
+        /// <summary>
+        /// Cache for small file data
+        /// </summary>
+        private byte[] FileContents { get; set; }
+
+        /// <summary>
+        /// Cached file offset
+        /// </summary>
+        private int Offset { get; set; } = 0;
+
+        /// <summary>
+        /// Current file offset
+        /// </summary>
+        private int Current { get; set; } = 0;
+
+        #endregion
+
+        #region Constructor
+
+        public Track(string filename, int start, int size, uint crc, bool isRiff = false, bool? mode = null, string output = null)
+        {
+            InputPath = filename;
+            InputStream = File.OpenRead(filename);
+            OutputPath = output;
+
+            Start = start;
+            Size = size;
+            CRC32 = crc;
+            Mode = mode;
+
+            IsRiff = isRiff;
+            SmallFile = Size <= 100_000_000;
+            SaveTrack = output != null;
+
+            Console.WriteLine($"File: {InputPath}\nStart: {Start}\nSize: {Size}\nCRC-32: {CRC32:8x}");
+            Console.WriteLine();
+
+            if (IsRiff)
+                PopulateRiffData();
+
+            if (SmallFile)
+                CacheFileData();
+        }
+
+        #endregion
+
+        #region Functions
+
+        public bool FindTrack()
+        {
+            // Positive mode
+            if (Mode == true)
+            {
+                if (Current > 20000)
+                {
+                    Mode = null;
+                    return true;
+                }
+
+                Offset = Current;
+                Current += 4;
+                return MatchesCRC();
+            }
+
+            // Negative mode
+            else if (Mode == false)
+            {
+                if (Current > 20000)
+                {
+                    Mode = null;
+                    return true;
+                }
+
+                Offset = -Current;
+                Current += 4;
+                return MatchesCRC();
+            }
+
+            // Neutral mode
+            else
+            {
+                if (Current > 20000)
+                {
+                    Mode = null;
+                    return true;
+                }
+
+                Offset = Current;
+                if (MatchesCRC())
+                {
+                    return true;
+                }
+                else
+                {
+                    Offset = -Current;
+                    Current += 4;
+                    return MatchesCRC();
+                }
+            }
+        }
+
+        public bool MatchesCRC()
+        {
+            CRC32 calc = new CRC32();
+            if (SmallFile)
+            {
+                if (IsRiff)
+                    calc.ProcessCRC(RiffData, 0, 44);
+
+                calc.ProcessCRC(FileContents, (int)(20000 + Offset), (int)Size);
+            }
+            else
+            {
+                InputStream.Seek(Start + Offset, SeekOrigin.Begin);
+                if (IsRiff)
+                    calc.ProcessCRC(RiffData, 0, 44);
+
+                for (long i = 0; i < Size; i++)
+                {
+                    byte[] buffer = new byte[1];
+                    if (InputStream.Read(buffer, 0, 1) != 1)
+                    {
+                        buffer[0] = 0x00;
+                        InputStream.Seek(Start + Offset + i + 1, SeekOrigin.Begin);
+                    }
+
+                    calc.ProcessCRC(buffer, 0, 1);
+                }
+            }
+
+            Console.Write($"Offset correction {Offset} bytes, {Offset / 4} samples, CRC-32 {calc.m_crc32:8x}");
+            return (calc.m_crc32 == CRC32);
+        }
+
+        public void Done()
+        {
+            if (SmallFile)
+                FileContents = null;
+
+            if (Mode == null)
+            {
+                Console.WriteLine();
+                Console.WriteLine("Can't find offset!");
+                return;
+            }
+
+            if (SaveTrack)
+            {
+                byte[] buffer = new byte[1];
+                Stream f2 = File.Open(OutputPath, FileMode.Create, FileAccess.ReadWrite);
+                if (IsRiff)
+                    f2.Write(RiffData, 0, 44);
+
+                InputStream.Seek(Start + Offset, SeekOrigin.Begin);
+                for (long i = 0; i < Size; i++)
+                {
+                    if (InputStream.Read(buffer, 0, 1) != 1)
+                    {
+                        buffer[0] = 0x00;
+                        InputStream.Seek(Start + Offset + i + 1, SeekOrigin.Begin);
+                    }
+
+                    f2.Write(buffer, 0, 1);
+                }
+            }
+
+            Console.WriteLine();
+            Console.Write("DONE!");
+            Console.WriteLine();
+            Console.Write($"Offset correction: {Offset} bytes / {Offset / 4} samples");
+        }
+
+        #endregion
+
+        #region Utilities
+
+        // TODO: Figure out what this actually does
+        private void CacheFileData()
+        {
+            FileContents = new byte[Size + 40000];
+            InputStream.Seek(Start - 20000, SeekOrigin.Begin);
+
+            for (int i = 0; i < Size + 40000; i++)
+            {
+                if (Start + i <= 20000)
+                    InputStream.Seek(Start + i - 20000, SeekOrigin.Begin);
+
+                if (InputStream.Read(new byte[1], 0, 1) != 1)
+                    FileContents[i] = 0x00;
+            }
+        }
+
+        private void PopulateRiffData()
+        {
+            RiffData[0] = 0x52;
+            RiffData[1] = 0x49;
+            RiffData[2] = 0x46;
+            RiffData[3] = 0x46;
+
+            byte[] temp = BitConverter.GetBytes(Size - 8);
+            Array.Copy(temp, 0, RiffData, 4, 4);
+
+            RiffData[8] = 0x57;
+            RiffData[9] = 0x41;
+            RiffData[10] = 0x56;
+            RiffData[11] = 0x45;
+            RiffData[12] = 0x66;
+            RiffData[13] = 0x6D;
+            RiffData[14] = 0x74;
+            RiffData[15] = 0x20;
+            RiffData[16] = 0x10;
+            RiffData[17] = 0x00;
+            RiffData[18] = 0x00;
+            RiffData[19] = 0x00;
+            RiffData[20] = 0x01;
+            RiffData[21] = 0x00;
+            RiffData[22] = 0x02;
+            RiffData[23] = 0x00;
+            RiffData[24] = 0x44;
+            RiffData[25] = 0xAC;
+            RiffData[26] = 0x00;
+            RiffData[27] = 0x00;
+            RiffData[28] = 0x10;
+            RiffData[29] = 0xB1;
+            RiffData[30] = 0x02;
+            RiffData[31] = 0x00;
+            RiffData[32] = 0x04;
+            RiffData[33] = 0x00;
+            RiffData[34] = 0x10;
+            RiffData[35] = 0x00;
+            RiffData[36] = 0x64;
+            RiffData[37] = 0x61;
+            RiffData[38] = 0x74;
+            RiffData[39] = 0x61;
+
+            temp = BitConverter.GetBytes(Size - 44);
+            Array.Copy(temp, 0, RiffData, 40, 4);
+
+            Size -= 44;
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/FileType/BFPK.cs

@@ -0,0 +1,140 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Text;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Compressors;
+using SharpCompress.Compressors.Deflate;
+
+namespace BurnOutSharp.FileType
+{
+    public class BFPK : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x42, 0x46, 0x50, 0x4b }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the BFPK file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (BinaryReader br = new BinaryReader(stream, Encoding.Default, true))
+                {
+                    br.ReadBytes(4); // Skip magic number
+
+                    int version = br.ReadInt32();
+                    int files = br.ReadInt32();
+                    long current = br.BaseStream.Position;
+
+                    for (int i = 0; i < files; i++)
+                    {
+                        br.BaseStream.Seek(current, SeekOrigin.Begin);
+
+                        int nameSize = br.ReadInt32();
+                        string name = new string(br.ReadChars(nameSize));
+
+                        uint uncompressedSize = br.ReadUInt32();
+                        int offset = br.ReadInt32();
+
+                        current = br.BaseStream.Position;
+
+                        br.BaseStream.Seek(offset, SeekOrigin.Begin);
+                        uint compressedSize = br.ReadUInt32();
+
+                        // Some files can lack the length prefix
+                        if (compressedSize > br.BaseStream.Length)
+                        {
+                            br.BaseStream.Seek(-4, SeekOrigin.Current);
+                            compressedSize = uncompressedSize;
+                        }
+
+                        // If an individual entry fails
+                        try
+                        {
+                            string tempFile = Path.Combine(tempPath, name);
+                            if (!Directory.Exists(Path.GetDirectoryName(tempFile)))
+                                Directory.CreateDirectory(Path.GetDirectoryName(tempFile));
+
+                            if (compressedSize == uncompressedSize)
+                            {
+                                using (FileStream fs = File.OpenWrite(tempFile))
+                                {
+                                    fs.Write(br.ReadBytes((int)uncompressedSize), 0, (int)uncompressedSize);
+                                }
+                            }
+                            else
+                            {
+                                using (FileStream fs = File.OpenWrite(tempFile))
+                                {
+                                    try
+                                    {
+                                        ZlibStream zs = new ZlibStream(br.BaseStream, CompressionMode.Decompress);
+                                        zs.CopyTo(fs);
+                                    }
+                                    catch (ZlibException)
+                                    {
+                                        br.BaseStream.Seek(offset + 4, SeekOrigin.Begin);
+                                        fs.Write(br.ReadBytes((int)compressedSize), 0, (int)compressedSize);
+                                    }
+                                }
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+
+                        br.BaseStream.Seek(current, SeekOrigin.Begin);
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/BZip2.cs

@@ -0,0 +1,86 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Compressors;
+using SharpCompress.Compressors.BZip2;
+
+namespace BurnOutSharp.FileType
+{
+    public class BZip2 : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x42, 0x52, 0x68 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the BZip2 file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (BZip2Stream bz2File = new BZip2Stream(stream, CompressionMode.Decompress, true))
+                {
+                    // If an individual entry fails
+                    try
+                    {
+                        string tempFile = Path.Combine(tempPath, Guid.NewGuid().ToString());
+                        using (FileStream fs = File.OpenWrite(tempFile))
+                        {
+                            bz2File.CopyTo(fs);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        if (scanner.IncludeDebug) Console.WriteLine(ex);
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/Executable.cs

@@ -0,0 +1,193 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Text;
+using System.Threading.Tasks;
+using BurnOutSharp.ExecutableType.Microsoft.NE;
+using BurnOutSharp.ExecutableType.Microsoft.PE;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.FileType
+{
+    public class Executable : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            // DOS MZ executable file format (and descendants)
+            if (magic.StartsWith(new byte?[] { 0x4d, 0x5a }))
+                return true;
+
+            // Executable and Linkable Format
+            if (magic.StartsWith(new byte?[] { 0x7f, 0x45, 0x4c, 0x46 }))
+                return true;
+
+            // Mach-O binary (32-bit)
+            if (magic.StartsWith(new byte?[] { 0xfe, 0xed, 0xfa, 0xce }))
+                return true;
+
+            // Mach-O binary (32-bit, reverse byte ordering scheme)
+            if (magic.StartsWith(new byte?[] { 0xce, 0xfa, 0xed, 0xfe }))
+                return true;
+
+            // Mach-O binary (64-bit)
+            if (magic.StartsWith(new byte?[] { 0xfe, 0xed, 0xfa, 0xcf }))
+                return true;
+
+            // Mach-O binary (64-bit, reverse byte ordering scheme)
+            if (magic.StartsWith(new byte?[] { 0xcf, 0xfa, 0xed, 0xfe }))
+                return true;
+
+            // Prefrred Executable File Format
+            if (magic.StartsWith(new byte?[] { 0x4a, 0x6f, 0x79, 0x21, 0x70, 0x65, 0x66, 0x66 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // Files can be protected in multiple ways
+            var protections = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
+
+            // Load the current file content for debug only
+            byte[] fileContent = null;
+            if (scanner.IncludeDebug)
+            {
+                try
+                {
+                    using (BinaryReader br = new BinaryReader(stream, Encoding.Default, true))
+                    {
+                        fileContent = br.ReadBytes((int)stream.Length);
+                    }
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+
+                    Utilities.AppendToDictionary(protections, file, "[Out of memory attempting to open]");
+                    return protections;
+                }
+            }
+
+            // Create PortableExecutable and NewExecutable objects for use in the checks
+            stream.Seek(0, SeekOrigin.Begin);
+            PortableExecutable pex = new PortableExecutable(stream);
+            stream.Seek(0, SeekOrigin.Begin);
+            NewExecutable nex = new NewExecutable(stream);
+            stream.Seek(0, SeekOrigin.Begin);
+
+            // Iterate through all generic content checks
+            if (fileContent != null)
+            {
+                Parallel.ForEach(ScanningClasses.ContentCheckClasses, contentCheckClass =>
+                {
+                    string protection = contentCheckClass.CheckContents(file, fileContent, scanner.IncludeDebug);
+                    if (ShouldAddProtection(contentCheckClass, scanner.ScanPackers, protection))
+                        Utilities.AppendToDictionary(protections, file, protection);
+
+                    // If we have an IScannable implementation
+                    if (contentCheckClass is IScannable scannable)
+                    {
+                        if (file != null && !string.IsNullOrEmpty(protection))
+                        {
+                            var subProtections = scannable.Scan(scanner, null, file);
+                            Utilities.PrependToKeys(subProtections, file);
+                            Utilities.AppendToDictionary(protections, subProtections);
+                        }
+                    }
+                });
+            }
+
+            // If we have a NE executable, iterate through all NE content checks
+            if (nex?.Initialized == true)
+            {
+                Parallel.ForEach(ScanningClasses.NewExecutableCheckClasses, contentCheckClass =>
+                {
+                    // Check using custom content checks first
+                    string protection = contentCheckClass.CheckNewExecutable(file, nex, scanner.IncludeDebug);
+                    if (ShouldAddProtection(contentCheckClass, scanner.ScanPackers, protection))
+                        Utilities.AppendToDictionary(protections, file, protection);
+
+                    // If we have an IScannable implementation
+                    if (contentCheckClass is IScannable scannable)
+                    {
+                        if (file != null && !string.IsNullOrEmpty(protection))
+                        {
+                            var subProtections = scannable.Scan(scanner, null, file);
+                            Utilities.PrependToKeys(subProtections, file);
+                            Utilities.AppendToDictionary(protections, subProtections);
+                        }
+                    }
+                });
+            }
+
+            // If we have a PE executable, iterate through all PE content checks
+            if (pex?.Initialized == true)
+            {
+                // Print the section table for debug
+                if (scanner.IncludeDebug && pex.SectionTable != null)
+                    pex.PrintAllSections();
+
+                Parallel.ForEach(ScanningClasses.PortableExecutableCheckClasses, contentCheckClass =>
+                {
+                    // Check using custom content checks first
+                    string protection = contentCheckClass.CheckPortableExecutable(file, pex, scanner.IncludeDebug);
+                    if (ShouldAddProtection(contentCheckClass, scanner.ScanPackers, protection))
+                        Utilities.AppendToDictionary(protections, file, protection);
+
+                    // If we have an IScannable implementation
+                    if (contentCheckClass is IScannable scannable)
+                    {
+                        if (file != null && !string.IsNullOrEmpty(protection))
+                        {
+                            var subProtections = scannable.Scan(scanner, null, file);
+                            Utilities.PrependToKeys(subProtections, file);
+                            Utilities.AppendToDictionary(protections, subProtections);
+                        }
+                    }
+                });
+            }
+
+            return protections;
+        }
+
+        #region Helpers
+
+        /// <summary>
+        /// Check to see if a protection should be added or not
+        /// </summary>
+        /// <param name="checkClass">Class that was last used to check</param>
+        /// <param name="scanPackers">Determines if packers should be included in the output</param>
+        /// <param name="protection">The protection result to be checked</param>
+        private bool ShouldAddProtection(object checkClass, bool scanPackers, string protection)
+        {
+            // If we have an invalid protection
+            if (string.IsNullOrWhiteSpace(protection))
+                return false;
+
+            // If we have a valid content check based on settings
+            if (scanPackers || !checkClass.GetType().Namespace.ToLowerInvariant().Contains("packertype"))
+                return true;
+
+            // Everything else fails
+            return false;
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/FileType/GZIP.cs

@@ -0,0 +1,90 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Archives;
+using SharpCompress.Archives.GZip;
+
+namespace BurnOutSharp.FileType
+{
+    public class GZIP : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x1f, 0x8b }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the gzip file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (GZipArchive zipFile = GZipArchive.Open(stream))
+                {
+                    foreach (var entry in zipFile.Entries)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            // If we have a directory, skip it
+                            if (entry.IsDirectory)
+                                continue;
+
+                            string tempFile = Path.Combine(tempPath, entry.Key);
+                            entry.WriteToFile(tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/IniFile.cs

@@ -0,0 +1,296 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+
+namespace BurnOutSharp.FileType
+{
+    public class IniFile : IDictionary<string, string>
+    {
+        private Dictionary<string, string> _keyValuePairs = new Dictionary<string, string>();
+
+        public string this[string key]
+        {
+            get
+            {
+                if (_keyValuePairs == null)
+                    _keyValuePairs = new Dictionary<string, string>();
+
+                key = key.ToLowerInvariant();
+                if (_keyValuePairs.ContainsKey(key))
+                    return _keyValuePairs[key];
+
+                return null;
+            }
+            set
+            {
+                if (_keyValuePairs == null)
+                    _keyValuePairs = new Dictionary<string, string>();
+
+                key = key.ToLowerInvariant();
+                _keyValuePairs[key] = value;
+            }
+        }
+
+        /// <summary>
+        /// Create an empty INI file
+        /// </summary>
+        public IniFile()
+        {
+        }
+
+        /// <summary>
+        /// Populate an INI file from path
+        /// </summary>
+        public IniFile(string path)
+        {
+            this.Parse(path);
+        }
+
+        /// <summary>
+        /// Populate an INI file from stream
+        /// </summary>
+        public IniFile(Stream stream)
+        {
+            this.Parse(stream);
+        }
+
+        /// <summary>
+        /// Add or update a key and value to the INI file
+        /// </summary>
+        public void AddOrUpdate(string key, string value)
+        {
+            _keyValuePairs[key.ToLowerInvariant()] = value;
+        }
+
+        /// <summary>
+        /// Remove a key from the INI file
+        /// </summary>
+        public void Remove(string key)
+        {
+            _keyValuePairs.Remove(key.ToLowerInvariant());
+        }
+
+        /// <summary>
+        /// Read an INI file based on the path
+        /// </summary>
+        public bool Parse(string path)
+        {
+            // If we don't have a file, we can't read it
+            if (!File.Exists(path))
+                return false;
+
+            using (var fileStream = File.OpenRead(path))
+            {
+                return Parse(fileStream);
+            }
+        }
+
+        /// <summary>
+        /// Read an INI file from a stream
+        /// </summary>
+        public bool Parse(Stream stream)
+        {
+            // If the stream is invalid or unreadable, we can't process it
+            if (stream == null || !stream.CanRead || stream.Position >= stream.Length - 1)
+                return false;
+
+            // Keys are case-insensitive by default
+            try
+            {
+                using (StreamReader sr = new StreamReader(stream))
+                {
+                    string section = string.Empty;
+                    while (!sr.EndOfStream)
+                    {
+                        string line = sr.ReadLine().Trim();
+
+                        // Comments start with ';'
+                        if (line.StartsWith(";"))
+                        {
+                            // No-op, we don't process comments
+                        }
+
+                        // Section titles are surrounded by square brackets
+                        else if (line.StartsWith("["))
+                        {
+                            section = line.TrimStart('[').TrimEnd(']');
+                        }
+
+                        // Valid INI lines are in the format key=value
+                        else if (line.Contains("="))
+                        {
+                            // Split the line by '=' for key-value pairs
+                            string[] data = line.Split('=');
+
+                            // If the value field contains an '=', we need to put them back in
+                            string key = data[0].Trim();
+                            string value = string.Join("=", data.Skip(1)).Trim();
+
+                            // Section names are prepended to the key with a '.' separating
+                            if (!string.IsNullOrEmpty(section))
+                                key = $"{section}.{key}";
+
+                            // Set or overwrite keys in the returned dictionary
+                            _keyValuePairs[key.ToLowerInvariant()] = value;
+                        }
+
+                        // All other lines are ignored
+                    }
+                }
+            }
+            catch
+            {
+                // We don't care what the error was, just catch and return
+                return false;
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Write an INI file to a path
+        /// </summary>
+        public bool Write(string path)
+        {
+            // If we don't have a valid dictionary with values, we can't write out
+            if (_keyValuePairs == null || _keyValuePairs.Count == 0)
+                return false;
+
+            using (var fileStream = File.OpenWrite(path))
+            {
+                return Write(fileStream);
+            }
+        }
+
+        /// <summary>
+        /// Write an INI file to a stream
+        /// </summary>
+        public bool Write(Stream stream)
+        {
+            // If we don't have a valid dictionary with values, we can't write out
+            if (_keyValuePairs == null || _keyValuePairs.Count == 0)
+                return false;
+
+            // If the stream is invalid or unwritable, we can't output to it
+            if (stream == null || !stream.CanWrite || stream.Position >= stream.Length - 1)
+                return false;
+
+            try
+            {
+                using (StreamWriter sw = new StreamWriter(stream))
+                {
+                    // Order the dictionary by keys to link sections together
+                    var orderedKeyValuePairs = _keyValuePairs.OrderBy(kvp => kvp.Key);
+
+                    string section = string.Empty;
+                    foreach (var keyValuePair in orderedKeyValuePairs)
+                    {
+                        // Extract the key and value
+                        string key = keyValuePair.Key;
+                        string value = keyValuePair.Value;
+
+                        // We assume '.' is a section name separator
+                        if (key.Contains('.'))
+                        {
+                            // Split the key by '.'
+                            string[] data = keyValuePair.Key.Split('.');
+
+                            // If the key contains an '.', we need to put them back in
+                            string newSection = data[0].Trim();
+                            key = string.Join(".", data.Skip(1)).Trim();
+
+                            // If we have a new section, write it out
+                            if (!string.Equals(newSection, section, StringComparison.OrdinalIgnoreCase))
+                            {
+                                sw.WriteLine($"[{newSection}]");
+                                section = newSection;
+                            }
+                        }
+
+                        // Now write out the key and value in a standardized way
+                        sw.WriteLine($"{key}={value}");
+                    }
+                }
+            }
+            catch
+            {
+                // We don't care what the error was, just catch and return
+                return false;
+            }
+
+            return true;
+        }
+
+        #region IDictionary Impelementations
+
+        public ICollection<string> Keys => ((IDictionary<string, string>)_keyValuePairs).Keys;
+
+        public ICollection<string> Values => ((IDictionary<string, string>)_keyValuePairs).Values;
+
+        public int Count => ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).Count;
+
+        public bool IsReadOnly => ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).IsReadOnly;
+
+        public void Add(string key, string value)
+        {
+            ((IDictionary<string, string>)_keyValuePairs).Add(key.ToLowerInvariant(), value);
+        }
+
+        bool IDictionary<string, string>.Remove(string key)
+        {
+            return ((IDictionary<string, string>)_keyValuePairs).Remove(key.ToLowerInvariant());
+        }
+
+        public bool TryGetValue(string key, out string value)
+        {
+            return ((IDictionary<string, string>)_keyValuePairs).TryGetValue(key.ToLowerInvariant(), out value);
+        }
+
+        public void Add(KeyValuePair<string, string> item)
+        {
+            var newItem = new KeyValuePair<string, string>(item.Key.ToLowerInvariant(), item.Value);
+            ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).Add(newItem);
+        }
+
+        public void Clear()
+        {
+            ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).Clear();
+        }
+
+        public bool Contains(KeyValuePair<string, string> item)
+        {
+            var newItem = new KeyValuePair<string, string>(item.Key.ToLowerInvariant(), item.Value);
+            return ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).Contains(newItem);
+        }
+
+        public bool ContainsKey(string key)
+        {
+            return _keyValuePairs.ContainsKey(key.ToLowerInvariant());
+        }
+
+        public void CopyTo(KeyValuePair<string, string>[] array, int arrayIndex)
+        {
+            ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).CopyTo(array, arrayIndex);
+        }
+
+        public bool Remove(KeyValuePair<string, string> item)
+        {
+            var newItem = new KeyValuePair<string, string>(item.Key.ToLowerInvariant(), item.Value);
+            return ((ICollection<KeyValuePair<string, string>>)_keyValuePairs).Remove(newItem);
+        }
+
+        public IEnumerator<KeyValuePair<string, string>> GetEnumerator()
+        {
+            return ((IEnumerable<KeyValuePair<string, string>>)_keyValuePairs).GetEnumerator();
+        }
+
+        IEnumerator IEnumerable.GetEnumerator()
+        {
+            return ((IEnumerable)_keyValuePairs).GetEnumerator();
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/FileType/InstallShieldArchiveV3.cs

@@ -0,0 +1,111 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Linq;
+using System.Text.RegularExpressions;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using UnshieldSharp.Archive;
+
+namespace BurnOutSharp.FileType
+{
+    public class InstallShieldArchiveV3 : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x13, 0x5D, 0x65, 0x8C }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        // TODO: Add stream opening support
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // Get the name of the first cabinet file or header
+            string directory = Path.GetDirectoryName(file);
+            string noExtension = Path.GetFileNameWithoutExtension(file);
+            string filenamePattern = Path.Combine(directory, noExtension);
+            filenamePattern = new Regex(@"\d+$").Replace(filenamePattern, string.Empty);
+
+            bool cabinetHeaderExists = File.Exists(Path.Combine(directory, filenamePattern + "1.hdr"));
+            bool shouldScanCabinet = cabinetHeaderExists
+                ? file.Equals(Path.Combine(directory, filenamePattern + "1.hdr"), StringComparison.OrdinalIgnoreCase)
+                : file.Equals(Path.Combine(directory, filenamePattern + "1.cab"), StringComparison.OrdinalIgnoreCase);
+
+            // If we have the first file
+            if (shouldScanCabinet)
+            {
+                // If the cab file itself fails
+                try
+                {
+                    string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                    Directory.CreateDirectory(tempPath);
+
+                    UnshieldSharp.Archive.InstallShieldArchiveV3 archive = new UnshieldSharp.Archive.InstallShieldArchiveV3(file);
+                    foreach (CompressedFile cfile in archive.Files.Select(kvp => kvp.Value))
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            string tempFile = Path.Combine(tempPath, cfile.FullPath);
+                            if (!Directory.Exists(Path.GetDirectoryName(tempFile)))
+                                Directory.CreateDirectory(Path.GetDirectoryName(tempFile));
+
+                            (byte[] fileContents, string error) = archive.Extract(cfile.FullPath);
+                            if (!string.IsNullOrWhiteSpace(error))
+                                continue;
+
+                            using (FileStream fs = File.OpenWrite(tempFile))
+                            {
+                                fs.Write(fileContents, 0, fileContents.Length);
+                            }
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+
+                    // Collect and format all found protections
+                    var protections = scanner.GetProtections(tempPath);
+
+                    // If temp directory cleanup fails
+                    try
+                    {
+                        Directory.Delete(tempPath, true);
+                    }
+                    catch (Exception ex)
+                    {
+                        if (scanner.IncludeDebug) Console.WriteLine(ex);
+                    }
+
+                    // Remove temporary path references
+                    Utilities.StripFromKeys(protections, tempPath);
+
+                    return protections;
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/InstallShieldCAB.cs

@@ -0,0 +1,110 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Text.RegularExpressions;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using UnshieldSharp.Cabinet;
+
+namespace BurnOutSharp.FileType
+{
+    public class InstallShieldCAB : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x49, 0x53, 0x63 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        // TODO: Add stream opening support
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // Get the name of the first cabinet file or header
+            string directory = Path.GetDirectoryName(file);
+            string noExtension = Path.GetFileNameWithoutExtension(file);
+            string filenamePattern = Path.Combine(directory, noExtension);
+            filenamePattern = new Regex(@"\d+$").Replace(filenamePattern, string.Empty);
+
+            bool cabinetHeaderExists = File.Exists(Path.Combine(directory, filenamePattern + "1.hdr"));
+            bool shouldScanCabinet = cabinetHeaderExists
+                ? file.Equals(Path.Combine(directory, filenamePattern + "1.hdr"), StringComparison.OrdinalIgnoreCase)
+                : file.Equals(Path.Combine(directory, filenamePattern + "1.cab"), StringComparison.OrdinalIgnoreCase);
+
+            // If we have the first file
+            if (shouldScanCabinet)
+            {
+                // If the cab file itself fails
+                try
+                {
+                    string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                    Directory.CreateDirectory(tempPath);
+
+                    InstallShieldCabinet cabfile = InstallShieldCabinet.Open(file);
+                    for (int i = 0; i < cabfile.FileCount; i++)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            string filename = cabfile.FileName(i);
+                            string tempFile;
+                            try
+                            {
+                                tempFile = Path.Combine(tempPath, filename);
+                            }
+                            catch
+                            {
+                                tempFile = Path.Combine(tempPath, $"BAD_FILENAME{i}");
+                            }
+
+                            cabfile.FileSave(i, tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+
+                    // Collect and format all found protections
+                    var protections = scanner.GetProtections(tempPath);
+
+                    // If temp directory cleanup fails
+                    try
+                    {
+                        Directory.Delete(tempPath, true);
+                    }
+                    catch (Exception ex)
+                    {
+                        if (scanner.IncludeDebug) Console.WriteLine(ex);
+                    }
+
+                    // Remove temporary path references
+                    Utilities.StripFromKeys(protections, tempPath);
+
+                    return protections;
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/MSI.cs

@@ -0,0 +1,168 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Text;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using OpenMcdf;
+
+namespace BurnOutSharp.FileType
+{
+    public class MSI : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        // TODO: Add stream opening support
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the MSI file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (CompoundFile msi = new CompoundFile(stream, CFSUpdateMode.ReadOnly, CFSConfiguration.Default))
+                {
+                    msi.RootStorage.VisitEntries((e) =>
+                    {
+                        if (!e.IsStream)
+                            return;
+
+                        var str = msi.RootStorage.GetStream(e.Name);
+                        if (str == null)
+                            return;
+
+                        byte[] strData = str.GetData();
+                        if (strData == null)
+                            return;
+
+                        string decoded = DecodeStreamName(e.Name).TrimEnd('\0');
+                        byte[] nameBytes = Encoding.UTF8.GetBytes(e.Name);
+
+                        // UTF-8 encoding of 0x4840.
+                        if (nameBytes[0] == 0xe4 && nameBytes[1] == 0xa1 && nameBytes[2] == 0x80)
+                            decoded = decoded.Substring(3);
+
+                        foreach (char c in Path.GetInvalidFileNameChars())
+                        {
+                            decoded = decoded.Replace(c, '_');
+                        }
+
+                        string filename = Path.Combine(tempPath, decoded);
+                        using (Stream fs = File.OpenWrite(filename))
+                        {
+                            fs.Write(strData, 0, strData.Length);
+                        }
+                    }, recursive: true);
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+
+        /// <remarks>Adapted from LibMSI</remarks>
+        private static string DecodeStreamName(string input)
+        {
+            if (input == null)
+                return null;
+
+            int count = 0;
+            byte[] inputBytes = Encoding.UTF8.GetBytes(input);
+            int p = 0; // inputBytes[0]
+
+            byte[] output = new byte[inputBytes.Length + 1];
+            int q = 0; // output[0]
+            while (p < inputBytes.Length && inputBytes[p] != 0)
+            {
+                int ch = inputBytes[p];
+                if ((ch == 0xe3 && inputBytes[p + 1] >= 0xa0) || (ch == 0xe4 && inputBytes[p + 1] < 0xa0))
+                {
+                    // UTF-8 encoding of 0x3800..0x47ff. 
+                    output[q++] = (byte)Mime2Utf(inputBytes[p + 2] & 0x7f);
+                    output[q++] = (byte)Mime2Utf(inputBytes[p + 1] ^ 0xa0);
+                    p += 3;
+                    count += 2;
+                    continue;
+                }
+
+                if (ch == 0xe4 && inputBytes[p + 1] == 0xa0)
+                {
+                    // UTF-8 encoding of 0x4800..0x483f.
+                    output[q++] = (byte)Mime2Utf(inputBytes[p + 2] & 0x7f);
+                    p += 3;
+                    count++;
+                    continue;
+                }
+
+                output[q++] = inputBytes[p++];
+                if (ch >= 0xc1)
+                    output[q++] = inputBytes[p++];
+                if (ch >= 0xe0)
+                    output[q++] = inputBytes[p++];
+                if (ch >= 0xf0)
+                    output[q++] = inputBytes[p++];
+
+                count++;
+            }
+
+            output[q] = 0;
+            return Encoding.ASCII.GetString(output);
+        }
+
+        /// <remarks>Adapted from LibMSI</remarks>
+        private static int Mime2Utf(int x)
+        {
+            if (x < 10)
+                return x + '0';
+            if (x < (10 + 26))
+                return x - 10 + 'A';
+            if (x < (10 + 26 + 26))
+                return x - 10 - 26 + 'a';
+            if (x == (10 + 26 + 26))
+                return '.';
+            return '_';
+        }
+    }
+}

BurnOutSharp/FileType/PKZIP.cs

@@ -0,0 +1,104 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Archives;
+using SharpCompress.Archives.Zip;
+
+namespace BurnOutSharp.FileType
+{
+    public class PKZIP : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            // PKZIP (Unknown)
+            if (magic.StartsWith(new byte?[] { 0x50, 0x4b, 0x00, 0x00 }))
+                return true;
+
+            // PKZIP
+            if (magic.StartsWith(new byte?[] { 0x50, 0x4b, 0x03, 0x04 }))
+                return true;
+
+            // PKZIP (Empty Archive)
+            if (magic.StartsWith(new byte?[] { 0x50, 0x4b, 0x05, 0x06 }))
+                return true;
+
+            // PKZIP (Spanned Archive)
+            if (magic.StartsWith(new byte?[] { 0x50, 0x4b, 0x07, 0x08 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the zip file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (ZipArchive zipFile = ZipArchive.Open(stream))
+                {
+                    foreach (var entry in zipFile.Entries)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            // If we have a directory, skip it
+                            if (entry.IsDirectory)
+                                continue;
+
+                            string tempFile = Path.Combine(tempPath, entry.Key);
+                            Directory.CreateDirectory(Path.GetDirectoryName(tempFile));
+                            entry.WriteToFile(tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/RAR.cs

@@ -0,0 +1,95 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Archives;
+using SharpCompress.Archives.Rar;
+
+namespace BurnOutSharp.FileType
+{
+    public class RAR : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            // RAR archive version 1.50 onwards
+            if (magic.StartsWith(new byte?[] { 0x52, 0x61, 0x72, 0x21, 0x1a, 0x07, 0x00 }))
+                return true;
+
+            // RAR archive version 5.0 onwards
+            if (magic.StartsWith(new byte?[] { 0x52, 0x61, 0x72, 0x21, 0x1a, 0x07, 0x01, 0x00 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the rar file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (RarArchive zipFile = RarArchive.Open(stream))
+                {
+                    foreach (var entry in zipFile.Entries)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            // If we have a directory, skip it
+                            if (entry.IsDirectory)
+                                continue;
+
+                            string tempFile = Path.Combine(tempPath, entry.Key);
+                            entry.WriteToFile(tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/SevenZip.cs

@@ -0,0 +1,90 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Archives;
+using SharpCompress.Archives.SevenZip;
+
+namespace BurnOutSharp.FileType
+{
+    public class SevenZip : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x37, 0x7a, 0xbc, 0xaf, 0x27, 0x1c }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the 7-zip file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (SevenZipArchive sevenZipFile = SevenZipArchive.Open(stream))
+                {
+                    foreach (var entry in sevenZipFile.Entries)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            // If we have a directory, skip it
+                            if (entry.IsDirectory)
+                                continue;
+
+                            string tempFile = Path.Combine(tempPath, entry.Key);
+                            entry.WriteToFile(tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+
+                    // Collect and format all found protections
+                    var protections = scanner.GetProtections(tempPath);
+
+                    // If temp directory cleanup fails
+                    try
+                    {
+                        Directory.Delete(tempPath, true);
+                    }
+                    catch (Exception ex)
+                    {
+                        if (scanner.IncludeDebug) Console.WriteLine(ex);
+                    }
+
+                    // Remove temporary path references
+                    Utilities.StripFromKeys(protections, tempPath);
+
+                    return protections;
+                }
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/TapeArchive.cs

@@ -0,0 +1,93 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Archives;
+using SharpCompress.Archives.Tar;
+
+namespace BurnOutSharp.FileType
+{
+    public class TapeArchive : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0x75, 0x73, 0x74, 0x61, 0x72, 0x00, 0x30, 0x30 }))
+                return true;
+
+            if (magic.StartsWith(new byte?[] { 0x75, 0x73, 0x74, 0x61, 0x72, 0x20, 0x20, 0x00 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the tar file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (TarArchive tarFile = TarArchive.Open(stream))
+                {
+                    foreach (var entry in tarFile.Entries)
+                    {
+                        // If an individual entry fails
+                        try
+                        {
+                            // If we have a directory, skip it
+                            if (entry.IsDirectory)
+                                continue;
+
+                            string tempFile = Path.Combine(tempPath, entry.Key);
+                            entry.WriteToFile(tempFile);
+                        }
+                        catch (Exception ex)
+                        {
+                            if (scanner.IncludeDebug) Console.WriteLine(ex);
+                        }
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/Textfile.cs

@@ -0,0 +1,147 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using System.Text;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+
+namespace BurnOutSharp.FileType
+{
+    public class Textfile : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            return ShouldScan(magic, null);
+        }
+
+        /// <summary>
+        /// Determine if a file signature or extension matches one of the expected values
+        /// </summary>
+        /// <param name="magic">Byte array representing the file header</param>
+        /// <param name="extension">Extension for the file being checked</param>
+        /// <returns>True if the signature is valid, false otherwise</returns>
+        public bool ShouldScan(byte[] magic, string extension)
+        {
+            // Rich Text File
+            if (magic.StartsWith(new byte?[] { 0x7b, 0x5c, 0x72, 0x74, 0x66, 0x31 }))
+                return true;
+
+            // HTML
+            if (magic.StartsWith(new byte?[] { 0x3c, 0x68, 0x74, 0x6d, 0x6c }))
+                return true;
+
+            // HTML and XML
+            if (magic.StartsWith(new byte?[] { 0x3c, 0x21, 0x44, 0x4f, 0x43, 0x54, 0x59, 0x50, 0x45 }))
+                return true;
+
+            // Microsoft Office File (old)
+            if (magic.StartsWith(new byte?[] { 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 }))
+                return true;
+
+            // InstallShield Compiled Rules
+            if (magic.StartsWith(new byte?[] { 0x61, 0x4C, 0x75, 0x5A }))
+                return true;
+
+            // InstallShield Script
+            if (string.Equals(extension?.TrimStart('.'), "ins", StringComparison.OrdinalIgnoreCase))
+                return true;
+
+            // Generic textfile (no header)
+            if (string.Equals(extension?.TrimStart('.'), "txt", StringComparison.OrdinalIgnoreCase))
+                return true;
+
+            // XML (multiple headers possible)
+            if (string.Equals(extension?.TrimStart('.'), "xml", StringComparison.OrdinalIgnoreCase))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // Files can be protected in multiple ways
+            var protections = new ConcurrentDictionary<string, ConcurrentQueue<string>>();
+
+            try
+            {
+                // Load the current file content
+                string fileContent = null;
+                using (var sr = new StreamReader(stream, Encoding.Default, true, 1024 * 1024, true))
+                {
+                    fileContent = sr.ReadToEnd();
+                }
+
+                // AegiSoft License Manager
+                // Found in "setup.ins" (Redump entry 73521/IA item "Nova_HoyleCasino99USA").
+                if (fileContent.Contains("Failed to load the AegiSoft License Manager install program."))
+                    Utilities.AppendToDictionary(protections, file, "AegiSoft License Manager");
+
+                // CD-Key
+                if (fileContent.Contains("a valid serial number is required"))
+                    Utilities.AppendToDictionary(protections, file, "CD-Key / Serial");
+                else if (fileContent.Contains("serial number is located"))
+                    Utilities.AppendToDictionary(protections, file, "CD-Key / Serial");
+
+                // MediaCloQ
+                if (fileContent.Contains("SunnComm MediaCloQ"))
+                    Utilities.AppendToDictionary(protections, file, "MediaCloQ");
+                else if (fileContent.Contains("http://download.mediacloq.com/"))
+                    Utilities.AppendToDictionary(protections, file, "MediaCloQ");
+                else if (fileContent.Contains("http://www.sunncomm.com/mediacloq/"))
+                    Utilities.AppendToDictionary(protections, file, "MediaCloQ");
+
+                // MediaMax
+                if (fileContent.Contains("MediaMax technology"))
+                    Utilities.AppendToDictionary(protections, file, "MediaMax CD-3");
+                else if (fileContent.Contains("exclusive Cd3 technology"))
+                    Utilities.AppendToDictionary(protections, file, "MediaMax CD-3");
+                else if (fileContent.Contains("<PROTECTION-VENDOR>MediaMAX</PROTECTION-VENDOR>"))
+                    Utilities.AppendToDictionary(protections, file, "MediaMax CD-3");
+                else if (fileContent.Contains("MediaMax(tm)"))
+                    Utilities.AppendToDictionary(protections, file, "MediaMax CD-3");
+
+                // phenoProtect
+                if (fileContent.Contains("phenoProtect"))
+                    Utilities.AppendToDictionary(protections, file, "phenoProtect");
+
+                // The full line from a sample is as follows:
+                //
+                // The files securom_v7_01.dat and securom_v7_01.bak have been created during the installation of a SecuROM protected application.
+                //
+                // TODO: Use the filenames in this line to get the version out of it
+
+                // SecuROM
+                if (fileContent.Contains("SecuROM protected application"))
+                    Utilities.AppendToDictionary(protections, file, "SecuROM");
+
+                // Steam
+                if (fileContent.Contains("All use of the Program is governed by the terms of the Steam Agreement as described below."))
+                    Utilities.AppendToDictionary(protections, file, "Steam");
+
+                // XCP
+                if (fileContent.Contains("http://cp.sonybmg.com/xcp/"))
+                    Utilities.AppendToDictionary(protections, file, "XCP");
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return protections;
+        }
+    }
+}

BurnOutSharp/FileType/Valve.cs

@@ -0,0 +1,89 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using HLLib.Directory;
+using HLLib.Packages;
+
+namespace BurnOutSharp.FileType
+{
+    public class Valve : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            return Package.GetPackageType(magic) != PackageType.HL_PACKAGE_NONE;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        // TODO: Add stream opening support
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the Valve archive itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                // Get the package type
+                byte[] magic = stream.ReadBytes(16);
+                PackageType packageType = Package.GetPackageType(magic);
+                if (packageType == PackageType.HL_PACKAGE_NONE)
+                    return null;
+
+                // Create a new package from the file
+                var pkg = Package.CreatePackage(packageType);
+                FileModeFlags mode = FileModeFlags.HL_MODE_READ | FileModeFlags.HL_MODE_WRITE | FileModeFlags.HL_MODE_NO_FILEMAPPING | FileModeFlags.HL_MODE_VOLATILE;
+                bool opened = pkg.Open(file, mode, overwriteFiles: true);
+                if (!opened)
+                    return null;
+
+                // Create the root directory
+                var rootDirectory = pkg.GetRoot();
+
+                // Extract all files
+                rootDirectory.Extract(tempPath, readEncrypted: true, overwrite: true);
+
+                // Close the package explicitly
+                pkg.Close();
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/FileType/XZ.cs

@@ -0,0 +1,85 @@
+using System;
+using System.Collections.Concurrent;
+using System.IO;
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Tools;
+using SharpCompress.Compressors.Xz;
+
+namespace BurnOutSharp.FileType
+{
+    public class XZ : IScannable
+    {
+        /// <inheritdoc/>
+        public bool ShouldScan(byte[] magic)
+        {
+            if (magic.StartsWith(new byte?[] { 0xfd, 0x37, 0x7a, 0x58, 0x5a, 0x00 }))
+                return true;
+
+            return false;
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file)
+        {
+            if (!File.Exists(file))
+                return null;
+
+            using (var fs = File.OpenRead(file))
+            {
+                return Scan(scanner, fs, file);
+            }
+        }
+
+        /// <inheritdoc/>
+        public ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string file)
+        {
+            // If the xz file itself fails
+            try
+            {
+                string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
+                Directory.CreateDirectory(tempPath);
+
+                using (XZStream xzFile = new XZStream(stream))
+                {
+                    // If an individual entry fails
+                    try
+                    {
+                        string tempFile = Path.Combine(tempPath, Guid.NewGuid().ToString());
+                        using (FileStream fs = File.OpenWrite(tempFile))
+                        {
+                            xzFile.CopyTo(fs);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        if (scanner.IncludeDebug) Console.WriteLine(ex);
+                    }
+                }
+
+                // Collect and format all found protections
+                var protections = scanner.GetProtections(tempPath);
+
+                // If temp directory cleanup fails
+                try
+                {
+                    Directory.Delete(tempPath, true);
+                }
+                catch (Exception ex)
+                {
+                    if (scanner.IncludeDebug) Console.WriteLine(ex);
+                }
+
+                // Remove temporary path references
+                Utilities.StripFromKeys(protections, tempPath);
+
+                return protections;
+            }
+            catch (Exception ex)
+            {
+                if (scanner.IncludeDebug) Console.WriteLine(ex);
+            }
+
+            return null;
+        }
+    }
+}

BurnOutSharp/Interfaces/IContentCheck.cs

@@ -0,0 +1,17 @@
+namespace BurnOutSharp.Interfaces
+{
+    /// <summary>
+    /// Check a generic file for protection
+    /// </summary>
+    internal interface IContentCheck
+    {
+        /// <summary>
+        /// Check a path for protections based on file contents
+        /// </summary>
+        /// <param name="file">File to check for protection indicators</param>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <param name="includeDebug">True to include debug data, false otherwise</param>
+        /// <returns>String containing any protections found in the file</returns>
+        string CheckContents(string file, byte[] fileContent, bool includeDebug);
+    }
+}

BurnOutSharp/Interfaces/INewExecutableCheck.cs

@@ -0,0 +1,19 @@
+using BurnOutSharp.ExecutableType.Microsoft.NE;
+
+namespace BurnOutSharp.Interfaces
+{
+    /// <summary>
+    /// Check a New Executable (NE) for protection
+    /// </summary>
+    internal interface INewExecutableCheck
+    {
+        /// <summary>
+        /// Check a path for protections based on file contents
+        /// </summary>
+        /// <param name="file">File to check for protection indicators</param>
+        /// <param name="nex">NewExecutable representing the read-in file</param>
+        /// <param name="includeDebug">True to include debug data, false otherwise</param>
+        /// <returns>String containing any protections found in the file</returns>
+        string CheckNewExecutable(string file, NewExecutable nex, bool includeDebug);
+    }
+}

BurnOutSharp/Interfaces/IPathCheck.cs

@@ -0,0 +1,29 @@
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+
+namespace BurnOutSharp.Interfaces
+{
+    /// <summary>
+    /// Check a file or directory path for protection
+    /// </summary>
+    /// <remarks>
+    /// These checks rely primarily on filenames and paths, not file contents
+    /// </remarks>
+    internal interface IPathCheck
+    {
+        /// <summary>
+        /// Check a file path for protections based on path name
+        /// </summary>
+        /// <param name="path">Path to check for protection indicators</param>
+        /// <param name="files">Enumerable of strings representing files in a directory</param>
+        /// <remarks>This can do some limited content checking as well, but it's suggested to use a content check instead, if possible</remarks>
+        ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files);
+
+        /// <summary>
+        /// Check a file path for protections based on path name
+        /// </summary>
+        /// <param name="path">Path to check for protection indicators</param>
+        /// <remarks>This can do some limited content checking as well, but it's suggested to use a content check instead, if possible</remarks>
+        string CheckFilePath(string path);
+    }
+}

BurnOutSharp/Interfaces/IPortableExecutableCheck.cs

@@ -0,0 +1,19 @@
+using BurnOutSharp.ExecutableType.Microsoft.PE;
+
+namespace BurnOutSharp.Interfaces
+{
+    /// <summary>
+    /// Check a Portable Executable (PE) for protection
+    /// </summary>
+    internal interface IPortableExecutableCheck
+    {
+        /// <summary>
+        /// Check a path for protections based on file contents
+        /// </summary>
+        /// <param name="file">File to check for protection indicators</param>
+        /// <param name="pex">PortableExecutable representing the read-in file</param>
+        /// <param name="includeDebug">True to include debug data, false otherwise</param>
+        /// <returns>String containing any protections found in the file</returns>
+        string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug);
+    }
+}

BurnOutSharp/Interfaces/IScannable.cs

@@ -0,0 +1,36 @@
+using System.Collections.Concurrent;
+using System.IO;
+
+namespace BurnOutSharp.Interfaces
+{
+    /// <summary>
+    /// Mark a file type as extractable
+    /// </summary>
+    internal interface IScannable
+    {
+        /// <summary>
+        /// Determine if a file signature matches one of the expected values
+        /// </summary>
+        /// <param name="magic">Byte array representing the file header</param>
+        /// <returns>True if the signature is valid, false otherwise</returns>
+        bool ShouldScan(byte[] magic);
+
+        /// <summary>
+        /// Scan a file for all internal protections
+        /// </summary>
+        /// <param name="scanner">Scanner object for state tracking</param>
+        /// <param name="file">Path to the input file</param>
+        /// <returns>Dictionary mapping paths to protection lists</returns>
+        /// <remarks>Ideally, this should just point to the other scan implementation</remarks>
+        ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, string file);
+
+        /// <summary>
+        /// Scan a stream for all internal protections
+        /// </summary>
+        /// <param name="scanner">Scanner object for state tracking</param>
+        /// <param name="stream">Stream representing the input file</param>
+        /// <param name="file">Path to the input file</param>
+        /// <returns>Dictionary mapping paths to protection lists</returns>
+        ConcurrentDictionary<string, ConcurrentQueue<string>> Scan(Scanner scanner, Stream stream, string filename);
+    }
+}

BurnOutSharp/LICENSE.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

BurnOutSharp/Matching/ContentMatch.cs

@@ -0,0 +1,108 @@
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// Content matching criteria
+    /// </summary>
+    public class ContentMatch : IMatch<byte?[]>
+    {
+        /// <summary>
+        /// Content to match
+        /// </summary>
+        public byte?[] Needle { get; set; }
+
+        /// <summary>
+        /// Starting index for matching
+        /// </summary>
+        public int Start { get; set; }
+
+        /// <summary>
+        /// Ending index for matching
+        /// </summary>
+        public int End { get; set; }
+
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="needle">Byte array representing the search</param>
+        /// <param name="start">Optional starting index</param>
+        /// <param name="end">Optional ending index</param>
+        public ContentMatch(byte?[] needle, int start = -1, int end = -1)
+        {
+            Needle = needle;
+            Start = start;
+            End = end;
+        }
+
+        #region Matching
+
+        /// <summary>
+        /// Get if this match can be found in a stack
+        /// </summary>
+        /// <param name="stack">Array to search for the given content</param>
+        /// <param name="reverse">True to search from the end of the array, false from the start</param>
+        /// <returns>Tuple of success and found position</returns>
+        public (bool success, int position) Match(byte[] stack, bool reverse = false)
+        {
+            // If either array is null or empty, we can't do anything
+            if (stack == null || stack.Length == 0 || Needle == null || Needle.Length == 0)
+                return (false, -1);
+
+            // If the needle array is larger than the stack array, it can't be contained within
+            if (Needle.Length > stack.Length)
+                return (false, -1);
+
+            // Set the default start and end values
+            int start = Start;
+            int end = End;
+
+            // If start or end are not set properly, set them to defaults
+            if (start < 0)
+                start = 0;
+            if (end < 0)
+                end = stack.Length - Needle.Length;
+
+            for (int i = reverse ? end : start; reverse ? i > start : i < end; i += reverse ? -1 : 1)
+            {
+                // If we somehow have an invalid end and we haven't matched, return
+                if (i > stack.Length)
+                    return (false, -1);
+
+                // Check to see if the values are equal
+                if (EqualAt(stack, i))
+                    return (true, i);
+            }
+
+            return (false, -1);
+        }
+
+        /// <summary>
+        /// Get if a stack at a certain index is equal to a needle
+        /// </summary>
+        /// <param name="stack">Array to search for the given content</param>
+        /// <param name="index">Starting index to check equality</param>
+        /// <returns>True if the needle matches the stack at a given index</returns>
+        private bool EqualAt(byte[] stack, int index)
+        {
+            // If the index is invalid, we can't do anything
+            if (index < 0)
+                return false;
+
+            // If we're too close to the end of the stack, return false
+            if (Needle.Length >= stack.Length - index)
+                return false;
+
+            for (int i = 0; i < Needle.Length; i++)
+            {
+                // A null value is a wildcard
+                if (Needle[i] == null)
+                    continue;
+                else if (stack[i + index] != Needle[i])
+                    return false;
+            }
+
+            return true;
+        }
+    
+        #endregion
+    }
+}

BurnOutSharp/Matching/ContentMatchSet.cs

@@ -0,0 +1,109 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// A set of content matches that work together
+    /// </summary>
+    public class ContentMatchSet : MatchSet<ContentMatch, byte?[]>
+    {
+        /// <summary>
+        /// Function to get a content version
+        /// </summary>
+        /// <remarks>
+        /// A content version method takes the file path, the file contents,
+        /// and a list of found positions and returns a single string. That
+        /// string is either a version string, in which case it will be appended
+        /// to the protection name, or `null`, in which case it will cause
+        /// the protection to be omitted.
+        /// </remarks>
+        public Func<string, byte[], List<int>, string> GetVersion { get; set; }
+
+        #region Constructors
+
+        public ContentMatchSet(byte?[] needle, string protectionName)
+            : this(new List<byte?[]> { needle }, null, protectionName) { }
+
+        public ContentMatchSet(List<byte?[]> needles, string protectionName)
+            : this(needles, null, protectionName) { }
+
+        public ContentMatchSet(byte?[] needle, Func<string, byte[], List<int>, string> getVersion, string protectionName)
+            : this(new List<byte?[]> { needle }, getVersion, protectionName) { }
+
+        public ContentMatchSet(List<byte?[]> needles, Func<string, byte[], List<int>, string> getVersion, string protectionName)
+            : this(needles.Select(n => new ContentMatch(n)).ToList(), getVersion, protectionName) { }
+
+        public ContentMatchSet(ContentMatch needle, string protectionName)
+            : this(new List<ContentMatch>() { needle }, null, protectionName) { }
+
+        public ContentMatchSet(List<ContentMatch> needles, string protectionName)
+            : this(needles, null, protectionName) { }
+
+        public ContentMatchSet(ContentMatch needle, Func<string, byte[], List<int>, string> getVersion, string protectionName)
+            : this(new List<ContentMatch>() { needle }, getVersion, protectionName) { }
+
+        public ContentMatchSet(List<ContentMatch> needles, Func<string, byte[], List<int>, string> getVersion, string protectionName)
+        {
+            Matchers = needles;
+            GetVersion = getVersion;
+            ProtectionName = protectionName;
+        }
+
+        #endregion
+
+        #region Matching
+
+        /// <summary>
+        /// Determine whether all content matches pass
+        /// </summary>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <returns>Tuple of passing status and matching positions</returns>        
+        public (bool, List<int>) MatchesAll(byte[] fileContent)
+        {
+            // If no content matches are defined, we fail out
+            if (Matchers == null || !Matchers.Any())
+                return (false, new List<int>());
+
+            // Initialize the position list
+            List<int> positions = new List<int>();
+
+            // Loop through all content matches and make sure all pass
+            foreach (var contentMatch in Matchers)
+            {
+                (bool match, int position) = contentMatch.Match(fileContent);
+                if (!match)
+                    return (false, new List<int>());
+                else
+                    positions.Add(position);
+            }
+
+            return (true, positions);
+        }
+
+        /// <summary>
+        /// Determine whether any content matches pass
+        /// </summary>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <returns>Tuple of passing status and first matching position</returns>        
+        public (bool, int) MatchesAny(byte[] fileContent)
+        {
+            // If no content matches are defined, we fail out
+            if (Matchers == null || !Matchers.Any())
+                return (false, -1);
+
+            // Loop through all content matches and make sure all pass
+            foreach (var contentMatch in Matchers)
+            {
+                (bool match, int position) = contentMatch.Match(fileContent);
+                if (match)
+                    return (true, position);
+            }
+
+            return (false, -1);
+        }
+
+        #endregion
+    }
+}

BurnOutSharp/Matching/IMatch.cs

@@ -0,0 +1,7 @@
+namespace BurnOutSharp.Matching
+{
+    public interface IMatch<T>
+    {
+        T Needle { get; set; }
+    }
+}

BurnOutSharp/Matching/MatchSet.cs

@@ -0,0 +1,20 @@
+using System.Collections.Generic;
+
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// Wrapper for a single set of matching criteria
+    /// </summary>
+    public abstract class MatchSet<T, U> where T : IMatch<U>
+    {
+        /// <summary>
+        /// Set of all matchers
+        /// </summary>
+        public IEnumerable<T> Matchers { get; set; }
+
+        /// <summary>
+        /// Name of the protection to show
+        /// </summary>
+        public string ProtectionName { get; set; }
+    }
+}

BurnOutSharp/Matching/MatchUtil.cs

@@ -0,0 +1,238 @@
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// Helper class for matching
+    /// </summary>
+    internal static class MatchUtil
+    {
+        #region Content Matching
+
+        /// <summary>
+        /// Get all content matches for a given list of matchers
+        /// </summary>
+        /// <param name="file">File to check for matches</param>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <param name="matchers">Enumerable of ContentMatchSets to be run on the file</param>
+        /// <param name="includeDebug">True to include positional data, false otherwise</param>
+        /// <returns>List of strings representing the matched protections, null or empty otherwise</returns>
+        public static ConcurrentQueue<string> GetAllMatches(
+            string file,
+            byte[] fileContent,
+            IEnumerable<ContentMatchSet> matchers,
+            bool includeDebug = false)
+        {
+            return FindAllMatches(file, fileContent, matchers, includeDebug, false);
+        }
+
+        /// <summary>
+        /// Get first content match for a given list of matchers
+        /// </summary>
+        /// <param name="file">File to check for matches</param>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <param name="matchers">Enumerable of ContentMatchSets to be run on the file</param>
+        /// <param name="includeDebug">True to include positional data, false otherwise</param>
+        /// <returns>String representing the matched protection, null otherwise</returns>
+        public static string GetFirstMatch(
+            string file,
+            byte[] fileContent,
+            IEnumerable<ContentMatchSet> matchers,
+            bool includeDebug = false)
+        {
+            var contentMatches = FindAllMatches(file, fileContent, matchers, includeDebug, true);
+            if (contentMatches == null || !contentMatches.Any())
+                return null;
+            
+            return contentMatches.First();
+        }
+
+        /// <summary>
+        /// Get the required set of content matches on a per Matcher basis
+        /// </summary>
+        /// <param name="file">File to check for matches</param>
+        /// <param name="fileContent">Byte array representing the file contents</param>
+        /// <param name="matchers">Enumerable of ContentMatchSets to be run on the file</param>
+        /// <param name="includeDebug">True to include positional data, false otherwise</param>
+        /// <param name="stopAfterFirst">True to stop after the first match, false otherwise</param>
+        /// <returns>List of strings representing the matched protections, null or empty otherwise</returns>        
+        private static ConcurrentQueue<string> FindAllMatches(
+            string file,
+            byte[] fileContent,
+            IEnumerable<ContentMatchSet> matchers,
+            bool includeDebug,
+            bool stopAfterFirst)
+        {
+            // If there's no mappings, we can't match
+            if (matchers == null || !matchers.Any())
+                return null;
+
+            // Initialize the queue of matched protections
+            var matchedProtections = new ConcurrentQueue<string>();
+
+            // Loop through and try everything otherwise
+            foreach (var matcher in matchers)
+            {
+                // Determine if the matcher passes
+                (bool passes, List<int> positions) = matcher.MatchesAll(fileContent);
+                if (!passes)
+                    continue;
+
+                // Format the list of all positions found
+                string positionsString = string.Join(", ", positions);
+
+                // If we there is no version method, just return the protection name
+                if (matcher.GetVersion == null)
+                {
+                    matchedProtections.Enqueue((matcher.ProtectionName ?? "Unknown Protection") + (includeDebug ? $" (Index {positionsString})" : string.Empty));
+                }
+
+                // Otherwise, invoke the version method
+                else
+                {
+                    // A null version returned means the check didn't pass at the version step
+                    string version = matcher.GetVersion(file, fileContent, positions);
+                    if (version == null)
+                        continue;
+
+                    matchedProtections.Enqueue($"{matcher.ProtectionName ?? "Unknown Protection"} {version}".TrimEnd() + (includeDebug ? $" (Index {positionsString})" : string.Empty));
+                }
+
+                // If we're stopping after the first protection, bail out here
+                if (stopAfterFirst)
+                    return matchedProtections;
+            }
+
+            return matchedProtections;
+        }
+
+        #endregion
+
+        #region Path Matching
+
+        /// <summary>
+        /// Get all path matches for a given list of matchers
+        /// </summary>
+        /// <param name="file">File path to check for matches</param>
+        /// <param name="matchers">Enumerable of PathMatchSets to be run on the file</param>
+        /// <param name="any">True if any path match is a success, false if all have to match</param>
+        /// <returns>List of strings representing the matched protections, null or empty otherwise</returns>
+        public static ConcurrentQueue<string> GetAllMatches(string file, IEnumerable<PathMatchSet> matchers, bool any = false)
+        {
+            return FindAllMatches(new List<string> { file }, matchers, any, false);
+        }
+
+        // <summary>
+        /// Get all path matches for a given list of matchers
+        /// </summary>
+        /// <param name="files">File paths to check for matches</param>
+        /// <param name="matchers">Enumerable of PathMatchSets to be run on the file</param>
+        /// <param name="any">True if any path match is a success, false if all have to match</param>
+        /// <returns>List of strings representing the matched protections, null or empty otherwise</returns>
+        public static ConcurrentQueue<string> GetAllMatches(IEnumerable<string> files, IEnumerable<PathMatchSet> matchers, bool any = false)
+        {
+            return FindAllMatches(files, matchers, any, false);
+        }
+
+        /// <summary>
+        /// Get first path match for a given list of matchers
+        /// </summary>
+        /// <param name="file">File path to check for matches</param>
+        /// <param name="matchers">Enumerable of PathMatchSets to be run on the file</param>
+        /// <param name="any">True if any path match is a success, false if all have to match</param>
+        /// <returns>String representing the matched protection, null otherwise</returns>
+        public static string GetFirstMatch(string file, IEnumerable<PathMatchSet> matchers, bool any = false)
+        {
+            var contentMatches = FindAllMatches(new List<string> { file }, matchers, any, true);
+            if (contentMatches == null || !contentMatches.Any())
+                return null;
+            
+            return contentMatches.First();
+        }
+
+        /// <summary>
+        /// Get first path match for a given list of matchers
+        /// </summary>
+        /// <param name="files">File paths to check for matches</param>
+        /// <param name="matchers">Enumerable of PathMatchSets to be run on the file</param>
+        /// <param name="any">True if any path match is a success, false if all have to match</param>
+        /// <returns>String representing the matched protection, null otherwise</returns>
+        public static string GetFirstMatch(IEnumerable<string> files, IEnumerable<PathMatchSet> matchers, bool any = false)
+        {
+            var contentMatches = FindAllMatches(files, matchers, any, true);
+            if (contentMatches == null || !contentMatches.Any())
+                return null;
+            
+            return contentMatches.First();
+        }
+
+        /// <summary>
+        /// Get the required set of path matches on a per Matcher basis
+        /// </summary>
+        /// <param name="files">File paths to check for matches</param>
+        /// <param name="matchers">Enumerable of PathMatchSets to be run on the file</param>
+        /// <param name="any">True if any path match is a success, false if all have to match</param>
+        /// <param name="stopAfterFirst">True to stop after the first match, false otherwise</param>
+        /// <returns>List of strings representing the matched protections, null or empty otherwise</returns>        
+        private static ConcurrentQueue<string> FindAllMatches(IEnumerable<string> files, IEnumerable<PathMatchSet> matchers, bool any, bool stopAfterFirst)
+        {
+            // If there's no mappings, we can't match
+            if (matchers == null || !matchers.Any())
+                return new ConcurrentQueue<string>();
+
+            // Initialize the list of matched protections
+            var matchedProtections = new ConcurrentQueue<string>();
+
+            // Loop through and try everything otherwise
+            foreach (var matcher in matchers)
+            {
+                // Determine if the matcher passes
+                bool passes;
+                string firstMatchedString;
+                if (any)
+                {
+                    (bool anyPasses, string matchedString) = matcher.MatchesAny(files);
+                    passes = anyPasses;
+                    firstMatchedString = matchedString;
+                }
+                else
+                {
+                    (bool allPasses, List<string> matchedStrings) = matcher.MatchesAll(files);
+                    passes = allPasses;
+                    firstMatchedString = matchedStrings.FirstOrDefault();
+                }
+                
+                // If we don't have a pass, just continue
+                if (!passes)
+                    continue;
+
+                // If we there is no version method, just return the protection name
+                if (matcher.GetVersion == null)
+                {
+                    matchedProtections.Enqueue(matcher.ProtectionName ?? "Unknown Protection");
+                }
+
+                // Otherwise, invoke the version method
+                else
+                {
+                    // A null version returned means the check didn't pass at the version step
+                    string version = matcher.GetVersion(firstMatchedString, files);
+                    if (version == null)
+                        continue;
+
+                    matchedProtections.Enqueue($"{matcher.ProtectionName ?? "Unknown Protection"} {version}".TrimEnd());
+                }
+
+                // If we're stopping after the first protection, bail out here
+                if (stopAfterFirst)
+                    return matchedProtections;
+            }
+
+            return matchedProtections;
+        }
+    
+        #endregion
+    }
+}

BurnOutSharp/Matching/PathMatch.cs

@@ -0,0 +1,71 @@
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// Path matching criteria
+    /// </summary>
+    public class PathMatch : IMatch<string>
+    {
+        /// <summary>
+        /// String to match
+        /// </summary>
+        public string Needle { get; set; }
+
+        /// <summary>
+        /// Match exact casing instead of invariant
+        /// </summary>
+        public bool MatchExact { get; set; }
+
+        /// <summary>
+        /// Match that values end with the needle and not just contains
+        /// </summary>
+        public bool UseEndsWith { get; set; }
+
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="needle">String representing the search</param>
+        /// <param name="matchExact">True to match exact casing, false otherwise</param>
+        /// <param name="useEndsWith">True to match the end only, false for all contents</param>
+        public PathMatch(string needle, bool matchExact = false, bool useEndsWith = false)
+        {
+            Needle = needle;
+            MatchExact = matchExact;
+            UseEndsWith = useEndsWith;
+        }
+
+        #region Matching
+
+        /// <summary>
+        /// Get if this match can be found in a stack
+        /// </summary>
+        /// <param name="stack">List of strings to search for the given content</param>
+        /// <returns>Tuple of success and matched item</returns>
+        public (bool, string) Match(IEnumerable<string> stack)
+        {
+            // If either array is null or empty, we can't do anything
+            if (stack == null || !stack.Any() || Needle == null || Needle.Length == 0)
+                return (false, null);
+
+            // Preprocess the needle, if necessary
+            string procNeedle = MatchExact ? Needle : Needle.ToLowerInvariant();
+
+            foreach (string stackItem in stack)
+            {
+                // Preprocess the stack item, if necessary
+                string procStackItem = MatchExact ? stackItem : stackItem.ToLowerInvariant();
+
+                if (UseEndsWith && procStackItem.EndsWith(procNeedle))
+                    return (true, stackItem);
+                else if (!UseEndsWith && procStackItem.Contains(procNeedle))
+                    return (true, stackItem);
+            }
+
+            return (false, null);
+        }
+    
+        #endregion
+    }
+}

BurnOutSharp/Matching/PathMatchSet.cs

@@ -0,0 +1,108 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BurnOutSharp.Matching
+{
+    /// <summary>
+    /// A set of path matches that work together
+    /// </summary>
+    public class PathMatchSet : MatchSet<PathMatch, string>
+    {
+        /// <summary>
+        /// Function to get a path version for this Matcher
+        /// </summary>
+        /// <remarks>
+        /// A path version method takes the matched path and an enumerable of files
+        /// and returns a single string. That string is either a version string,
+        /// in which case it will be appended to the protection name, or `null`,
+        /// in which case it will cause the protection to be omitted.
+        /// </remarks>
+        public Func<string, IEnumerable<string>, string> GetVersion { get; set; }
+
+        #region Constructors
+
+        public PathMatchSet(string needle, string protectionName)
+            : this(new List<string> { needle }, null, protectionName) { }
+
+        public PathMatchSet(List<string> needles, string protectionName)
+            : this(needles, null, protectionName) { }
+
+        public PathMatchSet(string needle, Func<string, IEnumerable<string>, string> getVersion, string protectionName)
+            : this(new List<string> { needle }, getVersion, protectionName) { }
+
+        public PathMatchSet(List<string> needles, Func<string, IEnumerable<string>, string> getVersion, string protectionName)
+            : this(needles.Select(n => new PathMatch(n)).ToList(), getVersion, protectionName) { }
+
+        public PathMatchSet(PathMatch needle, string protectionName)
+            : this(new List<PathMatch>() { needle }, null, protectionName) { }
+
+        public PathMatchSet(List<PathMatch> needles, string protectionName)
+            : this(needles, null, protectionName) { }
+
+        public PathMatchSet(PathMatch needle, Func<string, IEnumerable<string>, string> getVersion, string protectionName)
+            : this(new List<PathMatch>() { needle }, getVersion, protectionName) { }
+
+        public PathMatchSet(List<PathMatch> needles, Func<string, IEnumerable<string>, string> getVersion, string protectionName)
+        {
+            Matchers = needles;
+            GetVersion = getVersion;
+            ProtectionName = protectionName;
+        }
+
+        #endregion
+
+        #region Matching
+
+        /// <summary>
+        /// Determine whether all path matches pass
+        /// </summary>
+        /// <param name="stack">List of strings to try to match</param>
+        /// <returns>Tuple of passing status and matching values</returns>        
+        public (bool, List<string>) MatchesAll(IEnumerable<string> stack)
+        {
+            // If no path matches are defined, we fail out
+            if (Matchers == null || !Matchers.Any())
+                return (false, new List<string>());
+
+            // Initialize the value list
+            List<string> values = new List<string>();
+
+            // Loop through all path matches and make sure all pass
+            foreach (var pathMatch in Matchers)
+            {
+                (bool match, string value) = pathMatch.Match(stack);
+                if (!match)
+                    return (false, new List<string>());
+                else
+                    values.Add(value);
+            }
+
+            return (true, values);
+        }
+
+        /// <summary>
+        /// Determine whether any path matches pass
+        /// </summary>
+        /// <param name="stack">List of strings to try to match</param>
+        /// <returns>Tuple of passing status and first matching value</returns>        
+        public (bool, string) MatchesAny(IEnumerable<string> stack)
+        {
+            // If no path matches are defined, we fail out
+            if (Matchers == null || !Matchers.Any())
+                return (false, null);
+
+            // Loop through all path matches and make sure all pass
+            foreach (var pathMatch in Matchers)
+            {
+                (bool match, string value) = pathMatch.Match(stack);
+                if (match)
+                    return (true, value);
+            }
+
+            return (false, null);
+        }
+
+        #endregion
+    }
+}