Detect-It-Easy/db/PE/library_Lua_Runtime.4.sg

// Detect It Easy: detection rule file

// Author: DosX
// E-Mail: collab@kay-software.ru
// GitHub: https://github.com/DosX-dev
// Telegram: @DosX_dev

meta("library", "Lua Runtime");

function detect() {
    if (PE.isLibraryPresentExp(/^lua5/i)) {
        sLang = "Lua";
        sVersion = "5.X";
        bDetected = true;
    } else if (PE.isExportFunctionPresentExp(/^lua(L)?_/)) {
        sOptions = "static"; // EAT
        bDetected = true;

        var rdataSection = PE.section[".rdata"];

        if (rdataSection) {
            var embeddedLuaVersion = PE.findSignature(rdataSection.FileOffset, rdataSection.FileSize, "'Lua ' %% '.' %%");

            if (embeddedLuaVersion !== -1) {
                sVersion = PE.getString(embeddedLuaVersion + 4, 3);
            }
        }
    }


    return result();
}