SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-11 21:29:18 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity
Files
73dd669c20a3687744761f4ceddf7c2cbfa41d06
BinaryObjectScanner/BurnOutSharp/ProtectionType/SafeLock.cs
Matt Nadareski b779f2f546 Only deserialze a file once per round of checks
2021-09-10 16:10:15 -07:00

60 lines
2.2 KiB
C#
Raw Blame History

using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class SafeLock : IContentCheck, IPathCheck
{
/// <inheritdoc/>
private List<ContentMatchSet> GetContentMatchSets()
{
// TODO: Obtain a sample to find where this string is in a typical executable
return new List<ContentMatchSet>
{
// SafeLock
new ContentMatchSet(new byte?[] { 0x53, 0x61, 0x66, 0x65, 0x4C, 0x6F, 0x63, 0x6B }, "SafeLock"),
};
}
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent, bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
var contentMatchSets = GetContentMatchSets();
if (contentMatchSets != null && contentMatchSets.Any())
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
return null;
}
/// <inheritdoc/>
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
{
// TODO: Verify if these are OR or AND
var matchers = new List<PathMatchSet>
{
new PathMatchSet(new PathMatch("SafeLock.dat", useEndsWith: true), "SafeLock"),
new PathMatchSet(new PathMatch("SafeLock.001", useEndsWith: true), "SafeLock"),
new PathMatchSet(new PathMatch("SafeLock.128", useEndsWith: true), "SafeLock"),
};
return MatchUtil.GetAllMatches(files, matchers, any: true);
}
/// <inheritdoc/>
public string CheckFilePath(string path)
{
var matchers = new List<PathMatchSet>
{
new PathMatchSet(new PathMatch("SafeLock.dat", useEndsWith: true), "SafeLock"),
new PathMatchSet(new PathMatch("SafeLock.001", useEndsWith: true), "SafeLock"),
new PathMatchSet(new PathMatch("SafeLock.128", useEndsWith: true), "SafeLock"),
};
return MatchUtil.GetFirstMatch(path, matchers, any: true);
}
}
}
Reference in New Issue View Git Blame Copy Permalink