mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
46 lines
No EOL
1.5 KiB
JavaScript
46 lines
No EOL
1.5 KiB
JavaScript
// Detect It Easy: detection rule file
|
|
// Author: Levis <levintaeyeon@live.com>
|
|
// EP sigs by hypn0 <hypn0@mail.ru>
|
|
// Lazarus Free Pascal
|
|
|
|
init("compiler", "Free Pascal");
|
|
|
|
function detect() {
|
|
if (ELF.compareEP("5989e38d44....83e4..8915........a3........890d........891d........e8........8925........31ede8........c3")) {
|
|
sVersion = "2.6.0";
|
|
bDetected = true;
|
|
} else if (ELF.compareEP("31ED5989E3")) {
|
|
bDetected = true;
|
|
} else if (ELF.isSectionNamePresent(".fpc.resources")) {
|
|
bDetected = true;
|
|
} else if (ELF.isSectionNamePresent(".fpcdata")) {
|
|
bDetected = true;
|
|
|
|
var nSection = ELF.getSectionNumber(".fpcdata"),
|
|
nOffset = ELF.getSectionFileOffset(nSection),
|
|
nSize = ELF.getSectionFileSize(nSection);
|
|
|
|
if (nSize > 0) {
|
|
var nStringOffset = ELF.findString(nOffset, 4, "FPC ");
|
|
if (nStringOffset != -1) {
|
|
sVersion = ELF.getString(nStringOffset + 4);
|
|
}
|
|
}
|
|
} else if (ELF.isSectionNamePresent(".data")) {
|
|
var nSection = ELF.getSectionNumber(".data"),
|
|
nOffset = ELF.getSectionFileOffset(nSection),
|
|
nSize = ELF.getSectionFileSize(nSection);
|
|
|
|
if (nSize >= 0x100) {
|
|
var nStringOffset = ELF.findString(nOffset + nSize - 0x100, 0x100, "FPC ");
|
|
if (nStringOffset != -1) {
|
|
sVersion = ELF.getString(nStringOffset + 4);
|
|
bDetected = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
_setLang("Pascal", bDetected);
|
|
|
|
return result();
|
|
} |