using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using BinaryObjectScanner.Interfaces;
using BinaryObjectScanner.Matching;
using BinaryObjectScanner.Wrappers;
namespace BinaryObjectScanner.Protection
{
public class SmartE : IPathCheck, IPortableExecutableCheck
{
///
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
{
// Get the sections from the executable, if possible
var sections = pex?.SectionTable;
if (sections == null)
return null;
// Get the last section strings, if they exist
List strs = pex.GetSectionStrings(sections.Length - 1);
if (strs != null)
{
if (strs.Any(s => s.Contains("BITARTS")))
return "SmartE";
}
return null;
}
///
public ConcurrentQueue CheckDirectoryPath(string path, IEnumerable files)
{
var matchers = new List
{
new PathMatchSet(new List
{
new PathMatch($"{Path.DirectorySeparatorChar}00001.TMP", useEndsWith: true),
new PathMatch($"{Path.DirectorySeparatorChar}00002.TMP", useEndsWith: true)
}, "SmartE"),
};
return MatchUtil.GetAllMatches(files, matchers, any: true);
}
///
public string CheckFilePath(string path)
{
var matchers = new List
{
new PathMatchSet(new PathMatch($"{Path.DirectorySeparatorChar}00001.TMP", useEndsWith: true), "SmartE"),
new PathMatchSet(new PathMatch($"{Path.DirectorySeparatorChar}00002.TMP", useEndsWith: true), "SmartE"),
};
return MatchUtil.GetFirstMatch(path, matchers, any: true);
}
}
}