mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
20 lines
No EOL
753 B
JavaScript
20 lines
No EOL
753 B
JavaScript
// Detect It Easy: detection rule file format
|
|
// Author: Arjan Onwezen
|
|
|
|
init("format", "Registry file");
|
|
|
|
function detect() {
|
|
if (Binary.compare("'REGEDIT4'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "v4"
|
|
} else if (Binary.compare("'Windows Registry Editor Version 5.00'0D 0A 0D 0A")) {
|
|
bDetected = true;
|
|
sVersion = "v5"
|
|
} else if (Binary.compare("FF FE 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6F 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 20 00 35 00 2E 00 30 00 30 00 0D 00 0A 00 0D 00 0A 00")) {
|
|
bDetected = true;
|
|
sVersion = "v5"
|
|
sOption("UTF-16LE");
|
|
}
|
|
|
|
return result();
|
|
} |