Bump version

Update Serialization to 1.8.6
Don't check files with ".srdata" section for Denuvo (#351 )
2026-02-05 05:37:34 +00:00 · 2024-12-31 13:25:24 -05:00 · 2024-12-30 22:56:12 -05:00 · 2024-12-30 22:16:55 -05:00 · 2024-12-30 21:41:27 -05:00 · 2024-12-30 21:40:52 -05:00
17 changed files with 105 additions and 28 deletions
--- a/.github/workflows/build_and_test.yml
+++ b/.github/workflows/build_and_test.yml
@@ -16,7 +16,10 @@ jobs:
    - name: Setup .NET
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.x
+        dotnet-version: |
+            6.0.x
+            8.0.x
+            9.0.x
        
    - name: Run tests
      run: dotnet test
@@ -24,12 +27,6 @@ jobs:
    - name: Run publish script
      run: ./publish-nix.sh -d

-    - name: Upload package
-      uses: actions/upload-artifact@v4
-      with:
-        name: 'Nuget Package'
-        path: "*.nupkg,*.snupkg"
-
    - name: Upload to rolling
      uses: ncipollo/release-action@v1.14.0
      with:
--- a/.github/workflows/check_pr.yml
+++ b/.github/workflows/check_pr.yml
@@ -11,7 +11,10 @@ jobs:
    - name: Setup .NET
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.x
+        dotnet-version: |
+            6.0.x
+            8.0.x
+            9.0.x
      
    - name: Build
      run: dotnet build
--- a/BinaryObjectScanner.Test/BinaryObjectScanner.Test.csproj
+++ b/BinaryObjectScanner.Test/BinaryObjectScanner.Test.csproj
@@ -12,12 +12,12 @@
    </ItemGroup>

    <ItemGroup>
-        <PackageReference Include="coverlet.collector" Version="6.0.2">
+        <PackageReference Include="coverlet.collector" Version="6.0.3">
            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
            <PrivateAssets>all</PrivateAssets>
        </PackageReference>
        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-        <PackageReference Include="SabreTools.Serialization" Version="1.8.4" />
+        <PackageReference Include="SabreTools.Serialization" Version="1.8.6" />
        <PackageReference Include="xunit" Version="2.9.2" />
        <PackageReference Include="xunit.runner.visualstudio" Version="3.0.0">
            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
--- a/BinaryObjectScanner/BinaryObjectScanner.csproj
+++ b/BinaryObjectScanner/BinaryObjectScanner.csproj
@@ -13,14 +13,14 @@
        <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
        <SymbolPackageFormat>snupkg</SymbolPackageFormat>
        <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-        <Version>3.3.3</Version>
+        <Version>3.3.4</Version>
        <!-- Mostly added due to external libraries -->
        <WarningsNotAsErrors>CS8600;CS8601;CS8602;CS8603;CS8604;CS8605;CS8618;CS8625;CS8634;CS8765;IL3000;NU5100</WarningsNotAsErrors>

        <!-- Package Properties -->
        <Authors>Matt Nadareski</Authors>
        <Description>Protection scanning library</Description>
-        <Copyright>Copyright (c)2018-2024 Matt Nadareski</Copyright>
+        <Copyright>Copyright (c)2018-2025 Matt Nadareski</Copyright>
        <PackageProjectUrl>https://github.com/SabreTools/</PackageProjectUrl>
        <RepositoryUrl>https://github.com/SabreTools/BinaryObjectScanner</RepositoryUrl>
        <RepositoryType>git</RepositoryType>
@@ -91,7 +91,7 @@
        <PackageReference Include="SabreTools.IO" Version="1.6.2" />
        <PackageReference Include="SabreTools.Matching" Version="1.5.1" />
        <PackageReference Include="SabreTools.Models" Version="1.5.8" />
-        <PackageReference Include="SabreTools.Serialization" Version="1.8.4" />
+        <PackageReference Include="SabreTools.Serialization" Version="1.8.6" />
        <PackageReference Include="UnshieldSharp" Version="1.9.4" />
        <PackageReference Include="WiseUnpacker" Version="1.5.6" />
    </ItemGroup>
--- a/BinaryObjectScanner/Options.cs
+++ b/BinaryObjectScanner/Options.cs
@@ -11,17 +11,22 @@
        public bool ScanArchives { get; set; }

        /// <summary>
-        /// Determines if content matches are used or not
+        /// Determines if content matches are used
        /// </summary>
        public bool ScanContents { get; set; }

        /// <summary>
-        /// Determines if path matches are used or not
+        /// Determines if path matches are used
        /// </summary>
        public bool ScanPaths { get; set; }

        /// <summary>
-        /// Determines if debug information is output or not
+        /// Determines if subdirectories are scanned
+        /// </summary>
+        public bool ScanSubdirectories { get; set; }
+
+        /// <summary>
+        /// Determines if debug information is output
        /// </summary>
        public bool IncludeDebug { get; set; }
    }
--- a/BinaryObjectScanner/Packer/ASPack.cs
+++ b/BinaryObjectScanner/Packer/ASPack.cs
@@ -656,8 +656,9 @@ namespace BinaryObjectScanner.Packer

                new(new byte?[] { 0x60, 0xE8, 0x41, 0x06, 0x00, 0x00, 0xEB, 0x41 }, "ASPack 1.08.04"),

-                new(new byte?[] { 0x60, 0xE8, null, null, null, null, 0xEB }, "ASPack 1.08.04"),
-
+                // Disabled due to being too prone to false positives. 
+                //new(new byte?[] { 0x60, 0xE8, null, null, null, null, 0xEB }, "ASPack 1.08.04"),
+                
                new(new byte?[] { 0x60, 0xE8, 0x70, 0x05, 0x00, 0x00, 0xEB, 0x4C }, "ASPack 2.00.00"),

                new(new byte?[] { 0x60, 0xE8, 0x48, 0x11, 0x00, 0x00, 0xC3, 0x83 }, "ASPack 2.00.00"),
--- a/BinaryObjectScanner/Protection/Denuvo.cs
+++ b/BinaryObjectScanner/Protection/Denuvo.cs
@@ -90,7 +90,9 @@ namespace BinaryObjectScanner.Protection

            // TODO: Re-enable all Entry Point checks after implementing
            if (pex.ContainsSection(".arch")
-                || pex.ContainsSection(".srdata")
+                // Disabled scanning in files with the ".srdata" section due to numerous false positives.
+                // These include Redump entry 112733 and Bus Hound 5.04 (https://web.archive.org/web/20070129204350/http://www.perisoft.net/bin/bhe504.exe).
+                // || pex.ContainsSection(".srdata")
                || !string.IsNullOrEmpty(timingMatch))
            {
                if (pex.Model.OptionalHeader?.Magic == OHMN.PE32Plus)
--- a/BinaryObjectScanner/Protection/HexalockAutoLock.cs
+++ b/BinaryObjectScanner/Protection/HexalockAutoLock.cs
@@ -57,7 +57,25 @@ namespace BinaryObjectScanner.Protection
                if (strs.Exists(s => s.Contains("mfint.dll")))
                    return "Hexalock Autolock";
            }
-
+            
+            // Get the code/CODE section strings, if they exist
+            strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
+            if (strs != null)
+            {
+                // Found in "launcher.exe" in "Sea Adventure / Adventure de la Mer" by Compedia.
+                if (strs.Exists(s => s.Contains("mfint.dll")))
+                    return "Hexalock Autolock";
+            }
+            
+            // Get the UPX1 section strings, if they exist
+            strs = pex.GetFirstSectionStrings("UPX1");
+            if (strs != null)
+            {
+                // Found in "postmanpat.exe" in "Postman Pat" by Compedia.
+                if (strs.Exists(s => s.Contains("mfint.dll")))
+                    return "Hexalock Autolock";
+            }
+            
            return null;
        }

--- a/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.SafeDisc.cs
@@ -528,6 +528,24 @@ namespace BinaryObjectScanner.Protection
                // Found in Redump entry 116357.
                "CC1818B15AD1D0510602D556AB0AFFB8011ECF4F" => "2.90.045",

+                // Found in Redump entries 13230 and 68204.
+                "E481642064018AD02CE1FA524E539C89B80B8116" => "3.10.020",
+
+                // Found in Redump entries 36511 and 74338.
+                "6950E54EFAE8A00D2F54BEAAE34FBE13C9555BB8" => "3.15.010",
+
+                // Found in Redump entries 15383 and 35512.
+                "86EBAD43D87C2192FAF457BE922E21963FE8A16C" => "3.15.011",
+
+                // Found in Redump entries 30404, 31621/31623, 56748, 58625, and 64355-64358. TODO: Test 84586.
+                "553BA02CCAE2298C6E14F695EA172EB2B47E6798" => "3.20.020",
+
+                // Found in Redump entries 20728, 53667/53668/76775, 58625, 64255, 75782, 84985, 91552, 102135, and 102806.
+                "CCC4797FDC387FB5E08F87C1830F43F9B7A28726" => "3.20.022",
+
+                // Found in Redump entries 20729, 28257, 54268-5427, 63810-63813, and 86177.
+                "E931EEC20B4A7032BDAD5DC1D76E740A08A6321B" => "3.20.024",
+
                _ => "Unknown Version (Report this to us on GitHub)",
            };
        }
--- a/BinaryObjectScanner/Protection/Macrovision.cs
+++ b/BinaryObjectScanner/Protection/Macrovision.cs
@@ -667,13 +667,25 @@ namespace BinaryObjectScanner.Protection
                    // It also doesn't appear to contain the SecDrv or DrvMgt drivers. It may be a Long Term Support release of SafeDisc 2 for customers unwilling or unable to use SafeDisc 3+.
                    or "2.90.045"

-                    // Source not documented.
+                    // Found in Redump entries 13230 and 68204.
                    or "3.10.020"
+
+                    // Found in Redump entries 36511 and 74338.
                    or "3.15.010"
+
+                    // Found in Redump entries 15383 and 35512.
                    or "3.15.011"
+
+                    // Found in Redump entries 30404, 31621/31623, 56748, 58625, and 64355-64358.
                    or "3.20.020"
+
+                    // Found in Redump entries 20728, 53667/53668/76775, 58625, 64255, 75782, 84985, 91552, 102135, and 102806.
                    or "3.20.022"
+
+                    // Found in Redump entries 20729, 28257, 54268-5427, 63810-63813, and 86177.
                    or "3.20.024"
+
+                    // Source not documented.
                    or "4.00.000"
                    or "4.00.001"
                    or "4.00.002"
--- a/BinaryObjectScanner/Protection/SolidShield.cs
+++ b/BinaryObjectScanner/Protection/SolidShield.cs
@@ -27,6 +27,10 @@ namespace BinaryObjectScanner.Protection
            else if (name.OptionalStartsWith("Activation Manager", StringComparison.OrdinalIgnoreCase))
                return $"SolidShield Activation Manager Module {GetInternalVersion(pex)}";

+            // Found in Redump entry 63719.
+            else if (name.OptionalStartsWith("Solidshield - Activation Wizard", StringComparison.OrdinalIgnoreCase))
+                return $"SolidShield Activation Manager Module {GetInternalVersion(pex)}";
+
            // Found in "tvdm.dll" in Redump entry 68166.
            else if (name.OptionalStartsWith("Solidshield Library", StringComparison.OrdinalIgnoreCase))
                return $"SolidShield {GetInternalVersion(pex)}";
--- a/BinaryObjectScanner/Scanner.cs
+++ b/BinaryObjectScanner/Scanner.cs
@@ -31,11 +31,13 @@ namespace BinaryObjectScanner
        /// <param name="scanArchives">Enable scanning archive contents</param>
        /// <param name="scanContents">Enable including content detections in output</param>
        /// <param name="scanPaths">Enable including path detections in output</param>
+        /// <param name="scanSubdirectories">Enable scanning subdirectories</param>
        /// <param name="includeDebug">Enable including debug information</param>
        /// <param name="fileProgress">Optional progress callback</param>
        public Scanner(bool scanArchives,
            bool scanContents,
            bool scanPaths,
+            bool scanSubdirectories,
            bool includeDebug,
            IProgress<ProtectionProgress>? fileProgress = null)
        {
@@ -44,6 +46,7 @@ namespace BinaryObjectScanner
                ScanArchives = scanArchives,
                ScanContents = scanContents,
                ScanPaths = scanPaths,
+                ScanSubdirectories = scanSubdirectories,
                IncludeDebug = includeDebug,
            };

@@ -93,7 +96,8 @@ namespace BinaryObjectScanner
                if (Directory.Exists(path))
                {
                    // Enumerate all files at first for easier access
-                    List<string> files = [.. IOExtensions.SafeGetFiles(path, "*", SearchOption.AllDirectories)];
+                    SearchOption searchOption = _options.ScanSubdirectories ? SearchOption.AllDirectories : SearchOption.TopDirectoryOnly;
+                    List<string> files = [.. IOExtensions.SafeGetFiles(path, "*", searchOption)];

                    // Scan for path-detectable protections
                    if (_options.ScanPaths)
--- a/ExtractionTool/ExtractionTool.csproj
+++ b/ExtractionTool/ExtractionTool.csproj
@@ -9,7 +9,7 @@
        <Nullable>enable</Nullable>
        <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
        <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-        <Version>3.3.3</Version>
+        <Version>3.3.4</Version>
    </PropertyGroup>

    <!-- Support All Frameworks -->
@@ -71,7 +71,7 @@

    <ItemGroup>
        <PackageReference Include="SabreTools.IO" Version="1.6.2" />
-        <PackageReference Include="SabreTools.Serialization" Version="1.8.4" />
+        <PackageReference Include="SabreTools.Serialization" Version="1.8.6" />
    </ItemGroup>

 </Project>
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2023 Matt Nadareski
+Copyright (c) 2018-2025 Matt Nadareski

 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

--- a/ProtectionScan/Options.cs
+++ b/ProtectionScan/Options.cs
@@ -29,11 +29,17 @@ namespace ProtectionScan
        /// Scan file contents during protection scanning
        /// </summary>
        public bool ScanContents { get; private set; } = true;
+
        /// <summary>
        /// Scan file paths during protection scanning
        /// </summary>
        public bool ScanPaths { get; private set; } = true;

+        /// <summary>
+        /// Scan subdirectories during protection scanning
+        /// </summary>
+        public bool ScanSubdirectories { get; set; } = true;
+
        #endregion

        /// <summary>
@@ -74,11 +80,16 @@ namespace ProtectionScan
                        options.ScanContents = false;
                        break;

-                    case "-ns":
+                    case "-np":
                    case "--no-paths":
                        options.ScanPaths = false;
                        break;

+                    case "-ns":
+                    case "--no-subdirs":
+                        options.ScanSubdirectories = false;
+                        break;
+
                    default:
                        options.InputPaths.Add(arg);
                        break;
@@ -109,7 +120,8 @@ namespace ProtectionScan
            Console.WriteLine("-d, --debug              Enable debug mode");
            Console.WriteLine("-nc, --no-contents       Disable scanning for content checks");
            Console.WriteLine("-na, --no-archives       Disable scanning archives");
-            Console.WriteLine("-ns, --no-paths          Disable scanning for path checks");
+            Console.WriteLine("-np, --no-paths          Disable scanning for path checks");
+            Console.WriteLine("-ns, --no-subdirs        Disable scanning subdirectories");
        }
    }
 }
--- a/ProtectionScan/Program.cs
+++ b/ProtectionScan/Program.cs
@@ -35,6 +35,7 @@ namespace ProtectionScan
                options.ScanArchives,
                options.ScanContents,
                options.ScanPaths,
+                options.ScanSubdirectories,
                options.Debug,
                fileProgress);

--- a/ProtectionScan/ProtectionScan.csproj
+++ b/ProtectionScan/ProtectionScan.csproj
@@ -9,7 +9,7 @@
        <Nullable>enable</Nullable>
        <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
        <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
-        <Version>3.3.3</Version>
+        <Version>3.3.4</Version>
    </PropertyGroup>

    <!-- Support All Frameworks -->
Author	SHA1	Message	Date
Matt Nadareski	610078b47c	Bump version	2024-12-31 13:25:24 -05:00
Matt Nadareski	ff450a9bcf	Update Serialization to 1.8.6	2024-12-30 22:56:12 -05:00
TheRogueArchivist	6661c48428	Don't check files with ".srdata" section for Denuvo (#351 ) Prone to too many false positives.	2024-12-30 22:16:55 -05:00
Matt Nadareski	f2a07fc088	Update copyright	2024-12-30 21:41:27 -05:00
Matt Nadareski	e34ea5faca	Remove unnecessary action step	2024-12-30 21:40:52 -05:00
Matt Nadareski	11ed09caf2	Update Serialization to 1.8.5	2024-12-30 21:00:53 -05:00
HeroponRikiBestest	f5615d7713	Removed secondary ASPack 1.08.04 check due to false positives. (#350 )	2024-12-30 20:32:35 -05:00
Matt Nadareski	2df4144f23	Add new SolidShield activation manager description (fixes #348 )	2024-12-29 15:17:35 -05:00
HeroponRikiBestest	5f5dc7d0de	Improve Hexalock detection slightly (#347 ) * Improve Hexalock detection via checking different known sections for mfint.dll * Add sabre's suggestion Improve code with sabre's code suggestion Co-authored-by: Matt Nadareski <mnadareski@outlook.com> * Add extra check for instances in UPX executables. * Add newlines between if blocks. --------- Co-authored-by: Matt Nadareski <mnadareski@outlook.com>	2024-12-29 14:40:24 -05:00
TheRogueArchivist	d505707dee	Add sources for SafeDisc 3 (#346 ) Add sources for SafeDisc 3, and add the corresponding clcd32.dll hashes	2024-12-27 07:51:00 -05:00
Matt Nadareski	5e7342477a	Ensure .NET versions are installed for testing	2024-12-19 10:54:47 -05:00
Matt Nadareski	35b1bb817e	Add flag for SafeGetFiles	2024-12-19 00:02:53 -05:00