mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
26 lines
No EOL
649 B
JavaScript
26 lines
No EOL
649 B
JavaScript
// Detect It Easy: detection rule file
|
|
|
|
// Author: DosX
|
|
// E-Mail: collab@kay-software.ru
|
|
// GitHub: https://github.com/DosX-dev
|
|
// Telegram: @DosX_dev
|
|
|
|
init("packer", "PyInstaller"); // python = 💩
|
|
|
|
function detect() {
|
|
|
|
// they insert pkgs into the section named "pydata"
|
|
const pydata = ELF.getSectionNumber("pydata")
|
|
|
|
// we can find the magic number in the section
|
|
if (pydata != -1 && ELF.findSignature(
|
|
ELF.getSectionFileOffset(pydata),
|
|
ELF.getSectionFileSize(pydata),
|
|
"4d45490c0b0a0b0e"
|
|
) != -1)
|
|
bDetected = true;
|
|
|
|
_setLang("Python", bDetected);
|
|
|
|
return result();
|
|
} |