mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-11 13:45:25 +00:00
e118418a23
This change also removes a couple of things from `BurnOutSharp.Tools.Utilities` that are no longer needed there. Linear executables are included in the scanning classes. Update the guides accordingly.
124 lines
7.6 KiB
C#
124 lines
7.6 KiB
C#
using System.Collections.Concurrent;
|
|
using System.Collections.Generic;
|
|
using BinaryObjectScanner.Interfaces;
|
|
using BinaryObjectScanner.Matching;
|
|
using BinaryObjectScanner.Wrappers;
|
|
|
|
namespace BinaryObjectScanner.Protection
|
|
{
|
|
public class Steam : IPathCheck, IPortableExecutableCheck
|
|
{
|
|
/// <inheritdoc/>
|
|
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
|
{
|
|
// Get the sections from the executable, if possible
|
|
var sections = pex?.SectionTable;
|
|
if (sections == null)
|
|
return null;
|
|
|
|
string name = pex.FileDescription;
|
|
if (!string.IsNullOrEmpty(name) && name.Contains("Steam Autorun Setup"))
|
|
return "Steam";
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client API"))
|
|
return "Steam";
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Engine"))
|
|
return $"Steam Client Engine {pex.GetInternalVersion()}";
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Service"))
|
|
return "Steam";
|
|
|
|
name = pex.ProductName;
|
|
if (!string.IsNullOrEmpty(name) && name.Contains("Steam Autorun Setup"))
|
|
return "Steam";
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client API"))
|
|
return "Steam";
|
|
else if (!string.IsNullOrEmpty(name) && name.Contains("Steam Client Service"))
|
|
return "Steam";
|
|
|
|
/// TODO: Add entry point checks
|
|
/// https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Steam.2.sg
|
|
|
|
return null;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
|
{
|
|
var matchers = new List<PathMatchSet>
|
|
{
|
|
// These checks are grouped together due to the names being generic on their own (Redump entry 91450).
|
|
new PathMatchSet(new List<PathMatch>
|
|
{
|
|
// TODO: Identify based on "Steam(TM)" being present in "Description" but not in "File Description".
|
|
new PathMatch("steam.exe", useEndsWith: true),
|
|
|
|
new PathMatch("steam.ini", useEndsWith: true),
|
|
|
|
// TODO: Identify file using MSI property parsing.
|
|
new PathMatch("steam.msi", useEndsWith: true),
|
|
}, "Steam"),
|
|
|
|
new PathMatchSet(new PathMatch("steam_api.dll", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steam_api64.dll", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steam_install_agreement.rtf", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.bom", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.info", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.ini", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.pax.gz", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.pkg", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.sizes", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Czech.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_English.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_French.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_German.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Italian.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Polish.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Russian.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Spanish.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller.dmg", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamService.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamSetup.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steamxboxutil64.exe", useEndsWith: true), "Steam"),
|
|
};
|
|
|
|
return MatchUtil.GetAllMatches(files, matchers, any: true);
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public string CheckFilePath(string path)
|
|
{
|
|
var matchers = new List<PathMatchSet>
|
|
{
|
|
new PathMatchSet(new PathMatch("steam_api.dll", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steam_api64.dll", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steam_install_agreement.rtf", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.bom", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.info", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.ini", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.pax.gz", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.pkg", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall.sizes", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Czech.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_English.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_French.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_German.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Italian.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Polish.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Russian.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamInstall_Spanish.msi", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamRetailInstaller.dmg", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamService.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("SteamSetup.exe", useEndsWith: true), "Steam"),
|
|
new PathMatchSet(new PathMatch("steamxboxutil64.exe", useEndsWith: true), "Steam"),
|
|
};
|
|
|
|
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
|
}
|
|
}
|
|
}
|