mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

PE: Create getGeneralOptionsEx().

Browse source
This commit is contained in:
Jason Hood 2014-06-30 18:22:15 +10:00
commit 4ff2a46e8c
3 changed files with 68 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

11
db/PE/FASM.3.sg
View file

@ -9,16 +9,7 @@ function detect(bShowType,bShowVersion,bShowOptions)
if(bFASM)
{
sVersion=PE.getCompilerVersion();
// FASM doesn't have a linker, so apply those options here.
sOptions=PE.getGeneralOptions();
if(PE.isConsole())
{
sOptions=sOptions.append("console");
}
if(PE.getManifest().match(/requireAdministrator/))
{
sOptions=sOptions.append("admin");
}
sOptions=PE.getGeneralOptionsEx(); // FASM doesn't have a linker
bDetected=1;
}

73
db/PE/_init
View file

@ -3,22 +3,47 @@ var File=PE;
includeScript("result");
// Store the entry point file offset.
/**
* The file offset of the entry point.
*/
PE.nEP=PE.RVAToOffset(PE.getAddressOfEntryPoint());
// Get the signature at an offset of the entry point.
/**
* Get the signature at an offset of the entry point.
* @see Binary.getSignature
*/
PE.getEPSignature = function(nOffset,nSize)
{
return PE.getSignature(PE.nEP+nOffset,nSize);
}
// Locate the first library matching a pattern.
// Returns null if not found, otherwise an array:
// [-1] is the index of the library;
// [0] is the name of the library (lower cased);
// [1] onwards are the captured subpatterns.
/**
* Add console and/or admininistrator requirement to the general options.
* @returns {String}
*/
PE.getGeneralOptionsEx = function()
{
sResult=PE.getGeneralOptions();
if(PE.isConsole())
{
sResult=sResult.append("console");
}
if(/requireAdministrator/.test(PE.getManifest()))
{
sResult=sResult.append("admin");
}
return sResult;
}
/**
* Locate the first library matching a pattern.
* @returns {?Array} <code>null</code> if not found, otherwise:
* <br><code>[-1]</code> is the number of the library;
* <br><code>[0]</code> is the name of the library (lower cased);
* <br><code>[1]</code> onwards are the captured subpatterns.
*/
PE.isLibraryPresentExp = function(sLibraryPattern)
{
var aMatch=null;
@ -39,6 +64,9 @@ PE.isLibraryPresentExp = function(sLibraryPattern)
// Create an array of sections.
/**
* The number of the last section.
*/
PE.nLastSection=PE.getNumberOfSections()-1;
function Section(number, name, virtsize, rva, filesize, offset, characteristics)
@ -52,6 +80,11 @@ function Section(number, name, virtsize, rva, filesize, offset, characteristics)
this.Characteristics = characteristics;
}
/**
* An array of sections, indexed by number and name. Members are the same as the functions.
* @example
* var nOffset=PE.section[".rsrc"].FileOffset;
*/
PE.section=[];
for(var i=0;i<=PE.nLastSection;i++)
{
@ -71,3 +104,29 @@ if(PE.nLastSection==-1)
{
PE.section[0]=PE.section[-1];
}
// Create an array of resources.
/*
function Resource(number, id, name, offset, size)
{
this.Number = number;
this.Id = id;
this.Name = Name;
this.Offset = offset;
this.Size = size;
}
PE.resource=[];
for(var i=0;i<PE.getNumberOfResources();i++)
{
PE.resource[i] = new Resource(i,
PE.getResourceIdByNumber(i),
PE.getResourceNameByNumber(i),
PE.getResourceOffsetByNumber(i),
PE.getResourceSizeByNumber(i));
_log("i="+i+"\n"+"id="+PE.resource[i].Id+"\n"+"name="+PE.resource[i].Name
+"\n"+"offset="+PE.resource[i].Offset+"\n"+"size="+PE.resource[i].Size);
}
*/

11
db/PE/linker.5.sg
View file

@ -1,20 +1,11 @@
// DIE's signature file
init("linker","unknown",PE.getCompilerVersion(),PE.getGeneralOptions());
init("linker","unknown",PE.getCompilerVersion(),PE.getGeneralOptionsEx());
includeScript("FASM");
function detect(bShowType,bShowVersion,bShowOptions)
{
if(PE.isConsole())
{
sOptions=sOptions.append("console");
}
if(PE.getManifest().match(/requireAdministrator/))
{
sOptions=sOptions.append("admin");
}
if(PE.isRichSignaturePresent())
{
sName="Microsoft Linker";