1 #pragma once 2 3 // https://en.wikipedia.org/wiki/Microsoft_Foundation_Class_Library 4 // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/Microsoft%20Visual%20Studio.4.sg 5 // http://matthew-brett.github.io/pydagogue/python_msvc.html 6 7 #include <unordered_set> 8 #include "pe_header.h" 9 #include "pe_resources.h" 10 #include "dotnet/dotnet_header.h" 11 12 namespace REDasm { 13 14 namespace PEClassifications { 15 16 enum { 17 Unclassified = 0, 18 VisualBasic_5, VisualBasic_6, 19 VisualStudio, VisualStudio_4, VisualStudio_5, VisualStudio_6, 20 VisualStudio_2002, VisualStudio_2003, VisualStudio_2005, VisualStudio_2008, 21 VisualStudio_2010, VisualStudio_2012, VisualStudio_2013, VisualStudio_2015, VisualStudio_2017, 22 DotNet_1, DotNet, 23 BorlandDelphi, BorlandDelphi_3, BorlandDelphi_6, BorlandDelphi_7, BorlandDelphi_9_10, 24 BorlandDelphi_XE, BorlandDelphi_XE2_6, 25 BorlandCpp, 26 }; 27 28 } 29 30 class PEClassifier 31 { 32 public: 33 PEClassifier(); 34 const std::unordered_set<std::string>& signatures() const; 35 bool isClassified() const; 36 size_t checkDotNet() const; 37 size_t checkVisualBasic() const; 38 size_t checkVisualStudio() const; 39 size_t checkBorland() const; 40 size_t checkDelphi() const; 41 size_t bits() const; 42 void setBits(size_t bits); 43 void classifyVisualStudio(); 44 void classifyDotNet(ImageCorHeader* corheader); 45 void classifyImport(const std::string& library); 46 void classifyDelphi(ImageDosHeader *dosheader, const ImageNtHeaders *ntheaders, const PEResources& peresources); 47 void classify(const ImageNtHeaders* ntheaders); 48 void display(); 49 50 private: 51 void checkLinkerVersion(u8 major, u8 minor); 52 void addSignature(const std::string& s); 53 54 private: 55 size_t m_classification, m_bits; 56 std::string m_borlandsignature; 57 std::unordered_set<std::string> m_signatures; 58 }; 59 60 } // namespace REDasm 61