Refactor Themida detection logic for clarity

Inlined resource and import section checks, condensed switch cases for version detection, and combined version/options assignment for Winlicense. These changes improve code readability and maintainability.
2026-06-24 01:54:08 +00:00 · 2025-09-18 12:50:22 +03:00 · 2025-09-18 12:50:22 +03:00 · f1004aa40b
commit f1004aa40b
parent 8ab74d5de2
1 changed files with 4 additions and 11 deletions
--- a/db/PE/Themida.2.sg
+++ b/db/PE/Themida.2.sg
@ -10,11 +10,9 @@ function detectThemida() {
    var sResult = "";

    if (PE.section.length >= 4) {
-        var nResourceSection = PE.getResourceSection();
-        var nImportSection = PE.getImportSection();
        var nEntryPointSection = PE.getEntryPointSection();

-        if (nResourceSection == 1 && nImportSection == 2) {
+        if (PE.getResourceSection() == 1 && PE.getImportSection() == 2) {
            if (PE.getAddressOfEntryPoint() == PE.section[nEntryPointSection].VirtualAddress) {
                if (PE.calculateEntropy(PE.section[0].FileOffset, PE.section[0].FileSize) >= 7.5) {
                    if (nEntryPointSection == 3) {
@ -41,12 +39,8 @@ function detect() {
        }
    } else if (PE.compareEP("B8........600BC074..E8000000005805..0000008038E975")) {
        switch (PE.readByte(PE.getEntryPointOffset() + 9)) {
-            case 0x58:
-                sVersion = "1.0.X.X-1.8.0.0";
-                break;
-            case 0x68:
-                sVersion = "1.8.X-1.9.X";
-                break;
+            case 0x58: sVersion = "1.0.X.X-1.8.0.0"; break;
+            case 0x68: sVersion = "1.8.X-1.9.X"; break;
        }
        sOptions = "Compressed";
    } else if (PE.compareEP("558BEC83C4D860E8000000005A81EA........8BDAC745D8000000008B45D8408945D8817DD880000000")) {
@ -70,8 +64,7 @@ function detect() {
    } else if (PE.isSectionNamePresent(".themida")) {
        sVersion = "3.XX";
    } else if (PE.isSectionNamePresent(".winlice")) {
-        sVersion = "3.XX";
-        sOptions = "Winlicense";
+        sVersion = "3.XX, Winlicense";
    } else if (PE.section[0].Name == "   " && PE.isImportPositionHashPresent(0, 0x3ffccc8a)) {
        sVersion = "~2.XX";
    } else if (PE.section[0].Name == "        " && PE.isImportPositionHashPresent(0, 0x3651f68d)) {