mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
77 lines
2.1 KiB
Text
77 lines
2.1 KiB
Text
// DIE's signature file
|
|
|
|
init("compiler","Visual Basic");
|
|
|
|
function getVBOptions()
|
|
{
|
|
var sResult="";
|
|
|
|
var nOffset=PE.findDword(PE.section[0].FileOffset,PE.section[0].FileSize,0x21354256);
|
|
if(nOffset==-1)
|
|
{
|
|
nOffset=PE.findDword(PE.section[0].FileOffset,PE.section[0].FileSize,0x21364256);
|
|
}
|
|
if (nOffset!=-1)
|
|
{
|
|
var nDword=PE.readDword(nOffset+0x30);
|
|
nOffset=PE.VAToOffset(nDword);
|
|
nDword=PE.readDword(nOffset+0x20);
|
|
sResult=(nDword==0)?"P-Code":"Native";
|
|
}
|
|
|
|
return sResult;
|
|
}
|
|
|
|
function detect(bShowType,bShowVersion,bShowOptions)
|
|
{
|
|
|
|
if(PE.compareEP("5a68........68........52e9$$$$$$$$ff25") && PE.isLibraryPresent("MSVBVM50.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="5.0";
|
|
sOptions="(DLL)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("5a68........68........52e9$$$$$$$$ff25") && PE.isLibraryPresent("MSVBVM60.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="6.0";
|
|
sOptions="(DLL)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("68........e8$$$$$$$$ff25") && PE.isLibraryPresent("MSVBVM50.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="5.0";
|
|
sOptions="(EXE)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("68........e8$$$$$$$$ff25") && PE.isLibraryPresent("MSVBVM60.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="6.0";
|
|
sOptions="(EXE)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("68........e8$$$$$$$$ff25") && PE.isLibraryPresent("VB40032.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="4.0";
|
|
sOptions="(EXE)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.compareEP("5868........50e9$$$$$$$$ff25") && PE.isLibraryPresent("VB40032.DLL"))
|
|
{
|
|
sName="Visual Basic";
|
|
sVersion="4.0";
|
|
sOptions="(DLL)"+getVBOptions();
|
|
bDetected=1;
|
|
}
|
|
else if(PE.isNET() && PE.isNETStringPresent("Microsoft.VisualBasic"))
|
|
{
|
|
sName="VB.NET";
|
|
bDetected=1;
|
|
}
|
|
|
|
return result(bShowType,bShowVersion,bShowOptions);
|
|
}
|