Detect-It-Easy/db/PE/ASPack.2.sg

// DIE's signature file

init("packer","ASPack");

function getASPackVersion(nOffset)
{
    if(PE.compare("60E8000000005D81ED........B8........03C5",nOffset))
    {
        sVersion="1.00b-1.07b";
    }
    else if(PE.compare("60EB..5DEB..FF..........E9",nOffset))
    {
        sVersion="1.08.01-1.08.02";
    }
    else if(PE.compare("60E8000000005D............BB........03DD",nOffset))
    {
        sVersion="1.08.03";
    }
    else if(PE.compare("60E841060000EB41",nOffset))
    {
        sVersion="1.08.04";
    }
    else if(PE.compare("60EB035DFFE5E8F8FFFFFF81ED1B6A4400BB106A440003DD2B9D2A",nOffset))
    {
        sVersion="1.08.x";
    }
    else if(PE.compare("60E870050000EB4C",nOffset))
    {
        sVersion="2.000";
    }
    else if(PE.compare("60E872050000EB4C",nOffset))
    {
        sVersion="2.001";
    }
    else if(PE.compare("60E872050000EB3387DB9000",nOffset))
    {
        sVersion="2.1";
    }
    else if(PE.compare("60E93D040000",nOffset))
    {
        sVersion="2.11";
    }
    else if(PE.compare("60E802000000EB095D5581ED39394400C3E93D040000",nOffset))
    {
        sVersion="2.11b";
    }
    else if(PE.compare("60E802000000EB095D5581ED39394400C3E959040000",nOffset))
    {
        sVersion="2.11c-2.11d";
    }
    else if(PE.compare("60E802000000EB095D55",nOffset))
    {
        sVersion="2.11d";
    }
    else if(PE.compare("60E803000000E9EB045D4555C3E801",nOffset))
    {
        sVersion="2.12";
    }
    else
    {
        return 0;
    }
    return 1;
}

function detect(bShowType,bShowVersion,bShowOptions)
{
    var nAddress=PE.RVAToOffset(PE.getAddressOfEntryPoint());
    if(nAddress!=-1)
    {
        if(!getASPackVersion(nAddress))
        {
            if(PE.compareEP("7500E9"))
            {
                nAddress+=3;
                bDetected=1;
            }
            else if(PE.compareEP("907500E9"))
            {
                nAddress+=4;
                bDetected=1;
            }
            else if(PE.compareEP("90907500E9"))
            {
                nAddress+=5;
                bDetected=1;
            }
            else if(PE.compareEP("9090907500E9"))
            {
                nAddress+=6;
                bDetected=1;
            }
            else if(PE.compareEP("9090750190E9"))
            {
                nAddress+=6;
                bDetected=1;
            }
            if(bDetected)
            {
                nAddress+=4+~~PE.readDword(nAddress);
                bDetected=getASPackVersion(nAddress);
            }
        }
        else
        {
            bDetected=1;
        }
    }

    if(PE.section[".aspack"]&&PE.section[".adata"])
    {
        bDetected=1;
        sVersion="2.12-2.XX";
    }

    return result(bShowType,bShowVersion,bShowOptions);
}