SabreTools/BinaryObjectScanner
1
0
Fork 0
mirror of https://github.com/SabreTools/BinaryObjectScanner.git synced 2026-02-13 13:45:57 +00:00
Code Issues 295 Packages Projects Releases 20 Wiki Activity
Files
7c27fcd8a4e9e91bf91f4940b0d43cc4e2711559
BinaryObjectScanner/BurnOutSharp/ProtectionType/Origin.cs
Matt Nadareski b779f2f546 Only deserialze a file once per round of checks
2021-09-10 16:10:15 -07:00

61 lines
2.3 KiB
C#
Raw Blame History

using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using BurnOutSharp.ExecutableType.Microsoft;
using BurnOutSharp.Matching;
namespace BurnOutSharp.ProtectionType
{
public class Origin : IContentCheck, IPathCheck
{
/// <inheritdoc/>
private List<ContentMatchSet> GetContentMatchSets()
{
// TODO: Obtain a sample to find where this string is in a typical executable
return new List<ContentMatchSet>
{
// O + (char)0x00 + r + (char)0x00 + i + (char)0x00 + g + (char)0x00 + i + (char)0x00 + n + (char)0x00 + S + (char)0x00 + e + (char)0x00 + t + (char)0x00 + u + (char)0x00 + p + (char)0x00 + . + (char)0x00 + e + (char)0x00 + x + (char)0x00 + e + (char)0x00
new ContentMatchSet(new byte?[]
{
0x4F, 0x00, 0x72, 0x00, 0x69, 0x00, 0x67, 0x00,
0x69, 0x00, 0x6E, 0x00, 0x53, 0x00, 0x65, 0x00,
0x74, 0x00, 0x75, 0x00, 0x70, 0x00, 0x2E, 0x00,
0x65, 0x00, 0x78, 0x00, 0x65, 0x00
}, "Origin"),
};
}
/// <inheritdoc/>
public string CheckContents(string file, byte[] fileContent,bool includeDebug, PortableExecutable pex, NewExecutable nex)
{
var contentMatchSets = GetContentMatchSets();
if (contentMatchSets != null && contentMatchSets.Any())
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
return null;
}
/// <inheritdoc/>
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
{
var matchers = new List<PathMatchSet>
{
new PathMatchSet(new PathMatch("OriginSetup.exe", useEndsWith: true), "Origin"),
};
return MatchUtil.GetAllMatches(files, matchers, any: true);
}
/// <inheritdoc/>
public string CheckFilePath(string path)
{
var matchers = new List<PathMatchSet>
{
new PathMatchSet(new PathMatch("OriginSetup.exe", useEndsWith: true), "Origin"),
};
return MatchUtil.GetFirstMatch(path, matchers, any: true);
}
}
}
Reference in New Issue View Git Blame Copy Permalink