1 // copyright (c) 2017-2021 hors<horsicq@gmail.com> 2 // 3 // Permission is hereby granted, free of charge, to any person obtaining a copy 4 // of this software and associated documentation files (the "Software"), to deal 5 // in the Software without restriction, including without limitation the rights 6 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 // copies of the Software, and to permit persons to whom the Software is 8 // furnished to do so, subject to the following conditions: 9 10 // The above copyright notice and this permission notice shall be included in all 11 // copies or substantial portions of the Software. 12 13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 // SOFTWARE. 20 // 21 #ifndef SPECABSTRACT_H 22 #define SPECABSTRACT_H 23 24 #include <QDataStream> 25 #include <QUuid> 26 #include "xformats.h" 27 #include "xarchives.h" 28 29 class SpecAbstract : public QObject 30 { 31 Q_OBJECT 32 33 public: 34 enum RECORD_FILEPART 35 { 36 RECORD_FILEPART_UNKNOWN=0, 37 RECORD_FILEPART_HEADER, 38 RECORD_FILEPART_OVERLAY, 39 RECORD_FILEPART_ARCHIVERECORD 40 }; 41 42 enum RECORD_TYPE 43 { 44 RECORD_TYPE_UNKNOWN=0, 45 RECORD_TYPE_APKOBFUSCATOR, 46 RECORD_TYPE_APKTOOL, 47 RECORD_TYPE_CERTIFICATE, 48 RECORD_TYPE_COMPILER, 49 RECORD_TYPE_CONVERTER, 50 RECORD_TYPE_CRYPTOR, 51 RECORD_TYPE_DATABASE, 52 RECORD_TYPE_DEBUGDATA, 53 RECORD_TYPE_DONGLEPROTECTION, 54 RECORD_TYPE_DOSEXTENDER, 55 RECORD_TYPE_FORMAT, 56 RECORD_TYPE_GENERIC, 57 RECORD_TYPE_IMAGE, 58 RECORD_TYPE_INSTALLER, 59 RECORD_TYPE_INSTALLERDATA, 60 RECORD_TYPE_JAROBFUSCATOR, 61 RECORD_TYPE_JOINER, 62 RECORD_TYPE_LANGUAGE, // TODO !!! 63 RECORD_TYPE_LIBRARY, 64 RECORD_TYPE_LINKER, 65 RECORD_TYPE_NETCOMPRESSOR, 66 RECORD_TYPE_NETOBFUSCATOR, 67 RECORD_TYPE_OPERATIONSYSTEM, 68 RECORD_TYPE_PACKER, 69 RECORD_TYPE_PETOOL, 70 RECORD_TYPE_PROTECTOR, 71 RECORD_TYPE_PROTECTORDATA, 72 RECORD_TYPE_SFX, 73 RECORD_TYPE_SFXDATA, 74 RECORD_TYPE_SIGNTOOL, 75 RECORD_TYPE_SOURCECODE, 76 RECORD_TYPE_STUB, 77 RECORD_TYPE_TOOL, 78 RECORD_TYPE_VIRTUALMACHINE 79 }; 80 81 enum RECORD_NAME 82 { 83 RECORD_NAME_UNKNOWN=0, 84 RECORD_NAME_12311134, 85 RECORD_NAME_1337EXECRYPTER, 86 RECORD_NAME_32LITE, 87 RECORD_NAME_7Z, 88 RECORD_NAME_AASE, 89 RECORD_NAME_ABCCRYPTOR, 90 RECORD_NAME_ACPROTECT, 91 RECORD_NAME_ACTIVEMARK, 92 RECORD_NAME_ACTUALINSTALLER, 93 RECORD_NAME_ADVANCEDINSTALLER, 94 RECORD_NAME_ADVANCEDUPXSCRAMMBLER, 95 RECORD_NAME_AESOBFUSCATOR, 96 RECORD_NAME_AFFILLIATEEXE, 97 RECORD_NAME_AGAINNATIVITYCRYPTER, 98 RECORD_NAME_AGILENET, 99 RECORD_NAME_AHPACKER, 100 RECORD_NAME_AHTEAMEPPROTECTOR, 101 RECORD_NAME_AINEXE, 102 RECORD_NAME_AIX, 103 RECORD_NAME_ALCHEMYMINDWORKS, 104 RECORD_NAME_ALEXPROTECTOR, 105 RECORD_NAME_ALIASOBJ, 106 RECORD_NAME_ALIBABAPROTECTION, 107 RECORD_NAME_ALIPAYOBFUSCATOR, 108 RECORD_NAME_ALLATORIOBFUSCATOR, 109 RECORD_NAME_ALLOY, 110 RECORD_NAME_ALPINELINUX, 111 RECORD_NAME_ANDPAKK2, 112 RECORD_NAME_ANDROID, 113 RECORD_NAME_ANDROIDAPKSIGNER, 114 RECORD_NAME_ANDROIDARSC, 115 RECORD_NAME_ANDROIDCLANG, 116 RECORD_NAME_ANDROIDJETPACK, 117 RECORD_NAME_ANDROIDGRADLE, 118 RECORD_NAME_ANDROIDMAVENPLUGIN, 119 RECORD_NAME_ANDROIDNDK, 120 RECORD_NAME_ANDROIDSDK, 121 RECORD_NAME_ANDROIDSIGNAPK, 122 RECORD_NAME_ANDROIDXML, 123 RECORD_NAME_ANSKYAPOLYMORPHICPACKER, 124 RECORD_NAME_ANSLYMPACKER, 125 RECORD_NAME_ANTIDOTE, 126 RECORD_NAME_ANTILVL, 127 RECORD_NAME_APACHEANT, 128 RECORD_NAME_APACK, 129 RECORD_NAME_APK_SIGNER, 130 RECORD_NAME_APKEDITOR, 131 RECORD_NAME_APKENCRYPTOR, 132 RECORD_NAME_APKMODIFIERSIGNAPK, 133 RECORD_NAME_APKPROTECT, 134 RECORD_NAME_APKPROTECTOR, 135 RECORD_NAME_APKSIGNATURESCHEME, 136 RECORD_NAME_APKSIGNER, 137 RECORD_NAME_APKTOOLPLUS, 138 RECORD_NAME_APPGUARD, 139 RECORD_NAME_APPIMAGE, 140 RECORD_NAME_APPLEJDK, 141 RECORD_NAME_APPLELLVM, 142 RECORD_NAME_APPORTABLECLANG, 143 RECORD_NAME_APPSOLID, 144 RECORD_NAME_ARCRYPT, 145 RECORD_NAME_ARJ, 146 RECORD_NAME_ARMADILLO, 147 RECORD_NAME_ARMASSEMBLER, 148 RECORD_NAME_ARMC, 149 RECORD_NAME_ARMCCPP, 150 RECORD_NAME_ARMLINKER, 151 RECORD_NAME_ARMNEONCCPP, 152 RECORD_NAME_ARMPROTECTOR, 153 RECORD_NAME_ARMTHUMBCCPP, 154 RECORD_NAME_ARMTHUMBMACROASSEMBLER, 155 RECORD_NAME_AROS, 156 RECORD_NAME_ASDPACK, 157 RECORD_NAME_ASSEMBLER, 158 RECORD_NAME_ASPACK, 159 RECORD_NAME_ASPLINUX, 160 RECORD_NAME_ASPROTECT, 161 RECORD_NAME_ASSCRYPTER, 162 RECORD_NAME_ASSEMBLYINVOKE, 163 RECORD_NAME_AU, 164 RECORD_NAME_AUTOIT, 165 RECORD_NAME_AVASTANTIVIRUS, 166 RECORD_NAME_AVERCRYPTOR, 167 RECORD_NAME_AVI, 168 RECORD_NAME_AVPACK, 169 RECORD_NAME_AZPROTECT, 170 RECORD_NAME_BABELNET, 171 RECORD_NAME_BACKDOORPECOMPRESSPROTECTOR, 172 RECORD_NAME_BAIDUSIGNATUREPLATFORM, 173 RECORD_NAME_BAIDUPROTECTION, 174 RECORD_NAME_BAMBAM, 175 RECORD_NAME_BANGCLEPROTECTION, 176 RECORD_NAME_BASIC, 177 RECORD_NAME_BASIC4ANDROID, 178 RECORD_NAME_BAT2EXEC, 179 RECORD_NAME_BEAWEBLOGIC, 180 RECORD_NAME_BEROEXEPACKER, 181 RECORD_NAME_BIOHAZARDCRYPTER, 182 RECORD_NAME_BITROCKINSTALLER, 183 RECORD_NAME_BITSHAPEPECRYPT, 184 RECORD_NAME_BLADEJOINER, 185 RECORD_NAME_BORLANDCCPP, 186 RECORD_NAME_BORLANDCPP, 187 RECORD_NAME_BORLANDCPPBUILDER, 188 RECORD_NAME_BORLANDDELPHI, 189 RECORD_NAME_BORLANDDELPHIDOTNET, 190 RECORD_NAME_BORLANDOBJECTPASCAL, 191 RECORD_NAME_BREAKINTOPATTERN, 192 RECORD_NAME_BTWORKSCODEGUARD, 193 RECORD_NAME_BUNDLETOOL, 194 RECORD_NAME_BYTEDANCESECCOMPILER, 195 RECORD_NAME_BYTEGUARD, 196 RECORD_NAME_BZIP2, 197 RECORD_NAME_C, 198 RECORD_NAME_CAB, 199 RECORD_NAME_CARBON, 200 RECORD_NAME_CAUSEWAY, 201 RECORD_NAME_CCBYVORONTSOV, 202 RECORD_NAME_CCBYUNIHACKERS, 203 RECORD_NAME_CCPP, 204 RECORD_NAME_CELESTYFILEBINDER, 205 RECORD_NAME_CEXE, 206 RECORD_NAME_CIGICIGICRYPTER, 207 RECORD_NAME_CIL, 208 RECORD_NAME_CLANG, 209 RECORD_NAME_CLICKTEAM, 210 RECORD_NAME_CLISECURE, 211 RECORD_NAME_COCOA, 212 RECORD_NAME_CODEGEARCPP, 213 RECORD_NAME_CODEGEARCPPBUILDER, 214 RECORD_NAME_CODEGEARDELPHI, 215 RECORD_NAME_CODEGEAROBJECTPASCAL, 216 RECORD_NAME_CODEVEIL, 217 RECORD_NAME_CODEWALL, 218 RECORD_NAME_COFF, 219 RECORD_NAME_COMEXSIGNAPK, 220 RECORD_NAME_COMPOUNDFILEBINARYFORMAT, 221 RECORD_NAME_CONFUSER, 222 RECORD_NAME_CONFUSEREX, 223 RECORD_NAME_COPYMINDER, 224 RECORD_NAME_CPP, 225 RECORD_NAME_CREATEINSTALL, 226 RECORD_NAME_CRINKLER, 227 RECORD_NAME_CHROMIUMCRASHPAD, 228 RECORD_NAME_CRUNCH, 229 RECORD_NAME_CRYEXE, 230 RECORD_NAME_CRYPTABLESEDUCATION, 231 RECORD_NAME_CRYPTCOM, 232 RECORD_NAME_CRYPTDISMEMBER, 233 RECORD_NAME_CRYPTER, 234 RECORD_NAME_CRYPTIC, 235 RECORD_NAME_CRYPTOCRACKPEPROTECTOR, 236 RECORD_NAME_CRYPTOOBFUSCATORFORNET, 237 RECORD_NAME_CRYPTORBYDISMEMBER, 238 RECORD_NAME_CRYPTOZ, 239 RECORD_NAME_CRYPTRROADS, 240 RECORD_NAME_CSHARP, 241 RECORD_NAME_CVTOMF, 242 RECORD_NAME_CVTPGD, 243 RECORD_NAME_CVTRES, 244 RECORD_NAME_CWSDPMI, 245 RECORD_NAME_CYGWIN, 246 RECORD_NAME_D, 247 RECORD_NAME_D2JAPKSIGN, 248 RECORD_NAME_DALKRYPT, 249 RECORD_NAME_DALVIK, 250 RECORD_NAME_DBPE, 251 RECORD_NAME_DCRYPTPRIVATE, 252 RECORD_NAME_DEB, 253 RECORD_NAME_DEBIANLINUX, 254 RECORD_NAME_DEEPSEA, 255 RECORD_NAME_DEPACK, 256 RECORD_NAME_DEPLOYMASTER, 257 RECORD_NAME_DEX, 258 RECORD_NAME_DEX2JAR, 259 RECORD_NAME_DEXGUARD, 260 RECORD_NAME_DEXLIB, 261 RECORD_NAME_DEXLIB2, 262 RECORD_NAME_DEXMERGE, 263 RECORD_NAME_DEXPROTECTOR, 264 RECORD_NAME_DJVU, 265 RECORD_NAME_DIET, 266 RECORD_NAME_DINGBAOZENGNATIVEOBFUSCATOR, 267 RECORD_NAME_DIRTYCRYPTOR, 268 RECORD_NAME_DMD32D, 269 RECORD_NAME_DNGUARD, 270 RECORD_NAME_DOS16M, 271 RECORD_NAME_DOS4G, 272 RECORD_NAME_DOTBJFNT, 273 RECORD_NAME_DOTFIXNICEPROTECT, 274 RECORD_NAME_DOTFUSCATOR, 275 RECORD_NAME_DOTNET, 276 RECORD_NAME_DOTNETREACTOR, 277 RECORD_NAME_DOTNETSHRINK, 278 RECORD_NAME_DOTNETSPIDER, 279 RECORD_NAME_DOTNETZ, 280 RECORD_NAME_DOTOOLSSIGNAPK, 281 RECORD_NAME_DRAGONARMOR, 282 RECORD_NAME_DROPBOX, 283 RECORD_NAME_DVCLAL, 284 RECORD_NAME_DX, 285 RECORD_NAME_DXSHIELD, 286 RECORD_NAME_DYAMAR, 287 RECORD_NAME_DYNASM, 288 RECORD_NAME_EASYPROTECTOR, 289 RECORD_NAME_EAZFUSCATOR, 290 RECORD_NAME_ECLIPSE, 291 RECORD_NAME_EMBARCADEROCPP, 292 RECORD_NAME_EMBARCADEROCPPBUILDER, 293 RECORD_NAME_EMBARCADERODELPHI, 294 RECORD_NAME_EMBARCADERODELPHIDOTNET, 295 RECORD_NAME_EMBARCADEROOBJECTPASCAL, 296 RECORD_NAME_EMPTYFILE, 297 RECORD_NAME_ENCRYPTPE, 298 RECORD_NAME_ENIGMA, 299 RECORD_NAME_ENIGMAVIRTUALBOX, 300 RECORD_NAME_EPEXEPACK, 301 RECORD_NAME_EPROT, 302 RECORD_NAME_EXCELSIORJET, 303 RECORD_NAME_EXE32PACK, 304 RECORD_NAME_EXECRYPT, 305 RECORD_NAME_EXECRYPTOR, 306 RECORD_NAME_EXEFOG, 307 RECORD_NAME_EXEJOINER, 308 RECORD_NAME_EXEMPLARINSTALLER, 309 RECORD_NAME_EXEPACK, 310 RECORD_NAME_EXEPASSWORDPROTECTOR, 311 RECORD_NAME_EXESAX, 312 RECORD_NAME_EXESHIELD, 313 RECORD_NAME_EXESTEALTH, 314 RECORD_NAME_EXPORT, 315 RECORD_NAME_EXPRESSOR, 316 RECORD_NAME_EXPRESSOR_KERNEL32, 317 RECORD_NAME_EXPRESSOR_USER32, 318 RECORD_NAME_EZIP, 319 RECORD_NAME_FAKESIGNATURE, 320 RECORD_NAME_FAKUSCRYPTOR, 321 RECORD_NAME_FASM, 322 RECORD_NAME_FASTFILECRYPT, 323 RECORD_NAME_FASTPROXY, 324 RECORD_NAME_FEARZCRYPTER, 325 RECORD_NAME_FEARZPACKER, 326 RECORD_NAME_FENIXOS, 327 RECORD_NAME_FILESHIELD, 328 RECORD_NAME_FISHNET, 329 RECORD_NAME_FISHPEPACKER, 330 RECORD_NAME_FISHPESHIELD, 331 RECORD_NAME_FLASHVIDEO, 332 RECORD_NAME_FLEXLM, 333 RECORD_NAME_FLEXNET, 334 RECORD_NAME_FORTRAN, 335 RECORD_NAME_FPC, 336 RECORD_NAME_FREEBSD, 337 RECORD_NAME_FREECRYPTOR, 338 RECORD_NAME_FSG, 339 RECORD_NAME_GCC, 340 RECORD_NAME_GENERIC, 341 RECORD_NAME_GENERICLINKER, 342 RECORD_NAME_GENTEEINSTALLER, 343 RECORD_NAME_GENTOOLINUX, 344 RECORD_NAME_GHAZZACRYPTER, 345 RECORD_NAME_GHOSTINSTALLER, 346 RECORD_NAME_GIF, 347 RECORD_NAME_GIXPROTECTOR, 348 RECORD_NAME_GKRIPTO, 349 RECORD_NAME_GKSETUPSFX, 350 RECORD_NAME_GNUASSEMBLER, 351 RECORD_NAME_GNULINKER, 352 RECORD_NAME_GO, 353 RECORD_NAME_GOASM, 354 RECORD_NAME_GOATSPEMUTILATOR, 355 RECORD_NAME_GOLD, 356 RECORD_NAME_GOLIATHNET, 357 RECORD_NAME_GOLINK, 358 RECORD_NAME_GOOGLE, 359 RECORD_NAME_GOOGLEPLAY, 360 RECORD_NAME_GPINSTALL, 361 RECORD_NAME_GUARDIANSTEALTH, 362 RECORD_NAME_GZIP, 363 RECORD_NAME_H4CKY0UORGCRYPTER, 364 RECORD_NAME_HACCREWCRYPTER, 365 RECORD_NAME_HACKSTOP, 366 RECORD_NAME_HALVCRYPTER, 367 RECORD_NAME_HANCOMLINUX, 368 RECORD_NAME_HDUS_WJUS, 369 RECORD_NAME_HIAPKCOM, 370 RECORD_NAME_HIDEANDPROTECT, 371 RECORD_NAME_HIDEPE, 372 RECORD_NAME_HIKARIOBFUSCATOR, 373 RECORD_NAME_HMIMYSPACKER, 374 RECORD_NAME_HMIMYSPROTECTOR, 375 RECORD_NAME_HOODLUM, 376 RECORD_NAME_HOUNDHACKCRYPTER, 377 RECORD_NAME_HPUX, 378 RECORD_NAME_HTML, 379 RECORD_NAME_HXS, 380 RECORD_NAME_IBMJDK, 381 RECORD_NAME_IBMPCPASCAL, 382 RECORD_NAME_ICE, 383 RECORD_NAME_ICRYPT, 384 RECORD_NAME_IJIAMI, 385 RECORD_NAME_IJIAMILLVM, 386 RECORD_NAME_IKVMDOTNET, 387 RECORD_NAME_IL2CPP, 388 RECORD_NAME_ILASM, 389 RECORD_NAME_IMPORT, 390 RECORD_NAME_INFCRYPTOR, 391 RECORD_NAME_INNOSETUP, 392 RECORD_NAME_INQUARTOSOBFUSCATOR, 393 RECORD_NAME_INSTALL4J, 394 RECORD_NAME_INSTALLANYWHERE, 395 RECORD_NAME_INSTALLSHIELD, 396 RECORD_NAME_IOS, 397 RECORD_NAME_IPA, 398 RECORD_NAME_IPBPROTECT, 399 RECORD_NAME_IRIX, 400 RECORD_NAME_ISO9660, 401 RECORD_NAME_JACK, 402 RECORD_NAME_JAM, 403 RECORD_NAME_JAR, 404 RECORD_NAME_JAVA, 405 RECORD_NAME_JAVACOMPILEDCLASS, 406 RECORD_NAME_JDK, 407 RECORD_NAME_JDPACK, 408 RECORD_NAME_JETBRAINS, 409 RECORD_NAME_JIAGU, 410 RECORD_NAME_JPEG, 411 RECORD_NAME_JVM, 412 RECORD_NAME_KAOSPEDLLEXECUTABLEUNDETECTER, 413 RECORD_NAME_KBYS, 414 RECORD_NAME_KCRYPTOR, 415 RECORD_NAME_KGBCRYPTER, 416 RECORD_NAME_KIAMSCRYPTOR, 417 RECORD_NAME_KIRO, 418 RECORD_NAME_KIWIVERSIONOBFUSCATOR, 419 RECORD_NAME_KKRUNCHY, 420 RECORD_NAME_KOTLIN, 421 RECORD_NAME_KRATOSCRYPTER, 422 RECORD_NAME_KRYPTON, 423 RECORD_NAME_KUR0KX2TO, 424 RECORD_NAME_LAMECRYPT, 425 RECORD_NAME_LARP64, 426 RECORD_NAME_LAYHEYFORTRAN90, 427 RECORD_NAME_LAZARUS, 428 RECORD_NAME_LCCLNK, 429 RECORD_NAME_LCCWIN, 430 RECORD_NAME_LGLZ, 431 RECORD_NAME_LHA, 432 RECORD_NAME_LHASSFX, 433 RECORD_NAME_LIAPP, 434 RECORD_NAME_LIGHTNINGCRYPTERPRIVATE, 435 RECORD_NAME_LIGHTNINGCRYPTERSCANTIME, 436 RECORD_NAME_LINUX, 437 RECORD_NAME_LLD, 438 RECORD_NAME_LOCKTITE, 439 RECORD_NAME_LSCRYPRT, 440 RECORD_NAME_LUACOMPILED, 441 RECORD_NAME_LUCYPHER, 442 RECORD_NAME_LZEXE, 443 RECORD_NAME_LZFSE, 444 RECORD_NAME_MACHOFAT, 445 RECORD_NAME_MACOS, 446 RECORD_NAME_MACROBJECT, 447 RECORD_NAME_MALPACKER, 448 RECORD_NAME_MANDRAKELINUX, 449 RECORD_NAME_MASKPE, 450 RECORD_NAME_MASM, 451 RECORD_NAME_MASM32, 452 RECORD_NAME_MAXTOCODE, 453 RECORD_NAME_MEDUSAH, 454 RECORD_NAME_MEW10, 455 RECORD_NAME_MEW11SE, 456 RECORD_NAME_MFC, 457 RECORD_NAME_MICROSOFTACCESS, 458 RECORD_NAME_MICROSOFTC, 459 RECORD_NAME_MICROSOFTCOMPILEDHTMLHELP, 460 RECORD_NAME_MICROSOFTCOMPOUND, 461 RECORD_NAME_MICROSOFTCPP, 462 RECORD_NAME_MICROSOFTDOTNETFRAMEWORK, 463 RECORD_NAME_MICROSOFTEXCEL, 464 RECORD_NAME_MICROSOFTLINKER, 465 RECORD_NAME_MICROSOFTLINKERDATABASE, 466 RECORD_NAME_MICROSOFTOFFICE, 467 RECORD_NAME_MICROSOFTOFFICEWORD, 468 RECORD_NAME_MICROSOFTPHOENIX, 469 RECORD_NAME_MICROSOFTVISIO, 470 RECORD_NAME_MICROSOFTVISUALSTUDIO, 471 RECORD_NAME_MICROSOFTWINHELP, 472 RECORD_NAME_MINGW, 473 RECORD_NAME_MINKE, 474 RECORD_NAME_MKFPACK, 475 RECORD_NAME_MOBILETENCENTPROTECT, 476 RECORD_NAME_MODESTO, 477 RECORD_NAME_MODGUARD, 478 RECORD_NAME_MOLEBOX, 479 RECORD_NAME_MOLEBOXULTRA, 480 RECORD_NAME_MONEYCRYPTER, 481 RECORD_NAME_MORPHNAH, 482 RECORD_NAME_MORTALTEAMCRYPTER, 483 RECORD_NAME_MORTALTEAMCRYPTER2, 484 RECORD_NAME_MORUKCREWCRYPTERPRIVATE, 485 RECORD_NAME_MOTODEVSTUDIOFORANDROID, 486 RECORD_NAME_MP3, 487 RECORD_NAME_MP4, 488 RECORD_NAME_MPACK, 489 RECORD_NAME_MPRESS, 490 RECORD_NAME_MRUNDECTETABLE, 491 RECORD_NAME_MSDOS, 492 RECORD_NAME_MSLRH, 493 RECORD_NAME_MSYS, 494 RECORD_NAME_MSYS2, 495 RECORD_NAME_MZ0OPE, 496 RECORD_NAME_NAGAINLLVM, 497 RECORD_NAME_NAGAPTPROTECTION, 498 RECORD_NAME_NAKEDPACKER, 499 RECORD_NAME_NASM, // The Netwide Assembler 500 RECORD_NAME_NCODE, 501 RECORD_NAME_NEOLITE, 502 RECORD_NAME_NETEASEAPKSIGNER, 503 RECORD_NAME_NETBSD, 504 RECORD_NAME_NIDHOGG, 505 RECORD_NAME_NIM, 506 RECORD_NAME_NJOINER, 507 RECORD_NAME_NJOY, 508 RECORD_NAME_NME, 509 RECORD_NAME_NOOBYPROTECT, 510 RECORD_NAME_NOODLECRYPT, 511 RECORD_NAME_NORTHSTARPESHRINKER, 512 RECORD_NAME_NOSINSTALLER, 513 RECORD_NAME_NOSTUBLINKER, 514 RECORD_NAME_NOXCRYPT, 515 RECORD_NAME_NPACK, 516 RECORD_NAME_NQSHIELD, 517 RECORD_NAME_NSIS, 518 RECORD_NAME_NSK, 519 RECORD_NAME_NSPACK, 520 RECORD_NAME_OBFUSCAR, 521 RECORD_NAME_OBFUSCATORLLVM, 522 RECORD_NAME_OBFUSCATORNET2009, 523 RECORD_NAME_OBJECTIVEC, 524 RECORD_NAME_OBJECTPASCAL, 525 RECORD_NAME_OBSIDIUM, 526 RECORD_NAME_OLLVMTLL, 527 RECORD_NAME_ONESPANPROTECTION, // till 2018 Vasco ! 528 RECORD_NAME_OPENBSD, 529 RECORD_NAME_OPENDOCUMENT, 530 RECORD_NAME_OPENJDK, 531 RECORD_NAME_OPENSOURCECODECRYPTER, 532 RECORD_NAME_OPENVMS, 533 RECORD_NAME_OPERA, 534 RECORD_NAME_ORACLESOLARISLINKEDITORS, 535 RECORD_NAME_ORIEN, 536 RECORD_NAME_OSCCRYPTER, 537 RECORD_NAME_OSX, 538 RECORD_NAME_P0KESCRAMBLER, 539 RECORD_NAME_PACKMAN, 540 RECORD_NAME_PACKWIN, 541 RECORD_NAME_PANDORA, 542 RECORD_NAME_PANGXIE, 543 RECORD_NAME_PCGUARD, 544 RECORD_NAME_PCOM, 545 RECORD_NAME_PCSHRINK, 546 RECORD_NAME_PDB, 547 RECORD_NAME_PDBFILELINK, 548 RECORD_NAME_PDF, 549 RECORD_NAME_PEARMOR, 550 RECORD_NAME_PEBUNDLE, 551 RECORD_NAME_PECRYPT32, 552 RECORD_NAME_PECOMPACT, 553 RECORD_NAME_PEDIMINISHER, 554 RECORD_NAME_PEENCRYPT, 555 RECORD_NAME_PELOCK, 556 RECORD_NAME_PELOCKNT, 557 RECORD_NAME_PENGUINCRYPT, 558 RECORD_NAME_PEPACK, 559 RECORD_NAME_PEPACKSPROTECT, 560 RECORD_NAME_PEQUAKE, 561 RECORD_NAME_PERL, 562 RECORD_NAME_PESHIELD, 563 RECORD_NAME_PESPIN, 564 RECORD_NAME_PETITE, 565 RECORD_NAME_PETITE_KERNEL32, 566 RECORD_NAME_PETITE_USER32, 567 RECORD_NAME_PEX, 568 RECORD_NAME_PFECX, 569 RECORD_NAME_PGMPAK, 570 RECORD_NAME_PHOENIXPROTECTOR, 571 RECORD_NAME_PHP, 572 RECORD_NAME_PICRYPTOR, 573 RECORD_NAME_PKLITE, 574 RECORD_NAME_PKLITE32, 575 RECORD_NAME_PKZIPMINISFX, 576 RECORD_NAME_PLAIN, 577 RECORD_NAME_PLEXCLANG, 578 RECORD_NAME_PMODEW, 579 RECORD_NAME_PNG, 580 RECORD_NAME_POKECRYPTER, 581 RECORD_NAME_POLYCRYPTPE, 582 RECORD_NAME_POWERBASIC, 583 RECORD_NAME_PRIVATEEXEPROTECTOR, 584 RECORD_NAME_PROGUARD, 585 RECORD_NAME_PROPACK, 586 RECORD_NAME_PROTECTEXE, 587 RECORD_NAME_PSEUDOAPKSIGNER, 588 RECORD_NAME_PUBCRYPTER, 589 RECORD_NAME_PUNISHER, 590 RECORD_NAME_PUSSYCRYPTER, 591 RECORD_NAME_PUREBASIC, 592 RECORD_NAME_PYINSTALLER, 593 RECORD_NAME_PYTHON, 594 RECORD_NAME_QDBH, 595 RECORD_NAME_QIHOO360PROTECTION, 596 RECORD_NAME_QRYPT0R, 597 RECORD_NAME_QT, 598 RECORD_NAME_QTINSTALLER, 599 RECORD_NAME_QUICKPACKNT, 600 RECORD_NAME_R8, 601 RECORD_NAME_RADIALIX, 602 RECORD_NAME_RAR, 603 RECORD_NAME_RCRYPTOR, 604 RECORD_NAME_RDGTEJONCRYPTER, 605 RECORD_NAME_REDHATLINUX, 606 RECORD_NAME_RELPACK, 607 RECORD_NAME_RENETPACK, 608 RECORD_NAME_RESOURCE, 609 RECORD_NAME_REVPROT, 610 RECORD_NAME_RJCRUSH, 611 RECORD_NAME_RLP, 612 RECORD_NAME_RLPACK, 613 RECORD_NAME_ROGUEPACK, 614 RECORD_NAME_ROSASM, 615 RECORD_NAME_RTF, 616 RECORD_NAME_RUBY, 617 RECORD_NAME_RUST, 618 RECORD_NAME_SAFEENGINESHIELDEN, 619 RECORD_NAME_SAFEENGINELLVM, 620 RECORD_NAME_SANDHOOK, 621 RECORD_NAME_SCOBFUSCATOR, 622 RECORD_NAME_SCPACK, 623 RECORD_NAME_SCRNCH, 624 RECORD_NAME_SDPROTECTORPRO, 625 RECORD_NAME_SECNEO, 626 RECORD_NAME_SECSHELL, 627 RECORD_NAME_SECURESHADE, 628 RECORD_NAME_SECUROM, 629 RECORD_NAME_SERGREENAPPACKER, 630 RECORD_NAME_SETUPFACTORY, 631 RECORD_NAME_SEXECRYPTER, 632 RECORD_NAME_SHELL, 633 RECORD_NAME_SHRINKER, 634 RECORD_NAME_SIGNATORY, 635 RECORD_NAME_SIGNUPDATE, 636 RECORD_NAME_SIMBIOZ, 637 RECORD_NAME_SIMCRYPTER, 638 RECORD_NAME_SIMPLECRYPTER, 639 RECORD_NAME_SIMPLEPACK, 640 RECORD_NAME_SINGLEJAR, 641 RECORD_NAME_SIXXPACK, 642 RECORD_NAME_SKATER, 643 RECORD_NAME_SMARTASSEMBLY, 644 RECORD_NAME_SMARTINSTALLMAKER, 645 RECORD_NAME_SMOKESCREENCRYPTER, 646 RECORD_NAME_SNAPDRAGONLLVMARM, 647 RECORD_NAME_SNAPPROTECT, 648 RECORD_NAME_SNOOPCRYPT, 649 RECORD_NAME_SOFTDEFENDER, 650 RECORD_NAME_SOFTSENTRY, 651 RECORD_NAME_SOFTWARECOMPRESS, 652 RECORD_NAME_SOFTWAREZATOR, 653 RECORD_NAME_SOLARIS, 654 RECORD_NAME_SOURCERYCODEBENCH, 655 RECORD_NAME_SOURCERYCODEBENCHLITE, 656 RECORD_NAME_SPICESNET, 657 RECORD_NAME_SPIRIT, 658 RECORD_NAME_SPOONINSTALLER, 659 RECORD_NAME_SPOONSTUDIO, 660 RECORD_NAME_SPOONSTUDIO2011, 661 RECORD_NAME_SQUEEZSFX, 662 RECORD_NAME_STARFORCE, 663 RECORD_NAME_STARTOSLINUX, 664 RECORD_NAME_STASFODIDOCRYPTOR, 665 RECORD_NAME_STONESPEENCRYPTOR, // TODO Check name from .Stone Section // TODO EP 666 RECORD_NAME_SUNOS, 667 RECORD_NAME_SUNWORKSHOP, 668 RECORD_NAME_SUSELINUX, 669 RECORD_NAME_SVKPROTECTOR, 670 RECORD_NAME_SWF, 671 RECORD_NAME_SWIFT, 672 RECORD_NAME_TARMAINSTALLER, 673 RECORD_NAME_TELOCK, 674 RECORD_NAME_TENCENTLEGU, 675 RECORD_NAME_TENCENTPROTECTION, 676 RECORD_NAME_TGRCRYPTER, 677 RECORD_NAME_THEBESTCRYPTORBYFSK, 678 RECORD_NAME_THEMIDAWINLICENSE, 679 RECORD_NAME_THEZONECRYPTER, 680 RECORD_NAME_THINSTALL, 681 RECORD_NAME_THUMBC, 682 RECORD_NAME_TINYC, 683 RECORD_NAME_TIFF, 684 RECORD_NAME_TINYPROG, 685 RECORD_NAME_TINYSIGN, 686 RECORD_NAME_TOTALCOMMANDERINSTALLER, 687 RECORD_NAME_TPPPACK, 688 RECORD_NAME_TRU64, 689 RECORD_NAME_TSTCRYPTER, 690 RECORD_NAME_TTF, 691 RECORD_NAME_TTPROTECT, 692 RECORD_NAME_TURBOBASIC, 693 RECORD_NAME_TURBOC, 694 RECORD_NAME_TURBOCPP, 695 RECORD_NAME_TURBOLINKER, 696 RECORD_NAME_TURBOLINUX, 697 RECORD_NAME_TURBOSTUDIO, 698 RECORD_NAME_TURKISHCYBERSIGNATURE, 699 RECORD_NAME_TURKOJANCRYPTER, 700 RECORD_NAME_TVOS, 701 RECORD_NAME_UBUNTUCLANG, 702 RECORD_NAME_UBUNTULINUX, 703 RECORD_NAME_UCEXE, 704 RECORD_NAME_UNDERGROUNDCRYPTER, 705 RECORD_NAME_UNDOCRYPTER, 706 RECORD_NAME_UNICODE, 707 RECORD_NAME_UNICOMSDK, 708 RECORD_NAME_UNILINK, 709 RECORD_NAME_UNITY, 710 RECORD_NAME_UNIVERSALTUPLECOMPILER, 711 RECORD_NAME_UNKOWNCRYPTER, 712 RECORD_NAME_UNK_UPXLIKE, 713 RECORD_NAME_UNOPIX, 714 RECORD_NAME_UPX, 715 RECORD_NAME_UTF8, 716 RECORD_NAME_VALVE, 717 RECORD_NAME_VBNET, 718 RECORD_NAME_VBSTOEXE, 719 RECORD_NAME_VCASMPROTECTOR, 720 RECORD_NAME_VCL, 721 RECORD_NAME_VCLPACKAGEINFO, 722 RECORD_NAME_VDOG, 723 RECORD_NAME_VERACRYPT, 724 RECORD_NAME_VINELINUX, 725 RECORD_NAME_VIRTUALIZEPROTECT, 726 RECORD_NAME_VIRTUALPASCAL, 727 RECORD_NAME_VISE, 728 RECORD_NAME_VISUALBASIC, 729 RECORD_NAME_VISUALCCPP, 730 RECORD_NAME_VISUALCSHARP, 731 RECORD_NAME_VISUALOBJECTS, 732 RECORD_NAME_VMPROTECT, 733 RECORD_NAME_VMUNPACKER, 734 RECORD_NAME_VMWARE, 735 RECORD_NAME_VPACKER, 736 RECORD_NAME_WALLE, 737 RECORD_NAME_WANGZEHUALLVM, 738 RECORD_NAME_WATCHOS, 739 RECORD_NAME_WATCOMC, 740 RECORD_NAME_WATCOMCCPP, 741 RECORD_NAME_WATCOMLINKER, 742 RECORD_NAME_WAV, 743 RECORD_NAME_WDOSX, 744 RECORD_NAME_WHITELLCRYPT, 745 RECORD_NAME_WINACE, 746 RECORD_NAME_WINAUTH, 747 RECORD_NAME_WINDOFCRYPT, 748 RECORD_NAME_WINDOWS, 749 RECORD_NAME_WINDOWSBITMAP, 750 RECORD_NAME_WINDOWSICON, 751 RECORD_NAME_WINDOWSINSTALLER, 752 RECORD_NAME_WINDOWSMEDIA, 753 RECORD_NAME_WINDRIVERLINUX, 754 RECORD_NAME_WINGSCRYPT, 755 RECORD_NAME_WINKRIPT, 756 RECORD_NAME_WINRAR, 757 RECORD_NAME_WINUPACK, 758 RECORD_NAME_WINZIP, 759 RECORD_NAME_WISE, 760 RECORD_NAME_WIXTOOLSET, 761 RECORD_NAME_WLCRYPT, 762 RECORD_NAME_WLGROUPCRYPTER, 763 RECORD_NAME_WOUTHRSEXECRYPTER, 764 RECORD_NAME_WWPACK, 765 RECORD_NAME_WWPACK32, 766 RECORD_NAME_WXWIDGETS, 767 RECORD_NAME_XAR, 768 RECORD_NAME_XCODE, 769 RECORD_NAME_XENOCODE, 770 RECORD_NAME_XENOCODEPOSTBUILD, 771 RECORD_NAME_XENOCODEPOSTBUILD2009FORDOTNET, 772 RECORD_NAME_XENOCODEPOSTBUILD2010FORDOTNET, 773 RECORD_NAME_XENOCODEVIRTUALAPPLICATIONSTUDIO2009, 774 RECORD_NAME_XENOCODEVIRTUALAPPLICATIONSTUDIO2010, 775 RECORD_NAME_XENOCODEVIRTUALAPPLICATIONSTUDIO2010ISVEDITION, 776 RECORD_NAME_XENOCODEVIRTUALAPPLICATIONSTUDIO2012ISVEDITION, 777 RECORD_NAME_XENOCODEVIRTUALAPPLICATIONSTUDIO2013ISVEDITION, 778 RECORD_NAME_XCOMP, 779 RECORD_NAME_XML, 780 RECORD_NAME_XPACK, 781 RECORD_NAME_XTREMEPROTECTOR, 782 RECORD_NAME_XTREAMLOK, 783 RECORD_NAME_XVOLKOLAK, 784 RECORD_NAME_XZ, 785 RECORD_NAME_YANDEX, 786 RECORD_NAME_YANO, 787 RECORD_NAME_YIDUN, 788 RECORD_NAME_YODASCRYPTER, 789 RECORD_NAME_YODASPROTECTOR, 790 RECORD_NAME_YZPACK, 791 RECORD_NAME_ZELDACRYPT, 792 RECORD_NAME_ZIG, 793 RECORD_NAME_ZIP, 794 RECORD_NAME_ZLIB, 795 RECORD_NAME_ZPROTECT, 796 RECORD_NAME_UNIX, 797 RECORD_NAME_UNKNOWN0, 798 RECORD_NAME_UNKNOWN1, 799 RECORD_NAME_UNKNOWN2, 800 RECORD_NAME_UNKNOWN3, 801 RECORD_NAME_UNKNOWN4, 802 RECORD_NAME_UNKNOWN5, 803 RECORD_NAME_UNKNOWN6, 804 RECORD_NAME_UNKNOWN7, 805 RECORD_NAME_UNKNOWN8, 806 RECORD_NAME_UNKNOWN9 807 }; 808 809 struct ID 810 { 811 bool bVirtual; 812 QString sUuid; 813 XBinary::FT fileType; 814 RECORD_FILEPART filePart; 815 QString sVersion; 816 QString sInfo; 817 }; 818 819 // TODO flags(static scan/emul/heur) 820 struct SCAN_STRUCT 821 { 822 qint64 nSize; 823 qint64 nOffset; 824 ID id; 825 ID parentId; 826 QString sArch; 827 RECORD_TYPE type; 828 RECORD_NAME name; 829 QString sVersion; 830 QString sInfo; 831 bool bIsHeuristic; 832 }; 833 834 enum DETECTTYPE 835 { 836 DETECTTYPE_UNKNOWN=0, 837 DETECTTYPE_HEADER, 838 DETECTTYPE_ENTRYPOINT, 839 DETECTTYPE_OVERLAY, 840 DETECTTYPE_SECTIONNAME, 841 DETECTTYPE_IMPORTHASH, 842 DETECTTYPE_CODESECTION, 843 DETECTTYPE_ENTRYPOINTSECTION, 844 DETECTTYPE_NETANSISTRING, 845 DETECTTYPE_NETUNICODESTRING, 846 DETECTTYPE_RICH, 847 DETECTTYPE_ARCHIVE, 848 DETECTTYPE_RESOURCES, 849 DETECTTYPE_DEXSTRING, 850 DETECTTYPE_DEXTYPE 851 }; 852 853 struct DETECT_RECORD 854 { 855 qint64 nOffset; // memory scan 856 RECORD_FILEPART filepart; 857 DETECTTYPE detectType; 858 QString sValue; // mb TODO variant 859 quint32 nVariant; 860 XBinary::FT fileType; 861 RECORD_TYPE type; 862 RECORD_NAME name; 863 QString sVersion; 864 QString sInfo; 865 }; 866 867 struct SCAN_RESULT 868 { 869 qint64 nScanTime; 870 QString sFileName; 871 QList<SCAN_STRUCT> listRecords; 872 QList<DETECT_RECORD> listHeurs; 873 }; 874 875 struct _SCANS_STRUCT 876 { 877 qint64 nOffset; 878 quint32 nVariant; 879 XBinary::FT fileType; 880 RECORD_TYPE type; 881 RECORD_NAME name; 882 QString sVersion; 883 QString sInfo; 884 bool bIsHeuristic; 885 }; 886 887 struct SCAN_RECORD 888 { 889 XBinary::FT fileType; 890 RECORD_TYPE type; 891 RECORD_NAME name; 892 QString sVersion; 893 QString sInfo; 894 }; 895 896 struct BASIC_PE_INFO 897 { 898 quint32 nEntryPoint; 899 }; 900 901 struct BASIC_INFO 902 { 903 qint64 nElapsedTime; 904 ID parentId; 905 ID id; 906 qint64 nOffset; 907 qint64 nSize; 908 QString sHeaderSignature; 909 XBinary::_MEMORY_MAP memoryMap; 910 QMap<RECORD_NAME,_SCANS_STRUCT> mapHeaderDetects; 911 QList<SCAN_STRUCT> listDetects; 912 bool bIsDeepScan; 913 bool bIsHeuristicScan; 914 bool bShowDetects; 915 bool bIsUnknown; 916 bool bIsTest; 917 QList<DETECT_RECORD> listHeurs; 918 }; 919 920 struct BINARYINFO_STRUCT 921 { 922 BASIC_INFO basic_info; 923 924 bool bIsPlainText; 925 bool bIsUTF8; 926 XBinary::UNICODE_TYPE unicodeType; 927 QString sHeaderText; 928 929 QMap<RECORD_NAME,_SCANS_STRUCT> mapTextHeaderDetects; 930 931 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 932 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTexts; 933 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 934 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 935 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 936 QMap<RECORD_NAME,SCAN_STRUCT> mapResultArchives; 937 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCertificates; 938 QMap<RECORD_NAME,SCAN_STRUCT> mapResultDebugData; 939 QMap<RECORD_NAME,SCAN_STRUCT> mapResultInstallerData; 940 QMap<RECORD_NAME,SCAN_STRUCT> mapResultSFXData; 941 QMap<RECORD_NAME,SCAN_STRUCT> mapResultFormats; 942 QMap<RECORD_NAME,SCAN_STRUCT> mapResultDatabases; 943 QMap<RECORD_NAME,SCAN_STRUCT> mapResultImages; 944 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectorData; 945 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraryData; 946 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCOMPackers; 947 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCOMProtectors; 948 949 QList<SCAN_STRUCT> listRecursiveDetects; 950 }; 951 952 struct DEXINFO_STRUCT 953 { 954 BASIC_INFO basic_info; 955 956 XDEX_DEF::HEADER header; 957 QList<XDEX_DEF::MAP_ITEM> mapItems; 958 QList<QString> listStrings; 959 QList<QString> listTypeItemStrings; 960 QList<XDEX_DEF::FIELD_ITEM_ID> listFieldIDs; 961 QList<XDEX_DEF::METHOD_ITEM_ID> listMethodIDs; 962 bool bIsStringPoolSorted; 963 bool bIsOverlayPresent; 964 965 QMap<RECORD_NAME,_SCANS_STRUCT> mapStringDetects; 966 QMap<RECORD_NAME,_SCANS_STRUCT> mapTypeDetects; 967 968 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 969 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 970 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 971 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 972 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 973 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectors; 974 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 975 }; 976 977 struct ZIPINFO_STRUCT 978 { 979 BASIC_INFO basic_info; 980 981 QList<XArchive::RECORD> listArchiveRecords; 982 983 bool bIsJAR=false; 984 bool bIsAPK=false; 985 bool bIsIPA=false; 986 bool bIsJava=false; 987 bool bIsKotlin=false; 988 989 DEXINFO_STRUCT dexInfoClasses; 990 991 QMap<RECORD_NAME,_SCANS_STRUCT> mapArchiveDetects; 992 QMap<RECORD_NAME,_SCANS_STRUCT> mapMetainfosDetects; 993 994 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 995 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 996 QMap<RECORD_NAME,SCAN_STRUCT> mapResultSigntools; 997 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 998 QMap<RECORD_NAME,SCAN_STRUCT> mapResultArchives; 999 QMap<RECORD_NAME,SCAN_STRUCT> mapResultFormats; 1000 QMap<RECORD_NAME,SCAN_STRUCT> mapResultAPKProtectors; 1001 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1002 1003 QList<SCAN_STRUCT> listRecursiveDetects; 1004 }; 1005 1006 struct MACHOFATINFO_STRUCT 1007 { 1008 BASIC_INFO basic_info; 1009 1010 QList<XArchive::RECORD> listArchiveRecords; 1011 1012 QList<SCAN_STRUCT> listRecursiveDetects; 1013 }; 1014 1015 struct MSDOSINFO_STRUCT 1016 { 1017 BASIC_INFO basic_info; 1018 qint64 nEntryPointOffset; 1019 QString sEntryPointSignature; 1020 QString sOverlaySignature; 1021 qint64 nOverlayOffset; 1022 qint64 nOverlaySize; 1023 1024 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1025 1026 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 1027 QMap<RECORD_NAME,SCAN_STRUCT> mapResultDosExtenders; 1028 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1029 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1030 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectors; 1031 QMap<RECORD_NAME,SCAN_STRUCT> mapResultPackers; 1032 QMap<RECORD_NAME,SCAN_STRUCT> mapResultSFX; 1033 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1034 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1035 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1036 1037 QList<SCAN_STRUCT> listRecursiveDetects; 1038 }; 1039 1040 struct ELFINFO_STRUCT 1041 { 1042 BASIC_INFO basic_info; 1043 QString sEntryPointSignature; 1044 1045 bool bIs64; 1046 bool bIsBigEndian; // TODO move to basic 1047 1048 QList<XELF::TAG_STRUCT> listTags; 1049 QList<QString> listLibraries; 1050 QList<QString> listComments; 1051 1052 QList<XELF_DEF::Elf_Shdr> listSectionHeaders; 1053 QList<XELF_DEF::Elf_Phdr> listProgramHeaders; 1054 QList<XELF::SECTION_RECORD> listSectionRecords; 1055 QList<XELF::NOTE> listNotes; 1056 1057 qint32 nCommentSection; 1058 qint32 nStringTableSection; 1059 QByteArray baStringTable; 1060 1061 XBinary::OFFSETSIZE osCommentSection; 1062 1063 QMap<RECORD_NAME,_SCANS_STRUCT> mapCommentSectionDetects; 1064 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1065 1066 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 1067 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1068 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1069 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1070 QMap<RECORD_NAME,SCAN_STRUCT> mapResultPackers; 1071 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectors; 1072 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1073 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1074 }; 1075 1076 struct LEINFO_STRUCT 1077 { 1078 BASIC_INFO basic_info; 1079 QString sEntryPointSignature; 1080 QString sOverlaySignature; 1081 qint64 nOverlayOffset; 1082 qint64 nOverlaySize; 1083 1084 QList<XMSDOS::MS_RICH_RECORD> listRichSignatures; 1085 1086 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1087 1088 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1089 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1090 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1091 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1092 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1093 1094 QList<SCAN_STRUCT> listRecursiveDetects; 1095 }; 1096 1097 struct NEINFO_STRUCT 1098 { 1099 BASIC_INFO basic_info; 1100 QString sEntryPointSignature; 1101 QString sOverlaySignature; 1102 qint64 nOverlayOffset; 1103 qint64 nOverlaySize; 1104 1105 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1106 1107 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1108 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1109 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1110 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1111 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1112 1113 QList<SCAN_STRUCT> listRecursiveDetects; 1114 }; 1115 1116 struct MACHOINFO_STRUCT 1117 { 1118 BASIC_INFO basic_info; 1119 QString sEntryPointSignature; 1120 bool bIs64; 1121 bool bIsBigEndian; 1122 QList<XMACH::COMMAND_RECORD> listCommandRecords; 1123 QList<XMACH::LIBRARY_RECORD> listLibraryRecords; 1124 QList<XMACH::SEGMENT_RECORD> listSegmentRecords; 1125 QList<XMACH::SECTION_RECORD> listSectionRecords; 1126 1127 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1128 1129 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 1130 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1131 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1132 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1133 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1134 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectors; 1135 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1136 }; 1137 1138 struct PEINFO_STRUCT 1139 { 1140 BASIC_INFO basic_info; 1141 qint64 nEntryPointOffset; 1142 QString sEntryPointSignature; 1143 QString sOverlaySignature; 1144 qint64 nOverlayOffset; 1145 qint64 nOverlaySize; 1146 XMSDOS_DEF::IMAGE_DOS_HEADEREX dosHeader; 1147 XPE_DEF::IMAGE_FILE_HEADER fileHeader; 1148 union OPTIONAL_HEADER 1149 { 1150 XPE_DEF::IMAGE_OPTIONAL_HEADER32 optionalHeader32; 1151 XPE_DEF::IMAGE_OPTIONAL_HEADER64 optionalHeader64; 1152 } optional_header; 1153 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSectionHeaders; 1154 QList<XPE::SECTION_RECORD> listSectionRecords; 1155 QList<QString> listSectionNames; 1156 QList<XPE::IMPORT_HEADER> listImports; 1157 quint64 nImportHash64; 1158 quint32 nImportHash32; 1159 QList<quint32> listImportPositionHashes; 1160 XPE::EXPORT_HEADER exportHeader; 1161 QList<QString> listExportFunctionNames; 1162 QList<XPE::RESOURCE_RECORD> listResources; 1163 QList<XMSDOS::MS_RICH_RECORD> listRichSignatures; 1164 QString sResourceManifest; 1165 XPE::RESOURCE_VERSION resVersion; 1166 XPE::CLI_INFO cliInfo; 1167 1168 QMap<RECORD_NAME,_SCANS_STRUCT> mapOverlayDetects; 1169 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointDetects; 1170 QMap<RECORD_NAME,_SCANS_STRUCT> mapImportDetects; 1171 QMap<RECORD_NAME,_SCANS_STRUCT> mapExportDetects; 1172 QMap<RECORD_NAME,_SCANS_STRUCT> mapDotAnsiStringsDetects; 1173 QMap<RECORD_NAME,_SCANS_STRUCT> mapDotUnicodeStringsDetects; 1174 QMap<RECORD_NAME,_SCANS_STRUCT> mapCodeSectionDetects; 1175 QMap<RECORD_NAME,_SCANS_STRUCT> mapEntryPointSectionDetects; 1176 QMap<RECORD_NAME,_SCANS_STRUCT> mapSectionNamesDetects; 1177 // QMap<RECORD_NAME,_SCANS_STRUCT> mapRichDetects; 1178 QMap<RECORD_NAME,_SCANS_STRUCT> mapResourcesDetects; 1179 1180 qint32 nEntryPointSection; 1181 qint32 nResourceSection; 1182 qint32 nImportSection; 1183 qint32 nCodeSection; 1184 qint32 nDataSection; 1185 qint32 nConstDataSection; 1186 qint32 nRelocsSection; 1187 qint32 nTLSSection; 1188 QString sEntryPointSectionName; 1189 qint64 nEntryPointAddress; 1190 qint64 nImageBaseAddress; 1191 quint8 nMinorLinkerVersion; 1192 quint8 nMajorLinkerVersion; 1193 quint16 nMinorImageVersion; 1194 quint16 nMajorImageVersion; 1195 bool bIs64; 1196 bool bIsNetPresent; 1197 bool bIsTLSPresent; 1198 1199 XBinary::OFFSETSIZE osHeader; 1200 XBinary::OFFSETSIZE osEntryPointSection; 1201 XBinary::OFFSETSIZE osCodeSection; 1202 XBinary::OFFSETSIZE osDataSection; 1203 XBinary::OFFSETSIZE osConstDataSection; 1204 XBinary::OFFSETSIZE osImportSection; 1205 XBinary::OFFSETSIZE osResourceSection; 1206 1207 QMap<RECORD_NAME,SCAN_STRUCT> mapResultOperationSystems; 1208 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLinkers; 1209 QMap<RECORD_NAME,SCAN_STRUCT> mapResultCompilers; 1210 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLibraries; 1211 QMap<RECORD_NAME,SCAN_STRUCT> mapResultTools; 1212 QMap<RECORD_NAME,SCAN_STRUCT> mapResultPETools; 1213 QMap<RECORD_NAME,SCAN_STRUCT> mapResultSigntools; 1214 QMap<RECORD_NAME,SCAN_STRUCT> mapResultProtectors; 1215 QMap<RECORD_NAME,SCAN_STRUCT> mapResultJoiners; 1216 QMap<RECORD_NAME,SCAN_STRUCT> mapResultPackers; 1217 QMap<RECORD_NAME,SCAN_STRUCT> mapResultInstallers; 1218 QMap<RECORD_NAME,SCAN_STRUCT> mapResultSFX; 1219 QMap<RECORD_NAME,SCAN_STRUCT> mapResultNETObfuscators; 1220 QMap<RECORD_NAME,SCAN_STRUCT> mapResultNETCompressors; 1221 QMap<RECORD_NAME,SCAN_STRUCT> mapResultDongleProtection; 1222 QMap<RECORD_NAME,SCAN_STRUCT> mapResultLanguages; 1223 1224 QList<SCAN_STRUCT> listRecursiveDetects; 1225 }; 1226 1227 struct SCAN_OPTIONS 1228 { 1229 // bool bEmulate; 1230 bool bRecursiveScan; 1231 bool bDeepScan; 1232 bool bHeuristicScan; 1233 bool bShowDetects; 1234 bool bResultAsXML; 1235 bool bResultAsJSON; 1236 bool bResultAsCSV; 1237 bool bResultAsTSV; 1238 bool bSubdirectories; 1239 bool bIsImage; 1240 bool bIsTest; 1241 XBinary::FT fileType; // Optional 1242 }; 1243 1244 struct UNPACK_OPTIONS 1245 { 1246 // PE/PE+ 1247 bool bCopyOverlay; // In 1248 }; 1249 1250 struct _BASICINFO 1251 { 1252 quint32 nVariant; 1253 const XBinary::FT fileType; 1254 const RECORD_TYPE type; 1255 const RECORD_NAME name; 1256 const char *pszVersion; 1257 const char *pszInfo; 1258 }; 1259 1260 struct SIGNATURE_RECORD 1261 { 1262 _BASICINFO basicInfo; 1263 const char *pszSignature; 1264 }; 1265 1266 struct STRING_RECORD 1267 { 1268 _BASICINFO basicInfo; 1269 const char *pszString; 1270 }; 1271 1272 struct PE_RESOURCES_RECORD 1273 { 1274 _BASICINFO basicInfo; 1275 bool bIsString1; 1276 const char *pszName1; 1277 quint32 nID1; 1278 bool bIsString2; 1279 const char *pszName2; 1280 quint32 nID2; 1281 }; 1282 1283 struct CONST_RECORD 1284 { 1285 _BASICINFO basicInfo; 1286 quint64 nConst1; 1287 quint64 nConst2; 1288 }; 1289 1290 struct MSRICH_RECORD 1291 { 1292 _BASICINFO basicInfo; 1293 quint16 nID; 1294 quint32 nBuild; 1295 }; 1296 1297 struct VCL_STRUCT 1298 { 1299 quint32 nValue; 1300 qint64 nOffset; 1301 bool bIs64; 1302 }; 1303 1304 struct VCL_PACKAGEINFO_MODULE 1305 { 1306 quint8 nFlags; 1307 quint8 nHashCode; 1308 QString sName; 1309 }; 1310 1311 struct VCL_PACKAGEINFO 1312 { 1313 quint32 nFlags; 1314 quint32 nUnknown; 1315 quint32 nRequiresCount; 1316 QList<VCL_PACKAGEINFO_MODULE> listModules; 1317 }; 1318 1319 struct VI_STRUCT 1320 { 1321 bool bIsValid; 1322 QString sVersion; 1323 QString sInfo; 1324 quint64 nValue; 1325 }; 1326 1327 explicit SpecAbstract(QObject *pParent=nullptr); 1328 1329 static void scan(QIODevice *pDevice,SpecAbstract::SCAN_RESULT *pScanResult,qint64 nOffset,qint64 nSize,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,bool bInit,bool *pbIsStop); 1330 1331 static QString append(QString sResult,QString sString); 1332 static QString recordFilePartIdToString(RECORD_FILEPART id); 1333 static QString recordTypeIdToString(RECORD_TYPE id); 1334 static QString recordNameIdToString(RECORD_NAME id); 1335 static QString heurTypeIdToString(DETECTTYPE id); 1336 1337 static SpecAbstract::UNPACK_OPTIONS getPossibleUnpackOptions(QIODevice *pDevice,bool bIsImage); // TODO Check 1338 1339 static QString _SCANS_STRUCT_toString(const _SCANS_STRUCT *pScanStruct); 1340 1341 static QString createResultString(const SCAN_STRUCT *pScanStruct); 1342 static QString createResultString2(const SCAN_STRUCT *pScanStruct); 1343 static QString createFullResultString(const SCAN_STRUCT *pScanStruct); 1344 static QString createFullResultString2(const SCAN_STRUCT *pScanStruct); 1345 static QString createTypeString(const SCAN_STRUCT *pScanStruct); 1346 static SCAN_STRUCT createHeaderScanStruct(const SCAN_STRUCT *pScanStruct); 1347 1348 static BINARYINFO_STRUCT getBinaryInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1349 static MSDOSINFO_STRUCT getMSDOSInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1350 static ELFINFO_STRUCT getELFInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1351 static MACHOINFO_STRUCT getMACHOInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1352 static LEINFO_STRUCT getLEInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1353 static NEINFO_STRUCT getNEInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1354 static PEINFO_STRUCT getPEInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1355 static DEXINFO_STRUCT getDEXInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1356 static ZIPINFO_STRUCT getZIPInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1357 static MACHOFATINFO_STRUCT getMACHOFATInfo(QIODevice *pDevice,SpecAbstract::ID parentId,SpecAbstract::SCAN_OPTIONS *pOptions,qint64 nOffset,bool *pbIsStop); 1358 1359 static _SCANS_STRUCT getScansStruct(quint32 nVariant,XBinary::FT fileType,RECORD_TYPE type,RECORD_NAME name,QString sVersion,QString sInfo,qint64 nOffset); 1360 1361 static void PE_handle_import(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); // TODO remove !!! 1362 static void PE_handle_OperationSystems(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1363 static void PE_handle_Protection(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo,bool *pbIsStop); 1364 static void PE_handle_VMProtect(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1365 static void PE_handle_VProtect(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); // TODO move to protection 1366 static void PE_handle_TTProtect(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); // TODO move to protection 1367 static void PE_handle_SafeengineShielden(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1368 static void PE_handle_tElock(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1369 static void PE_handle_Armadillo(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1370 static void PE_handle_Obsidium(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1371 static void PE_handle_Themida(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1372 static void PE_handle_StarForce(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1373 static void PE_handle_Petite(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1374 static void PE_handle_NETProtection(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1375 static void PE_handle_Microsoft(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo,bool *pbIsStop); 1376 static void PE_handle_Borland(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1377 static void PE_handle_Watcom(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1378 static void PE_handle_Tools(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1379 static void PE_handle_PETools(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1380 static void PE_handle_wxWidgets(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1381 static void PE_handle_GCC(QIODevice *pDevice,bool bIsImage,SpecAbstract::PEINFO_STRUCT *pPEInfo); 1382 static void PE_handle_Signtools(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1383 static void PE_handle_Installers(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1384 static void PE_handle_SFX(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1385 static void PE_handle_PolyMorph(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1386 static void PE_handle_DongleProtection(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1387 static void PE_handle_NeoLite(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1388 static void PE_handle_PrivateEXEProtector(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1389 1390 static void PE_handle_VisualBasicCryptors(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1391 static void PE_handle_DelphiCryptors(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1392 1393 static void PE_handle_Joiners(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1394 1395 static bool PE_isProtectionPresent(PEINFO_STRUCT *pPEInfo); 1396 static void PE_handle_UnknownProtection(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1397 1398 static void PE_handle_FixDetects(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1399 1400 static void PE_handleLanguages(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1401 1402 static void PE_handle_Recursive(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo,SpecAbstract::SCAN_OPTIONS *pOptions,bool *pbIsStop); 1403 1404 static void Binary_handle_Texts(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1405 static void Binary_handle_COM(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1406 static void Binary_handle_Archives(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1407 static void Binary_handle_Certificates(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1408 static void Binary_handle_DebugData(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1409 static void Binary_handle_Formats(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1410 static void Binary_handle_Databases(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1411 static void Binary_handle_Images(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1412 static void Binary_handle_InstallerData(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1413 static void Binary_handle_SFXData(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1414 static void Binary_handle_ProtectorData(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1415 static void Binary_handle_LibraryData(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1416 1417 static void Binary_handle_FixDetects(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1418 static void Binary_handleLanguages(QIODevice *pDevice,bool bIsImage,BINARYINFO_STRUCT *pBinaryInfo); 1419 1420 static void MSDOS_handle_OperationSystems(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1421 static void MSDOS_handle_Tools(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1422 static void MSDOS_handle_Borland(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1423 static void MSDOS_handle_Protection(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1424 static void MSDOS_handle_SFX(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1425 static void MSDOS_handle_DosExtenders(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1426 1427 static void MSDOS_handleLanguages(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo); 1428 1429 static void MSDOS_handle_Recursive(QIODevice *pDevice,bool bIsImage,MSDOSINFO_STRUCT *pMSDOSInfo,SpecAbstract::SCAN_OPTIONS *pOptions,bool *pbIsStop); 1430 1431 static void ELF_handle_OperationSystems(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1432 static void ELF_handle_CommentSection(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1433 static void ELF_handle_Tools(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1434 static void ELF_handle_GCC(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1435 static void ELF_handle_Protection(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1436 static void ELF_handle_UnknownProtection(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1437 1438 static void ELF_handle_FixDetects(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1439 static void ELF_handleLanguages(QIODevice *pDevice,bool bIsImage,ELFINFO_STRUCT *pELFInfo); 1440 1441 static void MACHO_handle_Tools(QIODevice *pDevice,bool bIsImage,MACHOINFO_STRUCT *pMACHInfo); 1442 static void MACHO_handle_Protection(QIODevice *pDevice,bool bIsImage,MACHOINFO_STRUCT *pMACHInfo); 1443 static void MACHO_handle_FixDetects(QIODevice *pDevice,bool bIsImage,MACHOINFO_STRUCT *pMACHInfo); 1444 1445 static void MACHO_handleLanguages(QIODevice *pDevice,bool bIsImage,MACHOINFO_STRUCT *pMACHInfo); 1446 1447 static void LE_handle_Microsoft(QIODevice *pDevice,bool bIsImage,LEINFO_STRUCT *pLEInfo,bool *pbIsStop); 1448 static void LE_handle_Borland(QIODevice *pDevice,bool bIsImage,LEINFO_STRUCT *pLEInfo); 1449 1450 static void LE_handleLanguages(QIODevice *pDevice,bool bIsImage,LEINFO_STRUCT *pLEInfo); 1451 1452 static void NE_handle_Borland(QIODevice *pDevice,bool bIsImage,NEINFO_STRUCT *pNEInfo); 1453 1454 static void NE_handleLanguages(QIODevice *pDevice,bool bIsImage,NEINFO_STRUCT *pNEInfo); 1455 1456 static void DEX_handle_Tools(QIODevice *pDevice,DEXINFO_STRUCT *pDEXInfo,bool *pbIsStop); 1457 static void DEX_handle_Dexguard(QIODevice *pDevice,DEXINFO_STRUCT *pDEXInfo,bool *pbIsStop); 1458 static void DEX_handle_Protection(QIODevice *pDevice,DEXINFO_STRUCT *pDEXInfo,bool *pbIsStop); 1459 1460 static void DEX_handleLanguages(QIODevice *pDevice,DEXINFO_STRUCT *pDEXInfo); 1461 1462 static void Zip_handle_Microsoftoffice(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1463 static void Zip_handle_OpenOffice(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1464 static void Zip_handle_Metainfos(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1465 static void Zip_handle_JAR(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo,SpecAbstract::SCAN_OPTIONS *pOptions,bool *pbIsStop); 1466 static void Zip_handle_APK(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1467 static void Zip_handle_IPA(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1468 static void Zip_handle_Recursive(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo,SpecAbstract::SCAN_OPTIONS *pOptions,bool *pbIsStop); 1469 static void Zip_handle_FixDetects(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1470 static void Zip_handleLanguages(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo); 1471 1472 static DEXINFO_STRUCT Zip_scan_DEX(QIODevice *pDevice,bool bIsImage,ZIPINFO_STRUCT *pZipInfo,SpecAbstract::SCAN_OPTIONS *pOptions,bool *pbIsStop,QString sFileName); 1473 1474 static void updateVersion(QMap<RECORD_NAME,SCAN_STRUCT> *pMap,RECORD_NAME name,QString sVersion); 1475 static void updateInfo(QMap<RECORD_NAME,SCAN_STRUCT> *pMap,RECORD_NAME name,QString sInfo); 1476 static void updateVersionAndInfo(QMap<RECORD_NAME,SCAN_STRUCT> *pMap,RECORD_NAME name,QString sVersion,QString sInfo); 1477 1478 static bool isScanStructPresent(QList<SpecAbstract::SCAN_STRUCT> *pListScanStructs,XBinary::FT fileType,RECORD_TYPE type=RECORD_TYPE_UNKNOWN,RECORD_NAME name=RECORD_NAME_UNKNOWN,QString sVersion="",QString sInfo=""); 1479 1480 static bool checkVersionString(QString sVersion); 1481 static VI_STRUCT get_UPX_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize,XBinary::FT fileType); 1482 static VI_STRUCT _get_UPX_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize,XBinary::FT fileType); 1483 static VI_STRUCT get_GCC_vi1(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); // TODO Check 1484 static VI_STRUCT get_GCC_vi2(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1485 static VI_STRUCT get_Nim_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1486 static VI_STRUCT get_Zig_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1487 static VI_STRUCT get_PyInstaller_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1488 static VI_STRUCT _get_GCC_string(QString sString); 1489 static VI_STRUCT get_WindowsInstaller_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1490 static VI_STRUCT get_gold_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1491 static VI_STRUCT get_TurboLinker_vi(QIODevice *pDevice,bool bIsImage); 1492 static VI_STRUCT get_Enigma_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1493 static VI_STRUCT get_DeepSea_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1494 static VI_STRUCT get_SmartAssembly_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1495 static VI_STRUCT get_R8_marker_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1496 static VI_STRUCT get_Go_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1497 static VI_STRUCT get_Rust_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1498 static VI_STRUCT get_ObfuscatorLLVM_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1499 static VI_STRUCT _get_ObfuscatorLLVM_string(QString sString); 1500 static VI_STRUCT get_AndroidClang_vi(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize); 1501 static VI_STRUCT _get_AndroidClang_string(QString sString); 1502 static VI_STRUCT _get_PlexClang_string(QString sString); 1503 static VI_STRUCT _get_UbuntuClang_string(QString sString); 1504 static VI_STRUCT _get_AlipayObfuscator_string(QString sString); 1505 static VI_STRUCT _get_wangzehuaLLVM_string(QString sString); 1506 static VI_STRUCT _get_ByteGuard_string(QString sString); 1507 static VI_STRUCT _get_TencentObfuscation_string(QString sString); 1508 static VI_STRUCT _get_AppImage_string(QString sString); 1509 static VI_STRUCT _get_HikariObfuscator_string(QString sString); 1510 static VI_STRUCT _get_SnapProtect_string(QString sString); 1511 static VI_STRUCT _get_ByteDanceSecCompiler_string(QString sString); 1512 static VI_STRUCT _get_DingbaozengNativeObfuscator_string(QString sString); 1513 static VI_STRUCT _get_SafeengineLLVM_string(QString sString); 1514 static VI_STRUCT _get_NagainLLVM_string(QString sString); 1515 static VI_STRUCT _get_iJiami_string(QString sString); 1516 static VI_STRUCT _get_AppleLLVM_string(QString sString); 1517 static VI_STRUCT _get_ApportableClang_string(QString sString); 1518 static VI_STRUCT _get_ARMAssembler_string(QString sString); 1519 static VI_STRUCT _get_ARMLinker_string(QString sString); 1520 static VI_STRUCT _get_ARMC_string(QString sString); 1521 static VI_STRUCT _get_ARMCCPP_string(QString sString); 1522 static VI_STRUCT _get_ARMNEONCCPP_string(QString sString); 1523 static VI_STRUCT _get_ARMThumbCCPP_string(QString sString); 1524 static VI_STRUCT _get_ARMThumbMacroAssembler_string(QString sString); 1525 static VI_STRUCT _get_ThumbC_string(QString sString); 1526 static VI_STRUCT _get_clang_string(QString sString); 1527 static VI_STRUCT _get_DynASM_string(QString sString); 1528 static VI_STRUCT _get_Delphi_string(QString sString); 1529 static VI_STRUCT _get_LLD_string(QString sString); 1530 static VI_STRUCT _get_OracleSolarisLinkEditors_string(QString sString); 1531 static VI_STRUCT _get_SunWorkShop_string(QString sString); 1532 static VI_STRUCT _get_SnapdragonLLVMARM_string(QString sString); 1533 static VI_STRUCT _get_NASM_string(QString sString); 1534 static VI_STRUCT _get_TencentLegu_string(QString sString); 1535 static VI_STRUCT _get_OllvmTll_string(QString sString); 1536 static VI_STRUCT _get_DelphiVersionFromCompiler(QString sString); 1537 static VI_STRUCT _get_SourceryCodeBench_string(QString sString); 1538 1539 static bool PE_isValid_UPX(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1540 static void PE_x86Emul(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1541 1542 static VI_STRUCT PE_get_PECompact_vi(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo); 1543 1544 static QList<VCL_STRUCT> PE_getVCLstruct(QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize,bool bIs64); 1545 static VCL_PACKAGEINFO PE_getVCLPackageInfo(QIODevice *pDevice,bool bIsImage,QList<XPE::RESOURCE_RECORD> *pListResources); 1546 static SpecAbstract::_SCANS_STRUCT PE_getRichSignatureDescription(QIODevice *pDevice,bool bIsImage,PEINFO_STRUCT *pPEInfo,quint32 nRichID); 1547 1548 static SCAN_STRUCT scansToScan(BASIC_INFO *pBasicInfo,_SCANS_STRUCT *pScansStruct); 1549 1550 static QByteArray _BasicPEInfoToArray(BASIC_PE_INFO *pInfo); 1551 static BASIC_PE_INFO _ArrayToBasicPEInfo(const QByteArray *pbaArray); 1552 1553 static void memoryScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QIODevice *pDevice,bool bIsImage,qint64 nOffset,qint64 nSize,SpecAbstract::SIGNATURE_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1554 static void signatureScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QString sSignature,SIGNATURE_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1555 static void PE_resourcesScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QList<XPE::RESOURCE_RECORD> *pListResources,PE_RESOURCES_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1556 static void stringScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QList<QString> *pListStrings,STRING_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1557 static void constScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,quint64 nCost1,quint64 nCost2,CONST_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1558 static void MSDOS_richScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,quint16 nID,quint32 nBuild,MSRICH_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1559 1560 static void archiveScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QList<XArchive::RECORD> *pListArchiveRecords,STRING_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1561 static void archiveExpScan(QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,QList<XArchive::RECORD> *pListArchiveRecords,STRING_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1562 1563 static void signatureExpScan(XBinary *pXBinary,XBinary::_MEMORY_MAP *pMemoryMap,QMap<RECORD_NAME,_SCANS_STRUCT> *pMapRecords,qint64 nOffset,SIGNATURE_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1564 1565 static QList<_SCANS_STRUCT> MSDOS_richScan(quint16 nID,quint32 nBuild,MSRICH_RECORD *pRecords,int nRecordsSize,XBinary::FT fileType1,XBinary::FT fileType2,BASIC_INFO *pBasicInfo,DETECTTYPE detectType,bool *pbIsStop); 1566 1567 static QByteArray serializeScanStruct(SCAN_STRUCT scanStruct,bool bIsHeader=false); 1568 static SCAN_STRUCT deserializeScanStruct(QByteArray baData,bool *pbIsHeader=nullptr); 1569 1570 static QString getAndroidVersionFromApi(quint32 nAPI); 1571 1572 static void getLanguage(QMap<RECORD_NAME,SCAN_STRUCT> *pMapDetects,QMap<RECORD_NAME,SCAN_STRUCT> *pMapLanguages); 1573 static void fixLanguage(QMap<RECORD_NAME,SCAN_STRUCT> *pMapLanguages); 1574 1575 private: 1576 static bool PE_compareRichRecord(_SCANS_STRUCT *pResult,MSRICH_RECORD *pRecord,quint16 nID,quint32 nBuild,XBinary::FT fileType1,XBinary::FT fileType2); 1577 static void filterResult(QList<SCAN_STRUCT> *pListRecords,QSet<RECORD_TYPE> stRecordTypes); 1578 1579 protected: 1580 void _errorMessage(QString sErrorMessage); 1581 void _infoMessage(QString sInfoMessage); 1582 1583 signals: 1584 void errorMessage(QString sErrorMessage); 1585 void infoMessage(QString sInfoMessage); 1586 }; 1587 1588 #endif // SPECABSTRACT_H 1589