mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-14 05:36:07 +00:00
31 lines
1.2 KiB
C#
31 lines
1.2 KiB
C#
using System.Collections.Generic;
|
|
using BurnOutSharp.Matching;
|
|
|
|
namespace BurnOutSharp.PackerType
|
|
{
|
|
public class EXEStealth : IContentCheck
|
|
{
|
|
/// <summary>
|
|
/// Set of all ContentMatchSets for this protection
|
|
/// </summary>
|
|
private static readonly List<ContentMatchSet> contentMatchers = new List<ContentMatchSet>
|
|
{
|
|
// ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;??
|
|
new ContentMatchSet(new byte?[]
|
|
{
|
|
0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B,
|
|
0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F,
|
|
0x3F
|
|
}, "EXE Stealth"),
|
|
};
|
|
|
|
/// <inheritdoc/>
|
|
public string CheckContents(string file, byte[] fileContent, bool includePosition = false)
|
|
{
|
|
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition);
|
|
}
|
|
}
|
|
}
|