mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

dbs_min update

Browse source
This commit is contained in:
DosX 2026-05-09 18:57:28 +03:00
commit f88a5201f0
6 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

0
dbs_min/db/Amiga/Master_Cruncher.1.sg → dbs_min/db/Amiga/cruncher_Master_Cruncher.1.sg
View file

0
dbs_min/db/Amiga/RexxMasher_(jrms).1.sg → dbs_min/db/Amiga/cruncher_RexxMasher_(jrms).1.sg
View file

0
dbs_min/db/Amiga/LhPak_SFX.1.sg → dbs_min/db/Amiga/sfx_LhPak_SFX.1.sg
View file

18
dbs_min/db/PE/protector_Arxan.2.sg
View file

@ -1,9 +1,11 @@
function detect(){if(PE.is64()&&!PE.isNet())if(PE.compareEP("40 50 40 51 40 52 40 53 55 56 57 9C 48 83 EC 38 FC B8 01 00 00 00 B9 FF FF 00 00 E0 FE"))bDetected=1,sVersion="GuardIT ~2013"
else{var e=skipJumpsAndNops(PE.getEntryPointOffset()),e=PE.compare("48 83 EC 28 E8",e)?PE.OffsetToRVA(e)+PE.readSDword(e+5)+9:PE.OffsetToRVA(e)
if(-1!=e){for(var s=PE.OffsetToVA(PE.RVAToOffset(e)),t=0,r=0;r<32&&0===PE.getDisasmString(s).indexOf("PUSH");r++)t++,s=PE.getDisasmNextAddress(s)
if(3<t&&0===PE.getDisasmString(s).indexOf("LEA RSP,")){for(var s=PE.getDisasmNextAddress(s),E=0,r=0;r<32&&0===PE.getDisasmString(s).indexOf("MOVUPD");r++)E++,s=PE.getDisasmNextAddress(s)
0<E&&"PUSH 0X10"===PE.getDisasmString(s)&&"TEST RSP, 0XF"===PE.getDisasmString(PE.getDisasmNextAddress(s))&&(bDetected=1,sVersion="GuardIT ",sVersion+=t<14||E<16?"12.0+":"2014-2021")}}}return result()}function skipJumpsAndNops(e){for(var s=PE.OffsetToRVA(e);;){var t=PE.readByte(PE.RVAToOffset(s))
if(233===t)s+=PE.readSDword(PE.RVAToOffset(s+1))+5
else if(235===t)s+=PE.readSByte(PE.RVAToOffset(s+1))+2
else{if(144!==t)break
s++}}return PE.RVAToOffset(s)}meta("protector","Arxan")
else{var e=PE.getEntryPointOffset(),e=(e=skipJumpsAndNops(e=e<=0&&PE.isDll()?getExportFunctionOffsetByIndex(0):e),PE.compare("48 83 EC 28 E8",e)?PE.OffsetToRVA(e)+PE.readSDword(e+5)+9:PE.OffsetToRVA(e))
if(-1!=e){for(var t=PE.OffsetToVA(PE.RVAToOffset(e)),s=0,r=0;r<32&&0===PE.getDisasmString(t).indexOf("PUSH");r++)s++,t=PE.getDisasmNextAddress(t)
if(3<s&&0===PE.getDisasmString(t).indexOf("LEA RSP,")){for(var t=PE.getDisasmNextAddress(t),f=0,r=0;r<32&&0===PE.getDisasmString(t).indexOf("MOVUPD");r++)f++,t=PE.getDisasmNextAddress(t)
0<f&&"PUSH 0X10"===PE.getDisasmString(t)&&"TEST RSP, 0XF"===PE.getDisasmString(PE.getDisasmNextAddress(t))&&(bDetected=1,sVersion="GuardIT ",sVersion+=s<14||f<16?"12.0+":"2014-2021")}}}return result()}function skipJumpsAndNops(e){for(var t=PE.OffsetToRVA(e);;){var s=PE.readByte(PE.RVAToOffset(t))
if(233===s)t+=PE.readSDword(PE.RVAToOffset(t+1))+5
else if(235===s)t+=PE.readSByte(PE.RVAToOffset(t+1))+2
else{if(144!==s)break
t++}}return PE.RVAToOffset(t)}function getExportFunctionOffsetByIndex(e){var t=PE.read_int32(60)+4+20,t=PE.read_uint32(t+(PE.is64()?112:96)),t=0!==t?PE.RVAToOffset(t):-1
if(-1!==t){var s=PE.read_uint32(t+20)
if(0<=e&&e<s)return s=PE.read_uint32(t+28),t=PE.read_uint32(PE.RVAToOffset(s+4*e)),PE.RVAToOffset(t)}return-1}meta("protector","Arxan")

0
dbs_min/db/Amiga/library_library.1.sg → dbs_min/db_extra/Amiga/library_library.1.sg
View file

0
dbs_min/db/Amiga/other_other.1.sg → dbs_min/db_extra/Amiga/other_other.1.sg
View file