mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-13 05:35:24 +00:00
16 lines
829 B
C#
16 lines
829 B
C#
namespace BurnOutSharp.PackerType
|
|
{
|
|
public class EXEStealth
|
|
{
|
|
public static string CheckContents(byte[] fileContent, bool includePosition = false)
|
|
{
|
|
// "??[[__[[_" + (char)0x00 + "{{" + (char)0x0 + (char)0x00 + "{{" + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + "?;??;??"
|
|
byte[] check = new byte[] { 0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B, 0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F, 0x3F };
|
|
if (fileContent.Contains(check, out int position))
|
|
return $"EXE Stealth" + (includePosition ? $" (Index {position})" : string.Empty);
|
|
|
|
return null;
|
|
}
|
|
}
|
|
}
|