mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

dbs_min update

Browse source
This commit is contained in:
DosX 2026-05-28 23:50:00 +03:00
commit 00278adb83
3 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dbs_min/db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

File diff suppressed because one or more lines are too long

2
dbs_min/db/PE/game_engine_AGS.3.sg
View file

@ -1 +1 @@
function detect(){return!PE.compareOverlay("434c49421a")&&"This game was created using AGS - http://www.adventuregamestudio.co.uk/"!=PE.getVersionStringInfo("Comment")&&"Adventure Game Studio run-time engine"!=PE.getVersionStringInfo("FileDescription")||(bDetected=1),result()}meta("game engine","Adventure Game Studio (AGS)")
function detect(){return(bDetected=!PE.compareOverlay("434c49421a")&&"This game was created using AGS - http://www.adventuregamestudio.co.uk/"!=PE.getVersionStringInfo("Comment")&&"Adventure Game Studio run-time engine"!=PE.getVersionStringInfo("FileDescription")&&"Made with Adventure Game Studio"!=PE.getVersionStringInfo("ProductName")?bDetected:!0)&&(sVersion=File.cleanString(PE.getFileVersion())),result()}meta("game engine","Adventure Game Studio (AGS)")

8
dbs_min/db/PE/protector_Helios.2 (3).sg Normal file
View file

@ -0,0 +1,8 @@
function _profile(t){for(var e=t,s=0,r=0,f=0,n=0,o=0,P=0,i=0,a=0,c=0,S=0,p=0,E=0,l=0,R="";s<320;){var O=PE.getDisasmString(e)
if(!O||0===O.length)break
var d=O.indexOf(" "),d=0<=d?O.substr(0,d):O,O=(0===s&&(R=d),s++,"XOR"===d||"AND"===d||"OR"===d||"SUB"===d||"ADD"===d||"CMP"===d?r++:"ROL"===d||"ROR"===d||"RCL"===d||"RCR"===d?f++:"SHL"===d||"SHR"===d||"SAR"===d||"SAL"===d?n++:"SHLD"===d||"SHRD"===d?o++:"BT"===d||"BTS"===d||"BTR"===d||"BTC"===d||"BSF"===d||"BSR"===d||"BSWAP"===d?P++:"PUSHF"===d||"PUSHFD"===d||"PUSHFQ"===d||"POPF"===d||"POPFD"===d||"POPFQ"===d||"CLC"===d||"STC"===d||"CMC"===d||"SAHF"===d||"LAHF"===d?i++:"NEG"===d||"NOT"===d?a++:"INC"===d||"DEC"===d?c++:"PUSH"===d?S++:"POP"===d?p++:"CALL"===d?E++:"RET"!==d&&"RETN"!==d&&"RETF"!==d||l++,PE.getDisasmNextAddress(e))
if(!O||O===e)break
e=O}return{steps:s,firstM:R,obf:r+f+n+o+P+i+a+c,pushcnt:S,popcnt:p,callcnt:E,retcnt:l}}function _followShortJmp(t){var e,s
return t<0?-1:233===(e=PE.readByte(t))?(2147483648<=(s=PE.readDword(t+1))&&(s-=4294967296),t+5+s):235===e?(128<=(s=PE.readByte(t+1))&&(s-=256),t+2+s):-1}function _classify(t){var e,s
return 0<t.callcnt||t.pushcnt<1?"":(e=32<=t.steps&&12<=t.obf&&100*t.obf>=35*t.steps&&t.retcnt<=2,s=8<=t.steps&&t.steps<32&&5<=t.obf&&t.retcnt<=1,t=200<=t.steps&&5<=t.obf&&100*t.obf<=12*t.steps&&4<=t.retcnt,e?"dense":s?"early":t?"stream":"")}function detect(){if(!PE.isNet()&&0!==PE.getAddressOfEntryPoint()&&!PE.isSectionNamePresent(".idata")){var t,e,s,r=PE.getEntryPointOffset()
if(!(r<0))return!(e=_classify(t=_profile(PE.OffsetToVA(r))))&&t.steps<=4&&"JMP"===t.firstM&&0<(r=_followShortJmp(r))&&r<PE.getSize()&&(s=_classify(r=_profile(PE.OffsetToVA(r))))&&(t=r,e=s),e&&(bDetected=1,sOptions=e),result()}}meta("protector","Helios")