mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-13 05:35:24 +00:00
31 lines
1.2 KiB
C#
31 lines
1.2 KiB
C#
using System.Linq;
|
|
using System.Text;
|
|
using BurnOutSharp.ExecutableType.Microsoft;
|
|
|
|
namespace BurnOutSharp.ProtectionType
|
|
{
|
|
public class ThreePLock : IContentCheck
|
|
{
|
|
/// <inheritdoc/>
|
|
public string CheckContents(string file, byte[] fileContent, bool includeDebug = false)
|
|
{
|
|
// Get the sections from the executable, if possible
|
|
PortableExecutable pex = PortableExecutable.Deserialize(fileContent, 0);
|
|
var sections = pex?.SectionTable;
|
|
if (sections == null)
|
|
return null;
|
|
|
|
//This produced false positives in some DirectX 9.0c installer files
|
|
//"Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW"
|
|
|
|
// Get the .ldr and .ldt sections, if they exist -- TODO: Confirm if both are needed or either/or is fine
|
|
var cmsdSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldr"));
|
|
var cmstSection = sections.FirstOrDefault(s => Encoding.ASCII.GetString(s.Name).StartsWith(".ldt"));
|
|
if (cmsdSection != null || cmstSection != null)
|
|
return $"3PLock";
|
|
|
|
return null;
|
|
}
|
|
}
|
|
}
|